The original version of this page can be found at : http://forum.bullguard.com/forum/5/Trojanstartpage-viruscan-someo_1229.html
| Posted By : Jerry - 6-23-2004 9:10 | |
hello,
I recently got the virus Trojan.startpage virus on my computer. I have Norton Antvirus from Symantec. I Updated my virus definitions and instantly the virus warning came up and I went to the link provided. It gave me the instructions on removal. I went thru the process of turning off System Restore, rebooting in safe mode and then running the complete system wide scan. The Antivirus program detected the virus but was "unable to delete it". That damn Trojan.startpage program is a pain in the ass.
I noticed in another tread that eagle suggested going into redegit. I couldnt quite figure out how to get into that from a novice's point of view...even with my background. Could someone please help....thank you in advance.
Jerry |
| Posted By : Jerry - 6-23-2004 9:15 | Ps:
says the virus is under object name: C:\windows\system32\mtwirl.dll
thanks again,
Jerry
|
| Posted By : Destroyer - 6-24-2004 12:02 | | Delete it manually ....... |
| Posted By : Jerry - 6-24-2004 12:12 | Destroyer,
when you get a chance...please tell explain how you would remove it manually...thanks
|
| Posted By : Destroyer - 6-24-2004 3:44 | | I think you should be able to delete the file manually. Go into the folder and press deleate |
| Posted By : Jerry - 6-25-2004 12:19 | Well, I just tried to remove it manually...and got back an error box.
Said: Error in deleting file or folder.
Cannot delete mtwirl: Access dennied.
Says...Make sure the disk is not full or write prtected and that the file is not currently in use.
Talk about frustrating...First time Iv'e been stumped on my own machines in years. Is their something further anyone else can suggest looking at this thread one more time please. thanks
Jerry
|
| Posted By : Patrick Green - 6-25-2004 4:05 | | Jerry: see my post on the other thread
Also, you cant just delete a dll in active memory. Try safe mode, try quarantining it with bullguard and then deleting it in safe mode...
i miss autoexec.bat... |
| Posted By : Patrick Green - 6-25-2004 4:09 | btw you don't sound like you know much about the registry
DONT go in there unless you have instructions. search google for hijackthis to isolate the registry keys you need to fix, but see my post, it may not help.
what i would suggest you do is after you lick this bastard, go to start:run and type regedit, then go to file:export to back up your registry. Then in future if you want to muck with it, you can reimport a clean registry over any mistakes.
Stercum accidit |
| Posted By : Jerry - 6-26-2004 5:25 | | Eagle,
I'm just wondering if you can weigh in with your opinion. The trojan.startpage virus is still on my computer....thank you in advance.
Jerry |
| Posted By : Kyra <3 - 6-26-2004 6:38 | | I have the exact same virus. Nothing detected it...but the day ym brother got on the computer and sw we had no desktop, it was the first thing he could think of. Bullgaurd didnt catch it but Norton did. It said it oculdnt delete the virus. Sadly if this here was poseted b4 i wouldnt have had to format my disk xD just asking....do you have a start menu and a desktop still or was yours not like mine? |
| Posted By : eagle - 6-26-2004 7:11 | Jerry,
follow patricks advice, it sounds well sound! apparently norton either did not tell you the right thing or you missed a step.  I personally do not like doing things like virus removal in safe mode, that's for diagnostic pourposes you can though and some viruses have to be removed that way, although i've never had to. hope this helps. BTW let bullguard know that it's not detecting that virus, they would aprecciate the info.
Eagle  P.S. when you get to regedit, type the name of the virus in the window which in this case will be mtwirl. |
| Posted By : Jerry - 6-28-2004 4:24 | | Kyra <3,
Yes I do have a start button...everything is normal except when I goto surfing on the net. That nasty start page tries to take over and pop ups appear. Ive got two popup softwares installed on my computer & they don't stop them to well these days. It's basically an annoyance more than anything else.
I knew something was wrong almost the instance I got the virus...because of the page redirect to a different start page & the annoying pop ups. So I ran an instant Norton virus update and my virus protection detected the Trojan.startpage immediately. Ran thru the procedures that Eagle has been suggesting...but it wouldn't delete. So..I'm going to try some of Eagle's most recent suggestions and see what happens.
I can see where the darn virus is sitting...I just can't get it to go away.
Ps...Iv'e been using computers fulltime since 1988...my first computer was an old Dos 8088. I graduated in 1993 with an MIS concentration under the business adm degree. However...since graduating I've been a fulltime Realtor & utilizing my computer knowledge for my own business. So..I haven't expanded on my knowledge from college into a job for MIS. So I do have good knowledge...just not as much as guys like Eagle... Thanks for everyone's help upto this point.
Jerry |
| Posted By : eagle - 6-28-2004 6:36 | Hey Jerry,
Thanks for the great compliment,  but sounds like you have a good grasp of the computer already. If you hit F8 you should get options on startup tell it to start in DOS and you can open autoexec.bat from there even config.sys. an old trash 80 huh! have you still got it? oh btw I've only been in computers for a couple of years and, nowhere near your educational level. Where is your real estate co. ( hey free plug here don't turn it down). you did say your OS was XP right? If I were you I would disable norton and really try bullguard, it goes where others fear to tread(especially norton) norton sits on the surface so it scans the surface. that's why it can't remove the virus, bullguard on the other hand goes into the .cab and recovery files on your computer, and either deletes or moves the files so YOU can delete them. Try that before you do anything drastic ok?
Eagle P.S. Thanks again for the awsome compliment, nice to know I'm helping out there. |
| Posted By : Pandul - 7-1-2004 1:02 | the best and 100% way to remove C:\windows\system32\mtwirl.dll file is to delete it from another operation system.
try to boot your computer from a live linux CD, try Knoppix for instance. You can download it free from http://www.knoppix.org/
it will bring(mount) your windows partition automaticly on the desktop. the only problem with this way may be that the knoppix can mount your partitons with a read only access grant. but do not give up. a simple right click to the icon of the partition and search the menu for changing mount attributed or best make a research on google for such an howto.
if your windows partition is NTFS then try this one instead http://newsvac.newsforge.com/newsvac/04/01/10/1940217.shtml
good luck! |
| Posted By : eagle - 7-1-2004 1:31 | Jerry,
just delete it out of the regedit, follow the directions I gave you, pandul's Idea will work But?, HUH? Knoppix is a hackers tool not anti virus solution,Pandul where did you come up with that anyhow?
Eagle \ P.S. I know Knoppix is a hackers tool because I use it when someone forgets their password and needs to break into thier computer. |
| Posted By : Tonyc - 7-4-2004 9:33 | Jerry, I do not know if you found a solution to Trojan Startpage. i use (and the cest thing is, it's free) AVG anti virus software. This software detected and healed the above virus.
If you search for either AVG or Grisoft this will direct you to the appropriate site for downloading.
Tip: When you have the software installed, look for a setting that says Huristic. Thick this for on.
Hope this helps
Tonyc |
| Posted By : eagle - 7-4-2004 1:36 | Yeah Jerry,
Have not heard from you lately, either you fixed it or decided that we did not know what we were doing.  come on back the waters fine. Eagle |
| Posted By : Alanage - 7-10-2004 4:36 | | I've found a remedy with a prog antitrojan called IPARMOR, is a shareware, found out on Google.... very simple to use and great against Trojans. |
| Posted By : eagle - 7-10-2004 5:26 | Hey Alanage,
what website did you find that?
Eagle
Hey Jerry, Where the devil are you???  |
| Posted By : pxfbird - 7-11-2004 12:51 | Maybe his computer ate him.  I just couldn't resist.
Seriously, though... I hope that he didn't try something extreme which went wrong and made his computer unusable....
Jerry, if you ever find your way back here...
I would agree with Eagle in his opinion of BullGuard.  Anyone that knows me, knows that I completely detest Norton (and for the record, McAffee). (The only exception would be Norton Disk Doctor, which saved my ass in high school Computer Programming a few years ago by retrieving my HyperCard & Studio projects off a corrupted disk.) I had Norton SystemWorks on my computer at the office and it bogged it down so much. I hear that it's supposed to be a good program, but obviously you have to have a powerful pc in order to run it (definitely something that desktop is not. lol) Their Anti-Virus just bogged the desktop down even more. Not something that I have experienced with BG; it just does its job without eating all my resources.
In regards to Knoppix... they've mentioned it before on The Screen Savers (TechTV). Ya know they love Linux. lol
|
| Posted By : eagle - 7-11-2004 7:04 | Hey Bird,
Jerry probably decided to stay away from the jackasses like the onr that called him stupid or close enough. pity he seemed downright decent.
Eagle |
| Posted By : pxfbird - 7-13-2004 6:33 | Well, I hope that everything is well for Jerry and his computer. Would be too bad if he was chased off the forum. 
Bird ^_^
Post Edited (pxfbird) : 7/15/2004 11:03:15 PM GMT |
| Posted By : eagle - 7-14-2004 1:48 | Me too,
It's a real pity that some people don't have manners. Jerry was asking for a little help NOT to be insulted 
Eagle  |
| Posted By : dhop - 7-16-2004 11:43 | Hey Guys,
I've been reading this post about the StartPage.Trojan and I feel very bad for the guy who is having trouble. I've been trying to get rid of the same thing on a friend's computer. I can't tell you how frustrating it is to following instructions like Symantec's when you only know enough about computers to do some real damage. There has got to be an easier way to get rid of the Trojan, than by going into the register and making changes. Please have more patience when you run into people like me. We seriously need help or we wouldn't have gone searching for you guys.
Debbie |
| Posted By : old_fart - 7-17-2004 12:32 | I had the same problems, and it seems as if the threads here only contain portions of the solutions in each one.
Problem is that these little buggers all act differently, but they all follow some pattern or other. Here is what I have done to rid myself of the problem.
1. Get copies of CWShredder, HijackThis, SpyBot, and AD-Aware. All free, and all mentioned on other threads.
2. Get rid of Norton or McAfee if that is what you are using. I chose AVG, and like it. It is also free, Bullguard is inexpensive, but not free.
3. If yo are on XP, TURN OFF SYSTEM RESTORE
4. Open IE and set your start page to google or something. This should enter the overwrite the start page parameters in the registry, but will not correct all of the registry problems. Close IE and do not reopen it until you done the rest of this. I disconnected from my cable modem just for peace of mind.
5. Use Windows utilities to clean all the things it will clean. All cookies, temp files etc.
6. Run CWShredder first, and let it fix all that it finds, mine was in the IE files themselves, and would reset the start page on load up of the browser.
7. Run HijackThis. It will ask you to chose what to delete. This is tricky, some are legitimate, and necessary. But usually the name is a good clue as to whether you need it. If not the name, the location or something will give you a clue.
8. Run the SpyBot and Ad-Aware progras, and then rerun the CWShredder and Hijackthis
Second time through found it again under a different folder.
9. do a cold boot. Warm will work, but doesn't give the fuzzy feeling.
10. Now give it a try, if you still have it, crying is next. this has gotton rid of mine though, and many thanks to everyone on this site for the suggestions, fixes and sympathy. |
| Posted By : eagle - 7-17-2004 12:51 | Hey old fart,
Those are excellent suggestions, use them myself. And Debby, I agree most people do come on these forums to get help and the way Jerry was treated in my opinion was appalling, so in the future I at least will show some patience.
Eagle |
| Posted By : dhop - 7-17-2004 1:55 | Old Fart,
You are just an Old Sweetie. Thank you for taking the time to put it into idiot form for me. You are a lifesaver. I'll go back to my friend's and try again. Hope she can still download on that infected computer.
Debbie
|
| Posted By : donnapalmer - 7-17-2004 8:48 | Hello to all, new to this forum, have been to a few others when my machine was hijacked and bogged down and beset with popups...called my brother with his 2 year community college computer degree, and he came over with a CD of utilities which included Spybot S&D and CoolWebShredder, as mentioned along this thread by (I believe) old fart; was pleased to let him know that I had those utilities in place and had run them already. I then went back to a couple of different spyware forums and collected a bunch of download addresses, totalling 8, to clean out what had climbed into my computer.
I put these tools onto a CD myself, and distributed it to my nursing school classmates!
We have:
www.downloads.subratam.org/AboutBuster.zip AboutBuster
www.lavasoftusa.com/software/adaware AdAware
www.webroot.com/wb/products/spysweeper/index.php Spysweeper by Webroot
www.javacoolsoftware.com/spywareblaster.html Spyware Blaster
www.tomcoyote.org/hjt/ HiJack this (via Tom Coyote's website)(follow advice of other users, please!)
www.xblock.com/download-freeware.shtml XCleaner
www.misec.net/trojanhunter/?aff=12129 Trojan Hunter (trial)
www.majorgeeks.com/download4166.html kill2me (Look2Me parasite remover)
oh, and I also added www.mozilla.org, so my fellow nursing students would stop having so much trouble with their surfing experience! |
| Posted By : raymond - 7-21-2004 12:22 | if you can't delete it for main windows then you have to turn your computer off then turn it on press F8 to go into safemode then delete it virus
Jerry said...
Well, I just tried to remove it manually...and got back an error box.
Said: Error in deleting file or folder.
Cannot delete mtwirl: Access dennied.
Says...Make sure the disk is not full or write prtected and that the file is not currently in use.
Talk about frustrating...First time Iv'e been stumped on my own machines in years. Is their something further anyone else can suggest looking at this thread one more time please. thanks
Jerry
|
| Posted By : pajoker - 7-21-2004 2:07 | | Hey all,
the problem I was having was similar to this. I had this mtwirl.dll on the computer along with a html file that overran my desktop. this desktop stated that I was being watched. Well needless to say I ran NAV, hijackthis, and cwshredder, isolated the virus, however was unable to remove it, I changed the name to mtwirl.bogus, then edited/deleted all the info from it in notepad and was able to delete it. The only problem I had then was that I still had that pesky desktop. I found the source and deleted it, that would have been c:\windows\web\desktop.html
now I have a white desktop and can't see my background. icons are there but no background. any advice? |
| Posted By : eagle - 7-21-2004 2:48 | Sounds like you need to go into your settings and re-establish your background.
Eagle |
| Posted By : pajoker - 7-21-2004 4:10 | tried that it won't work, it's as if the page is still there now just blank and my actual desktop is beneath it. This is the way it ran prior to ridding myself of the virus. There was a "screen" that loaded on top of my desktop background, yet I could not access my background, I attempted to close the "screen" by right clicking on it and was unable.
another question, when removing the virus I did a scan afterward of the registry of mtwirl, I got back two strings in
HKEY_CLASSES_ROOT/CLSID/{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}
ONE is named "default" and gives data of "C:\windows\system32\mtwirl.dll"
the other says "threadingmodel" and gives data of "apartment"
Do I delete these from the registry? if so do I delete the whole folder from the registry or just the strings from the folder?
thanks for all your help thus far, it has been a rather hectic time without my computer being fully functional, you have helped immensely.
|
| Posted By : eagle - 7-21-2004 5:37 | I would say delete em all let God sort'em out.
It is possible that's why your having trouble.
Eagle |
| Posted By : Dunkles - 7-21-2004 5:40 | | delete the whole key from the registry. |
| Posted By : eagle - 7-21-2004 5:46 | Hey Dunkles that sounded familiar. Eagle |
| Posted By : Sonny - 8-31-2004 5:30 | | I am using AVG Free edition as my main virus remover and it works well. I recently got infected with the startpage.9.bd and it removed it. Try it you might like it. I also use Search & Destroy for spy files. I have CoolWebShredder too. I haven't had any problems in ages. I am using XP Pro as my OS. |
| Posted By : Sonny - 8-31-2004 5:35 | | Try downloading AVG Free edition to remove it. I have it and it works good with automatic updates. I noticed today that I got infected with that Startpage.9.bd and AVG removed it. |
| Posted By : eagle - 9-1-2004 3:08 | Could also try bullguard,
just make sure you get somewhere besides KAZAA that crap is a virus waiting to happen. best to get it at www.bullguard.com
Eagle |
| Posted By : paranoid - 11-13-2004 11:52 | hope it works.. orton instructions is driving me mad..  |
| Posted By : eagle - 11-13-2004 6:07 | Hey paranoid,
Have not been on this thread for awhile! Bullguard works also might want to try some spyware removers. CW schredder is good, spybot's another, on that one read before you install and configure it first cause it cleans super good. I have found another called giant if you are reading this PM me and I'll give you the link, It's only a trial but it's good stuff. Also go to softpedia.com and download hijack this then run a scan get ahold of a guy named touch he knows that better than most anyone. look forward to hearing from you.
Eagle |
| Posted By : paranoid - 11-21-2004 8:38 | ah ha!! i got this freaking virus too..  darn.. it was so frustrating.. actually the virus doesn't affect much to my computer. but i was too frustrated with it..
i tried downloading many AV programs, spyware remover, all sorts or removal tools. symantec removal instruction was no help at all  disabling system restore points and deleting registry keys and editing hosts files can do nothing to it.. it only mess up your system  i even deleted my ie!! and i still can get access into internet explorer 
well i got rid of it now  my best solution is to >>>>FORMAT<<<<< it clears of everything! disabling the virus from getting restored (as it will be seemed as a windows system file) even u delete them, the stupid virus will get restored.
AND i do learn from my lesson now.. DO NOT USE I.E!!!! well at least now i'm safe
|
| Posted By : paranoid - 11-21-2004 8:47 | | thx for the help eagle.. since im having my holidays.. it's jus time to format... now my comp is clean and clear |
| Posted By : eagle - 11-21-2004 1:37 | Hey Paranoid,
Glad I can help sorry you had to delete format and reinstall it happens.
You still need to go ahead and get the spyware removers, and a very good AV program (not norton) also if you are wanting an option to IE try firefox at www.mozilla.org it's java based but I have not had the trouble with it I did with IE.
But keep your IE handy you will need it for your microsoft updates, IE the XP security updates, and so on. let me know how it goes PM if you need to and will send links to all that you need.
Eagle |
| Posted By : paranoid - 11-22-2004 7:52 | yep... excellent suggestion!!!! i agree!!! 
i'm using mozilla firefox latest version now and zone alarm.. so far my friends have no problem using it... so do i |
| Posted By : eagle - 11-22-2004 3:39 | hey paranoid,
Excellent choices both great programs, enjoy a more secure computer, but get the spyware removers anyway.
Eagle |
| Posted By : pawlaser - 11-25-2004 5:17 | alanage:
Thanks for the tip. Norton and AVG could not delete Trojan.StartPage, but Iparmor deleted it easily. I am very happy it's gone.
Here is the website to download it. It's shareware.
http://www.majorgeeks.com/download1841.html |
| Posted By : eagle - 11-25-2004 5:44 | Hey pawlaser,
have not tried that one yet but liable too, go to softpedia.com for hijack this, and cw schredder and I also believe spybot. while your there you can go to the link for giant spyware remover it's only a fifteen day trial but it kicks butt. zone alarm is a good product but I'm partial to my puppy. let me know how it goes.
Eagle |
| Posted By : paranoid - 11-26-2004 10:06 | | yeap... it is advised not to use IE anymore.. too many people using it.. therefore threat and viruses will mostly attack IE... can't deny.. IE too many competitors.. that's why very vulnerable to attacks... |
| Posted By : eagle - 11-26-2004 2:56 | I concur Paranoid,
You will find the best one at mozilla.org the program is firefox.
Eagle |
| Posted By : varient3 - 7-13-2005 1:27 |
pajoker said...
Hey all,
the problem I was having was similar to this. I had this mtwirl.dll on the computer along with a html file that overran my desktop. this desktop stated that I was being watched. Well needless to say I ran NAV, hijackthis, and cwshredder, isolated the virus, however was unable to remove it, I changed the name to mtwirl.bogus, then edited/deleted all the info from it in notepad and was able to delete it. The only problem I had then was that I still had that pesky desktop. I found the source and deleted it, that would have been c:\windows\web\desktop.html
now I have a white desktop and can't see my background. icons are there but no background. any advice? I have the same problem. if anyone can help me out in any way i would really appreciate it!!
Logfile of HijackThis v1.99.1
Scan saved at 8:21:07 PM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Justin\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\ELITET~1\ELITET~2.DLL (file missing) O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing) O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [hzvvs] C:\WINDOWS\System32\hzvvs.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [okmo] C:\PROGRA~1\COMMON~1\okmo\okmom.exe O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O15 - Trusted Zone: http://www.neededware.comO16 - DPF: NDWCab - http://www.neededware.com/ndw3.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1101e3ab20beb1208a02/netzip/RdxIE601.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO18 - Filter: text/html - {0D4021AB-0AC2-477D-AA1F-046E317DD90D} - C:\WINDOWS\System32\adkn.dll O18 - Filter: text/plain - {0D4021AB-0AC2-477D-AA1F-046E317DD90D} - C:\WINDOWS\System32\adkn.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: hanriljjwdgm - Unknown owner - C:\WINDOWS\System32\jwdgm\hanrilj.exe (file missing) O23 - Service: pohrglpmla - Unknown owner - C:\WINDOWS\System32\glpmla\pohr.exe (file missing) O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
what do i tke out?
|
| Posted By : Scorpio - 8-3-2005 2:35 | | The trojan.startpage virus has hit me too. Can zap it with AVG but as soon as I go anywhere near the email or web it's back. Not too hot on dos at all as per previous messages. Can anyone out there give me any other ideas to kill this off once and for all or are you all still in the same boat? |
| Posted By : Kurrrupt - 8-5-2005 2:46 | Hello (=D'.')=E
Is this trojan thing similar to *W32/SDBOT.AIM.WORM*?? or are they the same thing cause i dont know. The start thing just keeps poppin up. Can somone help me with this?.?.?...
Its location
C:\Windows\system32\tftp1164
Thanks all =) (=D'.')=E |
| Posted By : Scorpio - 8-5-2005 2:55 | Have heard of that one but don't know what it is, although I sometimes get bother with the FAT32 error message. Don't keep getting the start menu - startpage seems to alter settings etc. Perhaps they're linked in some way.
Sorry can't help. |
|
|