We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
VirTool:WinNT/Livuto.gen
Aliases: RKIT/StartPage.B.2 (Avira) TROJ_ROOTKIT.CQ (Trend Micro) Trojan.StartPage.1675 (Dr.Web) Trojan.Win32.Startpage (Ikarus) Trojan.Win32.StartPage.amd (Kaspersky) W32/Farfli.G (Norman) W32/Trojan.YIB (Command) Win32/Rootkit.Agent.NAU (ESET) Win-Trojan/StartPage.8352 (AhnLab)
Summary
VirTool:WinNT/Livuto.gen is a trojan that prevents access to certain security-related websites by modifying your Windows Hosts file. It also changes your Internet Explorer start page. It may be installed by TrojanDropper:Win32/Livuto.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
Additional remediation instructions for VirTool:WinNT/Livuto.gen
This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following articles:
- Changing your Internet Explorer Home Page:
- Recreating a clean Hosts file
