Downloader.Starmal
Downloader.Starmal may be downloaded from a remote server or file-sharing network that comes bundled with modified legitimate program. It was intentionally combined with executable programs to infect users without their knowledge. Once executed, Downloader.Starmal will connect to a remote server and download more threats. Files identified as Downloader.Starmal are considered malicious and must be removed immediately.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Downloader.Starmal:
1. If using Windows 7/Vista/Me/XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore] [System Restore in Windows Vista/7]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Create its own process
- Modifies Windows registry
- Connect to a remote server via specified TCP port
Malicious Files Added by Downloader.Starmal:
%Windir%\qvodsetupplus1.exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinMan