Content

JS/IEstart.gen

Type
Trojan
SubType
VbScript
Discovery Date
03/23/2001
Length
Varies
Minimum DAT
4131 (03/28/2001)
Updated DAT
4711 (03/06/2006)
Minimum Engine
5.1.00
Description Added
04/10/2001
Description Modified
01/21/2004 10:37 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Medium

Tab Navigation

Characteristics

This script trojan simply alters the default start up page that Internet Explorer uses by altering the following registry key:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
As this is a generic detection, it covers many different versions. Specific details can not be listed as they can vary from sample to sample. The trojan may create and run an .HTA application or .REG file.

Symptoms

Unfamiliar and altered default start page when loading Internet Explorer.

Method of Infection

This trojan exists as script code contained in an .ASP, .HTM, .HTML, .VBS, .VBE, or .HTA file.

Removal

Use specified engine and DAT files for detection and removal.

- Delete detected files
- Restore desired Internet Explorer Start and Search pages
- Install the Microsoft virtual machine vulnerability patch .

All Users :
Use current engine and DAT files for detection. Replace files not cleaned with backup copies.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

  • FunChina
  • JS/IEStart.gen.c
  • JS/IEStart.gen.d
  • VBS.Passon (CA)
  • VBS.PassOn (NAV)
  • VBS/IEstart.gen

Characteristics

Characteristics -

This script trojan simply alters the default start up page that Internet Explorer uses by altering the following registry key:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
As this is a generic detection, it covers many different versions. Specific details can not be listed as they can vary from sample to sample. The trojan may create and run an .HTA application or .REG file.

Symptoms

Symptoms -

Unfamiliar and altered default start page when loading Internet Explorer.

Method of Infection

Method of Infection -

This trojan exists as script code contained in an .ASP, .HTM, .HTML, .VBS, .VBE, or .HTA file.

Removal -

Removal -

Use specified engine and DAT files for detection and removal.

- Delete detected files
- Restore desired Internet Explorer Start and Search pages
- Install the Microsoft virtual machine vulnerability patch .

All Users :
Use current engine and DAT files for detection. Replace files not cleaned with backup copies.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A