JS.Trojan.Coolsites.A( JS/Coolsites.A@mm )
SYMPTOMS: - the registry key:HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page has the value: http:/ /balder.prohosting.com/~mic124/sex.htm TECHNICAL DESCRIPTION: It writes in the registry, in the key:HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page the value: http:/ /balder.prohosting.com/~mic124/sex.htm in order to load that web page when starting Internet Explorer. For all the contacts from address book, it sends mail, with the subject: Hi!! and the body Hi. I found cool site! http://celebxx.cjb.net It\'s really cool!. Removal instructions: 1. Make sure that you have the latest updates using BitDefender Live!;2. Perform a full scan of your system (selecting, from the Action tab, the option \"Prompt user for action\"). Choose to delete all the files infected with JS.Trojan.Coolsites.A 3. Reset your Internet Explorer Start page. This will automatically overwtite the registry key created by JS.Trojan.Coolsites ANALYZED BY: Mihaela StoianBitDefender Virus Researcher |