Win-Trojan/Starman.Gen
Win-Trojan/Starman.Gen is a nasty computer trojan that will make the effort copy itself across an existing network. Win-Trojan/Starman.Gen replicates and runs surreptitiously without a user's authorization or knowledge. Win-Trojan/Starman.Gen can create email messages with malicious attachments often including downloads of itself. Win-Trojan/Starman.Gen opens up a backdoor to enable a remote criminal gain access to the computer. Win-Trojan/Starman.Gen starts up automatically at every time Windows starts. Win-Trojan/Starman.Gen attracts users with messages offering that the recipient should open the attachment to see something important or interesting.
File System Details
Win-Trojan/Starman.Gen may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %ProgramFiles%\Common Files\System\ado\tsektjkj.exe | |
2. | %Windir \pchealth\helpctr\System\rc\qbrblthb.exe | |
3. | %Windir%\pchealth\helpctr\System\Remote Assistance\rzqstvqq.exe | |
4. | %ProgramFiles%\NetMeeting\rsewzjqn.exe | |
5. | %Windir \pchealth\helpctr\System\CompatCtr\hrtbebze.exe | |
6. | %Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\vxwqhwzs.exe | |
7. | c:\tvsknrse.exe | |
8. | %Windir%\pchealth\helpctr\System\ErrMsg\vlvxqrek.exe | |
9. | %Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\vsekkehe.exe |
Registry Details
Win-Trojan/Starman.Gen may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}\LocalServer32
(Default) = "%Windir%\Web\wcxnjhhj.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}
(Default) = "hblhrsekjwjbzjnt"
(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\qkezbwtr.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}\LocalServer32
(Default) =
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}\LocalServer32]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
(Default) = "hbqxlnlrejneqrez"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.