Jump to content
vatson

Mass detection of Trojan.Win32.StartPage.adh

Recommended Posts

About two hours ago, a lot of our PCs suddenly started detecting Trojan.Win32.StartPage.adh in System Restore. I'm buried under e-mail notifications such as this:

 

Event Virus detected has happened on computer COMPUTER in the domain WORKGROUP at Thu Dec 15 17:50:53 2005 Object C:\System Volume Information\_restore{A46BC5D3-CE03-43E6-917B-D9C353550BAD}\RP41\A0128342.exe is infected with the virus Trojan.Win32.StartPage.adh

 

This is followed by notification that the file cannot be disinfected and has been deleted.

 

Is anyone else seeing this? My reading on the web shows that this is an IE start page hijack trojan. Since it's now in System Restore (I'm seeing no detections anywhere outside System Restore) it must have been present on the PCs at one time and has been removed by now. However, I find it hard to believe that dozens of PCs in our network had their IE start page hijacked and we at the IT dept didn't hear about this. The users certainly would have complained.

 

Also I should clarify that this mass detection started after office hours, so it cant be the case that the users are actively surfing the web right now. Also, there should be no scheduled scan running tonight.

 

I don't feel like we are in some kind of serious danger, I'm just curious.

Share this post


Link to post

KL should definitly improve their tests for false positives before releasing new signatures... there are quite a few false positives in the last time and a false positive with an common program like the notpad.exe should IMO defenitly be detected _before_ the release of the new signature.

Share this post


Link to post
post-5704-1134683163.jpg

 

My experience with this was that several variations of notepad.exe ended up in the KAV backup.  Can I restore these from backup, or do I need to approach this some other way.  As it is now, I can't use Notepad.

Yes, just use "View backup" for the restore. :)

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.