Trojan.Win32.Starter.yy
Trojan.Win32.Starter.yy is a generic term for Trojan components that are used to load other Trojan components for the purposes of installing malicious software, altering your system settings, attacking your computer's security or performing other hostilities. Although Trojan.Win32.Starter.yy can be used to a large amount of threats, recent Trojan.Win32.Starter.yy attacks that SpywareRemove.com malware researched have observed are typically linked to backdoor Trojans and browser hijackers that display pop-ups and redirect you to undesirable websites. Because Trojan.Win32.Starter.yy is almost always just one part of a multi-part infection, you should respond to any Trojan.Win32.Starter.yy attack by using total system scans with appropriate anti-malware software instead of trying to remove Trojan.Win32.Starter.yy independently from other possible infections.
A Short History of Trojan.Win32.Starter.yy
The first significant Trojan.Win32.Starter.yy attacks were recorded in January of 2011, and since then have become more numerous; accordingly, keeping threat definitions for your anti-malware software completely up-to-date is an important first step in avoiding Trojan.Win32.Starter.yy infections. Trojan.Win32.Starter.yy is also detected under numerous aliases depending on the brand of security software that finds Trojan.Win32.Starter.yy, including Trojan:Win32/Ramnit.C, Trojan.Starter.1591, Trojan.Ramnit!iQNQL6zS3w0, W32/Runner.NZ, TROJ_STARTER.SM, TR/Starter.Y, Win32/Ramnit.H, Trj/Starter.G, Win32/Ramnit.F, Trojan.Win32.Ramnit, W32/Ramnit.a and Win-Trojan/Starter.3584.F.
Although Trojan.Win32.Starter.yy can be found in a wide range of Trojan infections, recent attacks commonly categorize Trojan.Win32.Starter.yy's fellow Trojan components as Ramnit or Bamital Trojans. SpywareRemove.com malware researchers are familiar with Bamital and Ramnit as browser hijackers that infect the memory processes of Internet Explorer, Opera and Firefox and then redirect search queries to malicious or affiliate-driven search results.
Unfortunately, these Trojans and other Trojan.Win32.Starter.yy attacks are also sufficiently flexible to provide remote access to your PC by traditional backdoor methods, such as by bringing down your firewall or opening your network ports. Because standard Bamital Trojan behavior involves immediate contact with remote criminals to report a successful infection, SpywareRemove.com malware researches recommend prompt detection and removal of Trojan.Win32.Starter.yy and related Trojans to avoid serious compromises of your computer's security and privacy.
How You Can Find Trojan.Win32.Starter.yy Before the Real Attacks Start
Besides the relevant (and often randomly-named) files and Registry changes, Trojan.Win32.Starter.yy will show minimal signs of being on your PC; however, you may be able to notice Trojan.Win32.Starter.yy and related Trojans by watching out for symptoms that are related to its attacks, such as:
- An inability to access your security software. This can include your firewall, well-known brands of anti-virus scanners and even basic Windows programs like Registry Editor, MSConfig, Notepad or Task Manager.
- Unusual network settings, especially if network ports have been opened without your consent.
- Program exceptions that have been added to your firewall without your consent; SpywareRemove.com malware researchers have found that many backdoor Trojans like the ones that are empowered by Trojan.Win32.Starter.yy will use this less-obtrusive attack in lieu of shutting down a firewall.
- The presence of unfamiliar programs on your computer. This can occur because the Trojans have been instructed to install malware, and can include fake security programs like BlueFlare Antivirus, Alfa Defender Pro, Bogema Security or Defender Unlimited, as well as browser hijackers like Findxplorer, Resulturl or Find-fast-answers.com.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%UserProfile%\Templates\memory.tmp
File name: %UserProfile%\Templates\memory.tmpFile type: Temporary File
Mime Type: unknown/tmp
%UserProfile%\Local Settings\Application Data\Windows Server\[SIX RANDOM LETTERS].dll
File name: %UserProfile%\Local Settings\Application Data\Windows Server\[SIX RANDOM LETTERS].dllFile type: Dynamic link library
Mime Type: unknown/dll
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\[TEN RANDOM LETTERS]\"[TEN RANDOM LETTERS]" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\"AppSecDll" = "%UserProfile%\Local Settings\Application Data\Windows Server\[SIX RANDOM LETTERS].dll"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters\"FirstRun" = "1"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.