Free spyware removal and spyware protection
Unfortunately, defeating spyware is harder than evading conventional viruses.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
Trojan.Win32.StartPage.jo
Wednesday, November 28, 2007
Aliases
Trojan.Win32.StartPage.jo (Kaspersky Lab) is also known as: StartPage-AI.gen (McAfee), Trojan.StartPage (Symantec), Trojan.StartPage.350 (Doctor Web), Trojan:Win32/StartPage.EZ (RAV), TROJ_STARTPAG.JO (Trend Micro), TR/OLCheck.2 (H+BEDV), Win32:Trojan-gen. (ALWIL), Startpage.6.AR (Grisoft), Trojan.StartPage.EZ (SOFTWIN), Trojan.Startpage.gen-11 (ClamAV), Trj/StartPage.HE (Panda), Win32/StartPage.JO (Eset)
Description added Nov 23 2007
Behavior Trojan
Technical details
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11776 bytes in size. It is packed using UPX. The unpacked file is approximately 48KB in size. It is written in Delphi.
Payload
Once launched, the Trojan will:
1. modify the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
These changes modify the configuration of Internet Explorer.
2. create the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
This will cause "%WinDir%\ziphelp.exe" to be launched each time the system is started, assuming that such a file is present on the victim machine
3. create the following shortcuts in the current user's Favorites folder:
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
The Trojan then ceases running.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the Trojan process.
2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3. Revert the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
4. Delete the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
5. Delete all shortcuts created by the Trojan.
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
Trojan.Win32.StartPage.jo (Kaspersky Lab) is also known as: StartPage-AI.gen (McAfee), Trojan.StartPage (Symantec), Trojan.StartPage.350 (Doctor Web), Trojan:Win32/StartPage.EZ (RAV), TROJ_STARTPAG.JO (Trend Micro), TR/OLCheck.2 (H+BEDV), Win32:Trojan-gen. (ALWIL), Startpage.6.AR (Grisoft), Trojan.StartPage.EZ (SOFTWIN), Trojan.Startpage.gen-11 (ClamAV), Trj/StartPage.HE (Panda), Win32/StartPage.JO (Eset)
Description added Nov 23 2007
Behavior Trojan
Technical details
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11776 bytes in size. It is packed using UPX. The unpacked file is approximately 48KB in size. It is written in Delphi.
Payload
Once launched, the Trojan will:
1. modify the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
These changes modify the configuration of Internet Explorer.
2. create the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
This will cause "%WinDir%\ziphelp.exe" to be launched each time the system is started, assuming that such a file is present on the victim machine
3. create the following shortcuts in the current user's Favorites folder:
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
The Trojan then ceases running.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the Trojan process.
2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3. Revert the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
4. Delete the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
5. Delete all shortcuts created by the Trojan.
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
