This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
-- Update August 20, 2004 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
This trojan modifies settings for Microsoft Internet Explorer. When run, the trojan makes the following registry changes:
Internet Explorer loading unexpected pages at startup and while searching.
A hyperlink pointing to an infectious website was reportedly spammed to many users via AIM and ICQ on August 20, 2004. Following that link, landed unsuspecting users on a page containing encoded Exploit-ObjectData trojan code, which loaded another page containing the Exploit-MhtRedir trojan. The Exploit-MhtRedir trojan referenced a CHM file containing the Exploit-CodeBase trojan , which installed the StartPage-EU trojan on vulnerable systems.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).