Troj/StartPa-I

Please read the instructions for removing Troj/StartPa-I.

NOTE: The information contained in this analysis may be considered offensive by some customers.

Troj/StartPa-I attempts to modify several Microsoft Internet Explorer values.

Troj/StartPa-I drops a DLL component to the <Windows>\System folder as ctrlpan.dll (also detected as Troj/StartPa-I) and adds the following registry entry in order to run this component on system restart:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\
Windows\AppInit_DLLs = "ctrlpan.dll"

Troj/StartPa-I sets the following registry entries relating to Internet Explorer to http://aifind.info/:
HKCU\Software\Microsoft\Internet Explorer\SearchURL HKCU\Software\Microsoft\Internet Explorer\Main\Search Page HKCU\Software\Microsoft\Internet Explorer\Main\Start Page HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar HKLM\Software\Microsoft\Internet Explorer\Search

Troj/StartPa-I creates or overwrites C:\<Windows System>\drivers\etc\hosts, which has the following entries:
127.0.0.1 localhost
205.177.124.66 auto.search.msn.com

Troj/StartPa-I creates an HTML stylesheet in C:\<Windows>hh.htt and creates associated registry entries in
HKLM\Software\Microsoft\Internet Explorer\Styles\User Stylesheet and
HKLM\Software\Microsoft\Internet Explorer\Styles\Use My Stylesheet.

Troj/StartPa-I attempts to copy several URL files into the Favorites folder and the Links folder within the Favourites folders with the following names:
!!! Exclusive Youngest Porn !!!.url
80 old daddies brutally fucking their daughters.url
CENSORED YOUNGEST PORN.url
Fresh XXX pics & movie.url Fucking Young Virginz !!!.url
Innocent Girls Brutally Fucked.url
Little Bitches Getting Fucked.url
Virgin Girls in Action.url
XX y.o. girls getting brutally fucked by huge dick.url
Young Masha sucking huge dick until her lips teared open.url
Youngest Girls Only.url
Youngest Hardcore Action.url

The URL files will have links to porn-related websites.