This page shows details and results of our analysis on the malware StartPage-JC


This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Minimum Engine


File Length

Description Added


Description Modified


Malware Proliferation


StartPage-JC is a start page trojan that installs as a Browser Helper Object which changes the default Internet Explorer start page to This trojan also changes other Internet Explorer related settings.

Upon execution, it installs itself as a Browser Helper Object.

Browser Helper Objects\{B4BA88E2-18D2-4B24-87E4-DC4C030D756C}

Modifies the start page and default search page to

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

"Local Page"=""
"Search Page"=""
"Start Page"=""
"Enable Browser Extensions"="yes"
"Search Bar"=""
"Window Title"=""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

"Local Page"=""
"Search Page"=""
"Start Page"=""
"Search Bar"=""
"Window Title"=""

In addition to this the trojan also disables the option of manually modifying Internet Explorer's start page by adding the following registry key.

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

Adds a button in the Tools menu of Internet Explorer.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7F4CBA8C-FC91-4F7C-8DC7-311273D273EA}

"Default Visible"="YES"
"HotIcon"="%SystemRoot%\\Downloaded Program Files\\IEUBmy99.dll,102"
"Icon"="%SystemRoot%\\Downloaded Program Files\\IEUBmy99.dll,101"

Redirects the following sites to


Modified default start page in Internet Explorer.

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.


A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.