BitDefender Antivirus
Contact Us | My BitDefender

JS.Trojan.Coolsites.A

( JS/Coolsites.A@mm )
Spreading: low
Damage: very low
Size: 1740 bytes
Discovered: 2001 Dec 19

SYMPTOMS:

- the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
has the value: http:/ /balder.prohosting.com/~mic124/sex.htm

TECHNICAL DESCRIPTION:

It writes in the registry, in the key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
the value: http:/ /balder.prohosting.com/~mic124/sex.htm in order to load that web page when starting Internet Explorer.

For all the contacts from address book, it sends mail, with the subject:
Hi!!
and the body
Hi. I found cool site! http://celebxx.cjb.net It's really cool!.

Removal instructions:

1. Make sure that you have the latest updates using BitDefender Live!;

2. Perform a full scan of your system (selecting, from the Action tab, the option "Prompt
user for action"). Choose to delete all the files infected with JS.Trojan.Coolsites.A

3. Reset your Internet Explorer Start page. This will automatically overwtite the registry key created by JS.Trojan.Coolsites

ANALYZED BY:

Mihaela Stoian BitDefender Virus Researcher
©   2009 BITDEFENDER SiteMap | Legal Terms | Site Feedback | Global Sites | Privacy Policy