I recently got the virus Trojan.startpage virus on my computer. I have Norton Antvirus from Symantec. I Updated my virus definitions and instantly the virus warning came up and I went to the link provided. It gave me the instructions on removal. I went thru the process of turning off System Restore, rebooting in safe mode and then running the complete system wide scan. The Antivirus program detected the virus but was "unable to delete it". That damn Trojan.startpage program is a pain in the ass.
I noticed in another tread that eagle suggested going into redegit. I couldnt quite figure out how to get into that from a novice's point of view...even with my background. Could someone please help....thank you in advance.
Well, I just tried to remove it manually...and got back an error box.
Said: Error in deleting file or folder.
Cannot delete mtwirl: Access dennied.
Says...Make sure the disk is not full or write prtected and that the file is not currently in use.
Talk about frustrating...First time Iv'e been stumped on my own machines in years. Is their something further anyone else can suggest looking at this thread one more time please. thanks
btw you don't sound like you know much about the registry DONT go in there unless you have instructions. search google for hijackthis to isolate the registry keys you need to fix, but see my post, it may not help.
what i would suggest you do is after you lick this bastard, go to start:run and type regedit, then go to file:export to back up your registry. Then in future if you want to muck with it, you can reimport a clean registry over any mistakes.
I have the exact same virus. Nothing detected it...but the day ym brother got on the computer and sw we had no desktop, it was the first thing he could think of. Bullgaurd didnt catch it but Norton did. It said it oculdnt delete the virus. Sadly if this here was poseted b4 i wouldnt have had to format my disk xD just asking....do you have a start menu and a desktop still or was yours not like mine?
follow patricks advice, it sounds well sound! apparently norton either did not tell you the right thing or you missed a step. I personally do not like doing things like virus removal in safe mode, that's for diagnostic pourposes you can though and some viruses have to be removed that way, although i've never had to. hope this helps. BTW let bullguard know that it's not detecting that virus, they would aprecciate the info.
Eagle
P.S. when you get to regedit, type the name of the virus in the window which in this case will be mtwirl.
Yes I do have a start button...everything is normal except when I goto surfing on the net. That nasty start page tries to take over and pop ups appear. Ive got two popup softwares installed on my computer & they don't stop them to well these days. It's basically an annoyance more than anything else.
I knew something was wrong almost the instance I got the virus...because of the page redirect to a different start page & the annoying pop ups. So I ran an instant Norton virus update and my virus protection detected the Trojan.startpage immediately. Ran thru the procedures that Eagle has been suggesting...but it wouldn't delete. So..I'm going to try some of Eagle's most recent suggestions and see what happens.
I can see where the darn virus is sitting...I just can't get it to go away.
Ps...Iv'e been using computers fulltime since 1988...my first computer was an old Dos 8088. I graduated in 1993 with an MIS concentration under the business adm degree. However...since graduating I've been a fulltime Realtor & utilizing my computer knowledge for my own business. So..I haven't expanded on my knowledge from college into a job for MIS. So I do have good knowledge...just not as much as guys like Eagle... Thanks for everyone's help upto this point.
Thanks for the great compliment, but sounds like you have a good grasp of the computer already. If you hit F8 you should get options on startup
tell it to start in DOS and you can open autoexec.bat from there even config.sys. an old trash 80 huh! have you still got it? oh btw I've only been in computers for a couple of years and, nowhere near your educational level. Where is your real estate co. ( hey free plug here don't turn it down). you did say your OS was XP right? If I were you I would disable norton and really try bullguard, it goes where others fear to tread(especially norton) norton sits on the surface so it scans the surface. that's why it can't remove the virus, bullguard on the other hand goes into the .cab and recovery files on your computer, and either deletes or moves the files so YOU can delete them. Try that before you do anything drastic ok?
Eagle
P.S. Thanks again for the awsome compliment, nice to know I'm helping out there.
the best and 100% way to remove C:\windows\system32\mtwirl.dll file is to delete it from another operation system.
try to boot your computer from a live linux CD, try Knoppix for instance. You can download it free from http://www.knoppix.org/
it will bring(mount) your windows partition automaticly on the desktop. the only problem with this way may be that the knoppix can mount your partitons with a read only access grant. but do not give up. a simple right click to the icon of the partition and search the menu for changing mount attributed or best make a research on google for such an howto.
if your windows partition is NTFS then try this one instead http://newsvac.newsforge.com/newsvac/04/01/10/1940217.shtml
just delete it out of the regedit, follow the directions I gave you, pandul's Idea will work But?, HUH? Knoppix is a hackers tool not anti virus solution,Pandul where did you come up with that anyhow?
Eagle \
P.S. I know Knoppix is a hackers tool because I use it when someone forgets their password and needs to break into thier computer.
Jerry, I do not know if you found a solution to Trojan Startpage. i use (and the cest thing is, it's free) AVG anti virus software. This software detected and healed the above virus. If you search for either AVG or Grisoft this will direct you to the appropriate site for downloading. Tip: When you have the software installed, look for a setting that says Huristic. Thick this for on. Hope this helps
Maybe his computer ate him. I just couldn't resist.
Seriously, though... I hope that he didn't try something extreme which went wrong and made his computer unusable....
Jerry, if you ever find your way back here...
I would agree with Eagle in his opinion of BullGuard. Anyone that knows me, knows that I completely detest Norton (and for the record, McAffee). (The only exception would be Norton Disk Doctor, which saved my ass in high school Computer Programming a few years ago by retrieving my HyperCard & Studio projects off a corrupted disk.) I had Norton SystemWorks on my computer at the office and it bogged it down so much. I hear that it's supposed to be a good program, but obviously you have to have a powerful pc in order to run it (definitely something that desktop is not. lol) Their Anti-Virus just bogged the desktop down even more. Not something that I have experienced with BG; it just does its job without eating all my resources.
In regards to Knoppix... they've mentioned it before on The Screen Savers (TechTV). Ya know they love Linux. lol
I've been reading this post about the StartPage.Trojan and I feel very bad for the guy who is having trouble. I've been trying to get rid of the same thing on a friend's computer. I can't tell you how frustrating it is to following instructions like Symantec's when you only know enough about computers to do some real damage. There has got to be an easier way to get rid of the Trojan, than by going into the register and making changes. Please have more patience when you run into people like me. We seriously need help or we wouldn't have gone searching for you guys.
I had the same problems, and it seems as if the threads here only contain portions of the solutions in each one.
Problem is that these little buggers all act differently, but they all follow some pattern or other. Here is what I have done to rid myself of the problem.
1. Get copies of CWShredder, HijackThis, SpyBot, and AD-Aware. All free, and all mentioned on other threads. 2. Get rid of Norton or McAfee if that is what you are using. I chose AVG, and like it. It is also free, Bullguard is inexpensive, but not free. 3. If yo are on XP, TURN OFF SYSTEM RESTORE 4. Open IE and set your start page to google or something. This should enter the overwrite the start page parameters in the registry, but will not correct all of the registry problems. Close IE and do not reopen it until you done the rest of this. I disconnected from my cable modem just for peace of mind. 5. Use Windows utilities to clean all the things it will clean. All cookies, temp files etc. 6. Run CWShredder first, and let it fix all that it finds, mine was in the IE files themselves, and would reset the start page on load up of the browser. 7. Run HijackThis. It will ask you to chose what to delete. This is tricky, some are legitimate, and necessary. But usually the name is a good clue as to whether you need it. If not the name, the location or something will give you a clue. 8. Run the SpyBot and Ad-Aware progras, and then rerun the CWShredder and Hijackthis Second time through found it again under a different folder. 9. do a cold boot. Warm will work, but doesn't give the fuzzy feeling. 10. Now give it a try, if you still have it, crying is next. this has gotton rid of mine though, and many thanks to everyone on this site for the suggestions, fixes and sympathy.
Currently it is Saturday, November 07, 2009 8:29 PM (GMT +1) There are a total of 72.700 posts in 17.060 threads. In the last 3 days there were 10 new threads and 50 reply posts. View Active Threads
Who's Online
This forum has 30250 registered members. Please welcome our newest member, iyshwarya iyer. 34 Guest(s), 1 Registered Member(s) are currently online. Details Cordialis
I personally do not like doing things like virus removal in safe mode, that's for diagnostic pourposes you can though and some viruses have to be removed that way, although i've never had to. hope this helps. BTW let bullguard know that it's not detecting that virus, they would aprecciate the info.
but sounds like you have a good grasp of the computer already. If you hit F8 you should get options on startup
come on back the waters fine.
I just couldn't resist. 
Anyone that knows me, knows that I completely detest Norton (and for the record, McAffee). (The only exception would be Norton Disk Doctor, which saved my ass in high school Computer Programming a few years ago by retrieving my HyperCard & Studio projects off a corrupted disk.) I had Norton SystemWorks on my computer at the office and it bogged it down so much. I hear that it's supposed to be a good program, but obviously you have to have a powerful pc in order to run it (definitely something that desktop is not. lol) Their Anti-Virus just bogged the desktop down even more. Not something that I have experienced with BG; it just does its job without eating all my resources. 
|