sp.html spyware homepage high jacker Severity HIGH
From: Don (arcadeguy_at_hotmail.com)
Date: 07/04/04
- Next message: RA: "Re: U.S. Steers Consumers Away From IE"
- Previous message: t.cruise: "Re: windowns truoble"
- Next in thread: Ross Durie: "Re: sp.html spyware homepage high jacker Severity HIGH"
- Reply: Ross Durie: "Re: sp.html spyware homepage high jacker Severity HIGH"
- Messages sorted by: [ date ] [ thread ]
Date: 3 Jul 2004 17:29:09 -0700
if anyone gets this dam about.hml page with the popup about your IP
address your a victim.
I have been tracing this thing down in the registry and the winnt
folder
very hard to find
very reproductive.
files it created:
ideb.dll
sp.html
and many others
#######################
its a virus:
http://www.pandasoftware.com/virus_info/encyclopedia/ficha.aspx?iddeteccion=105595
Infection strategy
StartPage.FH is a DLL (Dynamic Link Library) that is registered with
the browser Internet Explorer. This DLL changes the browser's home
page.
StartPage.FH creates the file SP.HTML in the Windows temporary
directory. This file contains the web site displayed when the Internet
Explorer is launched.
StartPage.FH creates the entries in the Windows Registry, among
others:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Internet Explorer\ Main
Search Page = %tempdir%\ sp.html
where %tempdir% is the Windows temporary directory.
HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Main
Start Page = about:blank
Means of transmission
StartPage.FH does not spread automatically using its own means. It
needs the attacking user's intervention in order to reach the affected
computer. The means of transmission used include, among others, floppy
disks, CD-ROMs, e-mail messages with attached files, Internet
downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing
networks, etc.
Further Details
StartPage.FH is 30,720 bytes in size and it is compressed.
###################
the fix:
Is my computer infected by StartPage.FH?
In order to make absolutely sure that StartPage.FH has not affected
your computer, you have the following options:
Carry out a full scan of your computer using Panda Antivirus, after
checking that it is updated. If it isn't and you are a registered
Panda Software client, update it by clicking here.
Check the computer with Panda ActiveScan, Panda Software's free,
online scanner, which will quickly detect any possible viruses.
How to remove StartPage.FH?
If Panda Antivirus or Panda ActiveScan detects StartPage.FH during the
scan, it will automatically offer you the option of deleting it. Do
this by following the program's instructions.
Additional notes:
If your computer has Windows Millenium installed, click here to
permanently remove all trace of the virus.
If your computer has Windows XP installed, click here to permanently
remove all trace of the virus.
How can I protect my computer from StartPage.FH?
In order to keep your computer protected, bear the following tips in
mind:
Install a good antivirus in your computer. Click here to get the Panda
antivirus solution that best suits your needs.
Keep your antivirus updated. If automatic updates are available,
configure your antivirus to use them.
Keep your permanent antivirus protection enabled at all times.
For more detailed information about how to protect your computer
against viruses and other threats, click here.
##########################
I cant wait for the next SP fix so IE wont have holes like this again.
cheers
- Next message: RA: "Re: U.S. Steers Consumers Away From IE"
- Previous message: t.cruise: "Re: windowns truoble"
- Next in thread: Ross Durie: "Re: sp.html spyware homepage high jacker Severity HIGH"
- Reply: Ross Durie: "Re: sp.html spyware homepage high jacker Severity HIGH"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
