Categories: Trojan,Adware,BHO,Backdoor,Hijacker,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan. The BHO waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker. The method of network transport used by the attacker makes this Trojan unique. Typically, keyloggers of this type will send the stolen information back to the attacker via email or HTTP POST, which can appear suspicious. Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet." explained the company.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.
Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.
Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:
- Launching/ deleting files
- Sending/ receiving files
- Deleting data
- Displaying notification
- Rebooting the machine
- Executing files
Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hijackers are software programs that modify users' default browser home page, search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, or user consent.
When the default home page is hijacked, the browser opens to the web page set by the hijacker instead of the user's designated home page. In some cases, the hijacker may block users from restoring their desired home page.
A search hijacker redirects search results to other pages and may transmit search and browsing data to unknown servers. An error page hijacker directs the browser to another page, usually an advertising page, instead of the usual error page when the requested URL is not found.
A desktop hijacker replaces the desktop wallpaper with advertising for products and services on the desktop.
Hijackers take control of various parts of your web browser, including your home page, search pages, and search bar. They may also redirect you to certain sites should you mistype an address or prevent you from going to a website they would rather you not, such as sites that combat malware. Some will even redirect you to their own search engine when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
[Kaspersky]Trojan.VBS.StartPage.e,Trojan.VBS.StartPage.ax;
[Eset]VBS/StartPage.U.gen trojan;
[Panda]Trj/StartPage.AH,Trojan Horse;
[Computer Associates]VBS.Startpage.BZ,VBS/IEStart!Worm,VBS/Startpage!Trojan,VBS.Startpage.AP;
[Other]VBS/Startpage.UI,VBS/Startpage.UJ
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe
How to detect VBS.Startpage:
Files:
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe
Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
Removing VBS.Startpage:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
soft.stop Trojan Cleaner
TrojanDownloader.Win32.Small.fi Trojan Information
Chimo Backdoor Symptoms
Remove BullsEye.Network Adware
Win32.Qoologic Trojan Information
No comments:
Post a Comment