My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Startpage.AABI

VERY LOW
VERY LOW
varies

Symptoms

The browser start page is hijacked to laban.vn. The presence of a Registry value in the HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run that points to the malicious application.

Removal instructions:

Please let Bitdefender disinfect your computer

Analyzed By

Bogdan BOTEZATU

Technical Description:

The computer user is shown an advertisement in the Yahoo Messenger chat window. If clicked, the user is prompted to download and execute a setup file that contains the payload. When executed, the file copies itself to %APPDATA%\\laban.exe and sets itself to run at every system boot. When running, it monitors to see whether the laban.vn page is set as default for every browser installed on the PC and, if it has been changed, it restores it back to laban.vn.