Resolve for Startpa description
A tool that removes Startpa trojan
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed.
Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
Troj/StartPa-I attempts to modify several Microsoft Internet Explorer values.
Troj/StartPa-I drops a DLL component to the System folder as ctrlpan.dll (also detected as Troj/StartPa-I) and adds the following registry entry in order to run this component on system restart:
HKLMSoftwareMicrosoftWindows NTCurrentVersion
WindowsAppInit_DLLs = “ctrlpan.dll”
Troj/StartPa-I sets the following registry entries relating to Internet Explorer to http://aifind.info/:
HKCUSoftwareMicrosoftInternet ExplorerSearchURL HKCUSoftwareMicrosoftInternet ExplorerMainSearch Page HKCUSoftwareMicrosoftInternet ExplorerMainStart Page HKCUSoftwareMicrosoftInternet ExplorerMainSearch Bar HKLMSoftwareMicrosoftInternet ExplorerSearch
Troj/StartPa-I creates or overwrites C:\driversetchosts, which has the following entries:
127.0.0.1 localhost
205.177.124.66 auto.search.msn.com
Troj/StartPa-I creates an HTML stylesheet in C:hh.htt and creates associated registry entries in
HKLMSoftwareMicrosoftInternet ExplorerStylesUser Stylesheet and
HKLMSoftwareMicrosoftInternet ExplorerStylesUse My Stylesheet.
The URL files will have links to porn-related websites.
Troj/Startpa-Z is a simple Trojan that makes changes to Internet Explorer settings via the registry.
Troj/Startpa-Z changes the default start page of Internet Explorer to the URL http://aifind.info/ and will add a list of URLs containg adult content to the favourites folder. The Trojan will also change the following registry entries:
HKCUSoftwareMicrosoftInternet ExplorerStyles
Use My Stylesheet = 1
HKCUSoftwareMicrosoftInternet ExplorerStyles
User Stylesheet = hh.htt
HKLMSoftwareMicrosoftInternet ExplorerStyles
Use My Stylesheet = 1
HKLMSoftwareMicrosoftInternet ExplorerStyles
User Stylesheet = hh.htt
The stylesheet file hh.htt is detected by Sophos Anti-Virus as Troj/Startpa-BG.
Troj/Startpa can be removed from Windows computers automatically with the following Resolve tools:
Windows disinfector
STRTPGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
· Open STRTPGUI.com file from your desktop after downloading it.
· Click on the Start Scan Button.
· Wait for the process to complete.
Command line disinfector
STRTPSFX.EXE is a self-extracting archive containing STRTPCLI, a Resolve command line disinfector for use by system administrators on Windows networks.
See Demo – Download – Visit Author Site
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!