Home Malware Programs Browser Hijackers Doublestartpage.com

Doublestartpage.com

Posted: September 4, 2008

Doublestartpage.com is a dangerous browser hijacker which usually creeps onto the system via a Zlob Trojan. Once executed, it will redirect your home page to doublestartpage.com where it will display a fake warning message claiming that W32.Myzor.fk@yf has hijacked and infected your machine. Then it offers you to purchase one of rogue anti-spyware applications, such as XP Antivirus, Antivirus 2008, Antivirus 2009 and so on.

If you are hijacked by the Doublestartpage.com, it means that you are infected with Zlob Trojan, and this places any financial or banking information stored on your computer in jeopardy and represents a serious security risk.

To restore the original default homepage, open IE > go to Tools > Internet Options > Type the URL address of your desired website > Click "Use Current" > click "OK". But restoring your hompepage manually does not necessarily mean that you've gotten rid of the spyware infection that brought on the homepage hijacker.

Doublestartpage.com may be a sign that you've been infected with spyware or a trojan.

If, when Internet Explorer starts, you see any pop up windows telling you about a rogue anti-spyware program and how to remove spyware, then you're probably infected with a trojan and you will continue to be hijacked by Doublestartpage.com. Sometimes the hijackers prevent you from changing the homepage, or may allow you to temporarily change the homepage only to have Doublestartpage.com reappear later.

So what do you do? Scan your system with an anti-spyware program and remove the spyware infections detected.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 cfqbw.dll
    2 fdpzgi.dll
    3 gtawclv.dll
    4 iesplugin.dll
    5 iesuninst.exe
    6 isaddon.dll
    7 isamini.exe
    8 isamonitor.exe
    9 khtbpdl.dll
    10 Online Security Guide.url
    11 pmmon.exe
    12 pmsngr.exe
    13 pmuninst.exe
    14 Security Troubleshooting.url
    15 veptlh.dll
    16 vjxwnn.dll
    17 vmlwp.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}IExplorer Security Plug-inInternet Explorer Secure BarMessenger Service
Loading...