Other payload of Trojan:Win32/Startpage.XI includes the following:
It will drop the following files onto compromised system:
- %programfiles%\softair\uninst.exe
- c:\documents and settings\administrator\local settings\temp\ly1.jpg
- c:\documents and settings\administrator\local settings\temp\setup_001.exe
- c:\documents and settings\administrator\local settings\temp\nsif.tmp\base64.dll
- c:\documents and settings\administrator\local settings\temp\nsif.tmp\inetc.dll
- c:\documents and settings\administrator\local settings\temp\nsif.tmp\nsprocess.dll
- c:\documents and settings\administrator\start menu\programs\softair\uninstall.lnk
