If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Trojan thing
I am not a computer technical person, but I am trying to get rid of a Trojan
virus thing which has appeared on my PC, which is an HP Pavilion, new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6. It is called "StartPage-DU.dll" and keeps causing my antivirus software (Regularly autoupdated McAfee) to report that it has removed a file called SP.dll from my Windows Temp folder. It seems to be triggered by running Internet Explorer. I have looked in the McAfee and Sophos web sites for advice and although they tell me what it does, I can see no advice that I can understand to help me locate the file in my PC which is actually causing the problem. They talk about changes which the thing makes to the Registry, but that seems so complex that I dare not touch it (I looked in something called Regedit and it was full of very technical looking gobblydegook, though I did eventually manage to find the bits it was talking about). There was something said about uninstalling a search assist program, but when I try to do that it says it cannot. I tried using something called AdAware which someone suggested and it never found it, nor did one called Spybot S&D, and I did a virus scan of my whole machine with McAfee and it didn't find it either, but it is still there because McAfee still keeps deleting this file from TEMP and the home page still keeps changing. I keep seeing references to a file called SP.html, but I can't find one of those anywhere on my PC. The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Can anyone give me some advice please - advice in very simple terms that I might be able to understand please. |
#2
|
|||
|
|||
Most likely that is not a Trojan, but an adware/spyware program.
So first of all I would run an anti-adware program like Lavasoft AdAware, www.lavasoftusa.com (don't forget to download the latest Definition File -- or allow AdAware to download it itself, after its installation). See also: http://www.trojaner-info.de/anleitun...out_blank.html (it seems that is your specific case), and http://www.mvps.org/inetexplorer/Darnit.htm -- Mikhail Zhilin http://www.aha.ru/~mwz Sorry, no technical support by e-mail. Please reply to the newsgroups only. ====== On Thu, 10 Feb 2005 09:50:25 -0000, "Henry" wrote: I am not a computer technical person, but I am trying to get rid of a Trojan virus thing which has appeared on my PC, which is an HP Pavilion, new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6. It is called "StartPage-DU.dll" and keeps causing my antivirus software (Regularly autoupdated McAfee) to report that it has removed a file called SP.dll from my Windows Temp folder. It seems to be triggered by running Internet Explorer. I have looked in the McAfee and Sophos web sites for advice and although they tell me what it does, I can see no advice that I can understand to help me locate the file in my PC which is actually causing the problem. They talk about changes which the thing makes to the Registry, but that seems so complex that I dare not touch it (I looked in something called Regedit and it was full of very technical looking gobblydegook, though I did eventually manage to find the bits it was talking about). There was something said about uninstalling a search assist program, but when I try to do that it says it cannot. I tried using something called AdAware which someone suggested and it never found it, nor did one called Spybot S&D, and I did a virus scan of my whole machine with McAfee and it didn't find it either, but it is still there because McAfee still keeps deleting this file from TEMP and the home page still keeps changing. I keep seeing references to a file called SP.html, but I can't find one of those anywhere on my PC. The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Can anyone give me some advice please - advice in very simple terms that I might be able to understand please. |
#3
|
|||
|
|||
On Thu, 10 Feb 2005 14:56:38 +0300, Mikhail Zhilin
wrote: .. See also: http://www.trojaner-info.de/anleitun...out_blank.html (it seems that is your specific case), and .. Sorry, this page is in German... But probably that will help nevertheless: the Registry keys and file names are common. -- Mikhail Zhilin http://www.aha.ru/~mwz Sorry, no technical support by e-mail. Please reply to the newsgroups only. ====== |
#4
|
|||
|
|||
See then if McAfee specific page, with the Removal Instructions, will
help: http://vil.nai.com/vil/content/v_126244.htm And see the third message in http://help.lockergnome.com/index.ph...T&f=48&t=30178 quote .... This program then placed two dll files. One called sp.dll into my c:\documentsandsettings\local settings\temp directory and a dmgn.dll into my c:windows\system32 directory. .... All back to normal. /quote In Win98 they will be in \windows\temp folder -- instead of c:\documents and settings\local settings\temp, and probably in c:\windows\system instead of c:\windows\system32 folder. With this correction, the recipe should work and in WIn98, too. -- Mikhail Zhilin http://www.aha.ru/~mwz Sorry, no technical support by e-mail. Please reply to the newsgroups only. ====== On Thu, 10 Feb 2005 12:37:01 -0000, "Henry" wrote: "Mikhail Zhilin" wrote .. See also: http://www.trojaner-info.de/anleitun...out_blank.html (it seems that is your specific case), and .. Sorry, this page is in German... But probably that will help nevertheless: the Registry keys and file names are common. ----------------------------------- Thank you for your response. You suggested using AdAware, but as I said in the OP, I have already done so and it failed to find the problem, let alone cure it. The German page, however, seems to confirm that AdAware is no help with this one: Babelfish translation: "Numerous users of the InterNet Explorers of Microsoft strike themselves for some weeks with a particularly aggressive Browser Hijacker around, which is to be removed only very with difficulty. All usual Tools as for example the CWShredder, Spybot search & Destroy, SpywareBlaster and Ad-aware is at present not able to remove this Browser Hijacker. Also with most concerning meanwhile sufficiently the well-known ' fix ' with HijackThis brings no durable release. If it looks first in such a way, as if the problem is solved, then the inadvertent entfuehrung of the starting side is suddenly again there at the latest after 24 hours." Also it speaks about SP.html which I cannot find, only SP.dll which keeps appearing in my c:\windows\temp. By the way, it was McAfee which described StartPage-DU.dll as a Trojan, not me. I would not know a Trojan if I saw one. I have not a clue what the difference is between these various things - they all just viruses to me. I just want to get rid of the perishing thing but don't know how. |
#5
|
|||
|
|||
"Mikhail Zhilin" wrote in message
... See then if McAfee specific page, with the Removal Instructions, will help: http://vil.nai.com/vil/content/v_126244.htm And see the third message in http://help.lockergnome.com/index.ph...T&f=48&t=30178 quote ... This program then placed two dll files. One called sp.dll into my c:\documentsandsettings\local settings\temp directory and a dmgn.dll into my c:windows\system32 directory. ... All back to normal. /quote In Win98 they will be in \windows\temp folder -- instead of c:\documents and settings\local settings\temp, and probably in c:\windows\system instead of c:\windows\system32 folder. With this correction, the recipe should work and in WIn98, too. -- Thank you Mikhail. I will look at the things mentioned in "lockergnome". I had already looked at the McAfee page you mentioned, but could not understand the instruction, though McAfee could not detect the problem except when it removes SP.dll from Windows\temp. |
#6
|
|||
|
|||
You might want to try this site: http://www.doxdesk.com/ . When you get
there be prepared to do some reading. Go to the parasites tab and let the detection script run. Post back your results. HTH, DTV "Henry" wrote in message ... "Mikhail Zhilin" wrote in message ... See then if McAfee specific page, with the Removal Instructions, will help: http://vil.nai.com/vil/content/v_126244.htm And see the third message in http://help.lockergnome.com/index.ph...T&f=48&t=30178 quote ... This program then placed two dll files. One called sp.dll into my c:\documentsandsettings\local settings\temp directory and a dmgn.dll into my c:windows\system32 directory. ... All back to normal. /quote In Win98 they will be in \windows\temp folder -- instead of c:\documents and settings\local settings\temp, and probably in c:\windows\system instead of c:\windows\system32 folder. With this correction, the recipe should work and in WIn98, too. -- Thank you Mikhail. I will look at the things mentioned in "lockergnome". I had already looked at the McAfee page you mentioned, but could not understand the instruction, though McAfee could not detect the problem except when it removes SP.dll from Windows\temp. |
#7
|
|||
|
|||
There are anti virus News Groups specifically for this type of discussion.
microsoft.public.scripting.virus.discussion microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus There is no doubt that "StartPage-DU.dll" is indeed a Trojan -- http://vil.nai.com/vil/content/v_127653.htm 1) Download the following two items... Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Latest Trend signature files. http://www.trendmicro.com/download/pattern.asp Create a directory. On drive "C:\" (e.g., "c:\New Folder") or the desktop (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder") Download SYSCLEAN.COM and place it in that directory. Download the signature files (pattern files) by obtaining the ZIP file. For example; lpt400.zip Extract the contents of the ZIP file and place the contents in the same directory as SYSCLEAN.COM. 2) Reboot your PC into Safe Mode and shutdown as many applications as possible 3) Using the Trend Sysclean utility, perform a Full Scan of your platform and clean/delete any infectors found 4) Restart your PC and perform a "final" Full Scan of your platform * * * Please report back your results * * * -- Dave "Henry" wrote in message ... | I am not a computer technical person, but I am trying to get rid of a Trojan | virus thing which has appeared on my PC, which is an HP Pavilion, new in | 2000, 650MHz Athlon processor, using Windows 98SE and IE6. | | It is called "StartPage-DU.dll" and keeps causing my antivirus software | (Regularly autoupdated McAfee) to report that it has removed a file called | SP.dll from my Windows Temp folder. It seems to be triggered by running | Internet Explorer. | | I have looked in the McAfee and Sophos web sites for advice and although | they tell me what it does, I can see no advice that I can understand to help | me locate the file in my PC which is actually causing the problem. | | They talk about changes which the thing makes to the Registry, but that | seems so complex that I dare not touch it (I looked in something called | Regedit and it was full of very technical looking gobblydegook, though I did | eventually manage to find the bits it was talking about). | | There was something said about uninstalling a search assist program, but | when I try to do that it says it cannot. | | I tried using something called AdAware which someone suggested and it never | found it, nor did one called Spybot S&D, and I did a virus scan of my whole | machine with McAfee and it didn't find it either, but it is still there | because McAfee still keeps deleting this file from TEMP and the home page | still keeps changing. | | I keep seeing references to a file called SP.html, but I can't find one of | those anywhere on my PC. | | The main thing this seems to be doing is to muck about with my Internet | Explorer home page, but I am worried that if I cannot get rid of it I might | send it to other people with my E-Mails. | | Can anyone give me some advice please - advice in very simple terms that I | might be able to understand please. | | | |
#8
|
|||
|
|||
"Henry" wrote in message ... I am not a computer technical person, but I am trying to get rid of a Trojan virus thing which has appeared on my PC, which is an HP Pavilion, new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6. It is called "StartPage-DU.dll" and keeps causing my antivirus software (Regularly autoupdated McAfee) to report that it has removed a file called SP.dll from my Windows Temp folder. It seems to be triggered by running Internet Explorer. I have looked in the McAfee and Sophos web sites for advice and although they tell me what it does, I can see no advice that I can understand to help me locate the file in my PC which is actually causing the problem. They talk about changes which the thing makes to the Registry, but that seems so complex that I dare not touch it (I looked in something called Regedit and it was full of very technical looking gobblydegook, though I did eventually manage to find the bits it was talking about). There was something said about uninstalling a search assist program, but when I try to do that it says it cannot. I tried using something called AdAware which someone suggested and it never found it, nor did one called Spybot S&D, and I did a virus scan of my whole machine with McAfee and it didn't find it either, but it is still there because McAfee still keeps deleting this file from TEMP and the home page still keeps changing. I keep seeing references to a file called SP.html, but I can't find one of those anywhere on my PC. The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Can anyone give me some advice please - advice in very simple terms that I might be able to understand please. Run REGEDIT Double-click your way to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main by clicking on each of the keys in turn until you get to Main ======================== In the right-hand panel, if you find this key "HOMEOldSP" = "about:blank" Right-click on it and Delete it ======================== In the right-hand panel, if you find this key "Search Bar" = "sp.html" Right-click on it and Modify it to http://www.google.com/ or http://search.msn.com/ or any other search engine of your choice and click OK ======================== In the right-hand panel, if you find this key "Use Search Asst" = "no" Right-click on it and Delete it ======================== Now double-click your way to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\ In the right-hand panel, if you find this key RunMRU "e" = "hhk.dll" ================================ Search the Registry for any other references to HHK.DLL or SP.HTML and get rid of them also Close REGEDIT Search your computer, making sure that you search My Computer, and not just one folder If you find either of those files, get rid of them Reboot All of the above is based on settings in my own Registry, plus the info from the McAfee site |
#9
|
|||
|
|||
You may want to consider downloading and using Mozilla Firefox in the future
for a safer but of course not completely safe browsing experience. "Henry" wrote in message ... : I am not a computer technical person, but I am trying to get rid of a Trojan : virus thing which has appeared on my PC, which is an HP Pavilion, new in : 2000, 650MHz Athlon processor, using Windows 98SE and IE6. : : It is called "StartPage-DU.dll" and keeps causing my antivirus software : (Regularly autoupdated McAfee) to report that it has removed a file called : SP.dll from my Windows Temp folder. It seems to be triggered by running : Internet Explorer. : : I have looked in the McAfee and Sophos web sites for advice and although : they tell me what it does, I can see no advice that I can understand to help : me locate the file in my PC which is actually causing the problem. : : They talk about changes which the thing makes to the Registry, but that : seems so complex that I dare not touch it (I looked in something called : Regedit and it was full of very technical looking gobblydegook, though I did : eventually manage to find the bits it was talking about). : : There was something said about uninstalling a search assist program, but : when I try to do that it says it cannot. : : I tried using something called AdAware which someone suggested and it never : found it, nor did one called Spybot S&D, and I did a virus scan of my whole : machine with McAfee and it didn't find it either, but it is still there : because McAfee still keeps deleting this file from TEMP and the home page : still keeps changing. : : I keep seeing references to a file called SP.html, but I can't find one of : those anywhere on my PC. : : The main thing this seems to be doing is to muck about with my Internet : Explorer home page, but I am worried that if I cannot get rid of it I might : send it to other people with my E-Mails. : : Can anyone give me some advice please - advice in very simple terms that I : might be able to understand please. : : : |
#10
|
|||
|
|||
The Germans certainly know a lot about computers. I think one of Sasser worm
creators was a German but I am unsure. "Mikhail Zhilin" wrote in message ... : On Thu, 10 Feb 2005 14:56:38 +0300, Mikhail Zhilin : wrote: : : .. : See also: : http://www.trojaner-info.de/anleitun...out_blank.html : (it seems that is your specific case), and : .. : : Sorry, this page is in German... But probably that will help : nevertheless: the Registry keys and file names are common. : -- : Mikhail Zhilin : http://www.aha.ru/~mwz : Sorry, no technical support by e-mail. : Please reply to the newsgroups only. : ====== |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
cat & mouse & trojan horse | rooster | General | 22 | December 18th 04 08:41 AM |
Got a trojan and need help | Sweetpea | General | 9 | September 4th 04 09:06 PM |
HELP ! Virus, Trojan or what ???? | Steve | General | 0 | August 18th 04 08:53 PM |
Trojan | General | 2 | August 7th 04 12:35 PM | |
Trojan Horse Viruses | Wendy | General | 33 | July 12th 04 08:15 PM |