For Home

Virus Profile: JS/IEstart.gen

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Medium | Corporate Low
Date Discovered: 3/23/2001
Date Added: 4/10/2001
Origin: Unknown
Length: Varies
Type: Trojan
Subtype: VbScript
DAT Required: 4131
Removal Instructions
   
 
 
   

Description

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Indication of Infection

Unfamiliar and altered default start page when loading Internet Explorer.

Methods of Infection

This trojan exists as script code contained in an .ASP, .HTM, .HTML, .VBS, .VBE, or .HTA file.

Aliases

FunChina, JS/IEStart.gen.c, JS/IEStart.gen.d, VBS.Passon (CA), VBS.PassOn (NAV), VBS/IEstart.gen
   

Virus Characteristics

This script trojan simply alters the default start up page that Internet Explorer uses by altering the following registry key:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
As this is a generic detection, it covers many different versions. Specific details can not be listed as they can vary from sample to sample. The trojan may create and run an .HTA application or .REG file.
   
Use specified engine and DAT files for detection and removal.

- Delete detected files
- Restore desired Internet Explorer Start and Search pages
- Install the Microsoft virtual machine vulnerability patch .

All Users :
Use current engine and DAT files for detection. Replace files not cleaned with backup copies.

Additional Windows ME/XP removal considerations