Win-Trojan/Starman.Gen
Win-Trojan/Starman.Gen is a devastating and troublesome trojan infection that may make changes to security processes in Task Manager and block your access to msconfig and regedit. Win-Trojan/Starman.Gen may propagate through email attachments, chat programs or via adult related movie downloads and will try to copy itself across an existing network. Win-Trojan/Starman.Gen may damage your system files and computer hardware. Once a system is corrupted by Win-Trojan/Starman.Gen, it may undergo data loss and a rapid decline in performance.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Common Files\System\ado\tsektjkj.exe 2 %ProgramFiles%\NetMeeting\rsewzjqn.exe 3 %Windir \pchealth\helpctr\System\CompatCtr\hrtbebze.exe 4 %Windir \pchealth\helpctr\System\rc\qbrblthb.exe 5 %Windir%\pchealth\helpctr\System\ErrMsg\vlvxqrek.exe 6 %Windir%\pchealth\helpctr\System\Remote Assistance\rzqstvqq.exe 7 %Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\vxwqhwzs.exe 8 %Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\vsekkehe.exe 9 c:\tvsknrse.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}\LocalServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}]HKEY..\..\..\..{RegistryKeys}(Default) =(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\qkezbwtr.exe"(Default) = "%Windir%\Web\wcxnjhhj.exe"(Default) = "hblhrsekjwjbzjnt"(Default) = "hbqxlnlrejneqrez"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.