Trojan.NSIS.StartPage.af
Trojan.NSIS.StartPage.af is a dangerous Trojan program. Trojan.NSIS.StartPage.af spreads via unsolicited e-mails and file sharing networks. Once Trojan.NSIS.StartPage.af has entered a system, it will conduct all types of malicious activities including downloading harmful files onto the infected PC. Trojan.NSIS.StartPage.af is a computer threat that should be removed promptly after detection.
File System Details
Trojan.NSIS.StartPage.af may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Temp%\SeFastInstall2_3218.exe | |
| 2. | %Temp%\installer.exe | |
| 3. | %Windir%\taobao.ico | |
| 4. | %Temp%\_356.tmp | |
| 5. | %Temp%\version.ini |
Registry Details
Trojan.NSIS.StartPage.af may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF2B9DCD-E16C-4CCE-8D71-2745C0E8B2F8}\Shell\Internet Explorer\Command]
(Default) = "{EF2B9DCD-E16C-4CCE-8D71-2745C0E8B2F8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF2B9DCD-E16C-4CCE-8D71-2745C0E8B2F8}\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9F1D17A-3577-471D-97AB-BEA6B2845882}\Shell\Internet Explorer\Command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9F1D17A-3577-471D-97AB-BEA6B2845882}\ShellFolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9F1D17A-3577-471D-97AB-BEA6B2845882}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{EF2B9DCD-E16C-4CCE-8D71-2745C0E8B2F8}]
(Default) = "%ProgramFiles%\Internet Explorer\iexplore.exe http://www.pp2345.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF2B9DCD-E16C-4CCE-8D71-2745C0E8B2F8}\TypeLib]
Attributes = 0x00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF2B9DCD-E16C-4CCE-8D71-2745C0E8B2F8}]
(Default) = "{F9F1D17A-3577-471D-97AB-BEA6B2845882}"
(Default) = "%System%\SHELL32.DLL,220"
InfoTip = "Internet Explorer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F9F1D17A-3577-471D-97AB-BEA6B2845882}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Comman]
(Default) = "%ProgramFiles%\Internet Explorer\iexplore.exe http://www.05zw.com/taobao/taobao.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF2B9DCD-E16C-4CCE-8D71-2745C0E8B2F8}\ShellFolder]
(Default) = "%Windir%\taobao.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9F1D17A-3577-471D-97AB-BEA6B2845882}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9F1D17A-3577-471D-97AB-BEA6B2845882}\DefaultIcon]
(Default) = "Internet Explorer"
InfoText = "My Places"
