My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

JS.Trojan.Coolsites.A

LOW
VERY LOW
1740 bytes
(JS/Coolsites.A@mm)

Symptoms

- the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
has the value: http:/ /balder.prohosting.com/~mic124/sex.htm

Removal instructions:

1. Make sure that you have the latest updates using BitDefender Live!;

2. Perform a full scan of your system (selecting, from the Action tab, the option "Prompt
user for action"). Choose to delete all the files infected with JS.Trojan.Coolsites.A

3. Reset your Internet Explorer Start page. This will automatically overwtite the registry key created by JS.Trojan.Coolsites

Analyzed By

Mihaela Stoian BitDefender Virus Researcher

Technical Description:

It writes in the registry, in the key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
the value: http:/ /balder.prohosting.com/~mic124/sex.htm in order to load that web page when starting Internet Explorer.

For all the contacts from address book, it sends mail, with the subject:
Hi!!
and the body
Hi. I found cool site! http://celebxx.cjb.net It's really cool!.