Trojan.Win32.StartPage.fg

CyberScrub AntiVirus
Research Bank

This Trojan program is a Windows PE EXE file approximately 69KB in size.

Once launched, it causes the browser on the victim machine to open the following page:

http://crackspider.net/ie/first.php

It also creates a file called “crcspider.ico” in the Windows root directory. This file is 766 bytes in size:

%Windir%\crcspider.ico

The Trojan will then create the following entries in the system registry:

[HKCU\Software\Microsoft\Internet Explorer\Main]
 "Search Bar" = "http://crackspider.net/ie/sbar.php" 

[HKCU\Software\Microsoft\Internet Explorer\Search]
 "SearchAssistant" = "http://crackspider.net/ie/assist.php" 

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"ButtonText" = "Search cracks at CrackSpider.NET"

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"ClSid" = (1FBA04EE-3024-11d2-8F1F-0000F87ABD16) 

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"Default Visible" = "Yes" 

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"Exec" = "http://crackspider.net/ie/btn.php" 

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"HotIcon" = "%windows%\crcspider.ico" 

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"Icon" = "%windows%\crcspider.ico" 

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"MenuStatusBar" = "Search cracks at CrackSpider.NET" 

[HKCU\Software\Microsoft\Internet Explorer\Extensions\
(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"MenuText" = "Search cracks at CrackSpider.NET"

The Trojan will also create a new folder called “cracks” in Favourites. This file contains the following linkes and descriptions:

! CrackSpider.NET - Cracks search engine.url 
!! TheBUGS.ws - Security Related Portal.url 
!!! CrackPortal.com - Cracks, serial numbers.....url 
anyCracks.com - Keygens, patches, crackz....url 
Astalavista - Cracks search engine.url 
CrackSpider.DE - Cracks search engine.url 
CrackSpider.US - Cracks search engine.url 
CrackWay - Since 2001 cracks arhive.url 
iCracks.net - Keygens, patches, crackz....url 
KeyGen.US - Keygens, patches, crackz....url 
mscrack.com - Cracks, serial numbers.....url

It alters the "%System%\drivers\etc\hosts" file by writing the text shown below to the file:

213.239.0.226   andr.net
213.239.0.226   astalavista.box.sk
213.239.0.226   crackspider.com
213.239.0.226   crackz.ws
213.239.0.226   www.andr.net
213.239.0.226   www.crackz.ws
213.239.0.226   www.crackspider.com

When the browser is used to view the sites listed above, it will automatically be redirected to 213.239.0.226

The Trojan will add its own icon to the Internet Explorer toolbar. This icon acts as a link to http://crackspider.net/ie/btn.php and also links to the Favorites menu.

Check out if we have free removal tool for this virus

CyberScrub AntiVirus provides state of the art security protection for five years- at one low price. Our award winning technology ensures protection against viruses, worms and trojans backed by top customer support and value.

Five Year Cost Comparison
Product	Initial Cost	Yearly Subscription	X Four Years	Total
Norton 2004 AntiVirus	$49.95*	$29.95	$119.80	$169.75
McAfee VirusScan	$49.95*	$19.95	$79.80	$129.75
CyberScrub AntiVirus	$49.95	Included	No Additional Cost	$49.95
*All prices MSRP as published on respective sites.

It is only a matter of time before a virus, worm or Trojan horse wrecks havoc on your important data. Important files, records, family pictures- all at risk. Some dangerous programs can even ruin your hard drive beyond repair.

CyberScrub AntiVirus offers the most effective protection from all known and unknown viruses.

CyberScrub AntiVirus is powered by a unique integrated technology for virus detection, based on principles of multi-generation heuristic analysis. This allows the program to protect you from suspect “viral behavior”. This highly effective methodology repelled all attacks of each “I LOVEYOU’ viral variation without any additional antivirus database updates. No other technology, including Norton, Trend, or McAfee was able to accomplish this.

CyberScrub AntiVirus is powerful, yet its exceptional ease of use and installation make it acceptable for beginner to pro

CyberScrub Antivirus constantly scans your hard drive and files to identify, clean and destroy infected objects. With updates available every three hours, 24 hours a day, 365 days a year, you can count on CyberScrub to protect your valued data.

CyberScrub AntiVirus
Lifetime Edition

"For the Life of Your Computer"
Save $10 Now!
Limited Time

Trojan.Win32.StartPage.fg

Symantec Warns Of Flaw In Antivirus Program. More>>

CNN Legend Lynne Russell reports on CyberScrub AntiVirus for Tech Headline News.

delete,deletion, file deletion, Internet clean up,privacy, HIPAA, Internet privacy, cookies, erase, erasure, shredder, wipe, overwrite, purge, deletion, security, file wipe, data destruction