If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
|
#1
|
|||
|
|||
Trojan thing
I am not a computer technical person, but I am trying to get rid of a Trojan
virus thing which has appeared on my PC, which is an HP Pavilion, new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6. It is called "StartPage-DU.dll" and keeps causing my antivirus software (Regularly autoupdated McAfee) to report that it has removed a file called SP.dll from my Windows Temp folder. It seems to be triggered by running Internet Explorer. I have looked in the McAfee and Sophos web sites for advice and although they tell me what it does, I can see no advice that I can understand to help me locate the file in my PC which is actually causing the problem. They talk about changes which the thing makes to the Registry, but that seems so complex that I dare not touch it (I looked in something called Regedit and it was full of very technical looking gobblydegook, though I did eventually manage to find the bits it was talking about). There was something said about uninstalling a search assist program, but when I try to do that it says it cannot. I tried using something called AdAware which someone suggested and it never found it, nor did one called Spybot S&D, and I did a virus scan of my whole machine with McAfee and it didn't find it either, but it is still there because McAfee still keeps deleting this file from TEMP and the home page still keeps changing. I keep seeing references to a file called SP.html, but I can't find one of those anywhere on my PC. The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Can anyone give me some advice please - advice in very simple terms that I might be able to understand please. |
#2
|
|||
|
|||
Most likely that is not a Trojan, but an adware/spyware program.
So first of all I would run an anti-adware program like Lavasoft AdAware, www.lavasoftusa.com (don't forget to download the latest Definition File -- or allow AdAware to download it itself, after its installation). See also: http://www.trojaner-info.de/anleitun...out_blank.html (it seems that is your specific case), and http://www.mvps.org/inetexplorer/Darnit.htm -- Mikhail Zhilin http://www.aha.ru/~mwz Sorry, no technical support by e-mail. Please reply to the newsgroups only. ====== On Thu, 10 Feb 2005 09:50:25 -0000, "Henry" wrote: I am not a computer technical person, but I am trying to get rid of a Trojan virus thing which has appeared on my PC, which is an HP Pavilion, new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6. It is called "StartPage-DU.dll" and keeps causing my antivirus software (Regularly autoupdated McAfee) to report that it has removed a file called SP.dll from my Windows Temp folder. It seems to be triggered by running Internet Explorer. I have looked in the McAfee and Sophos web sites for advice and although they tell me what it does, I can see no advice that I can understand to help me locate the file in my PC which is actually causing the problem. They talk about changes which the thing makes to the Registry, but that seems so complex that I dare not touch it (I looked in something called Regedit and it was full of very technical looking gobblydegook, though I did eventually manage to find the bits it was talking about). There was something said about uninstalling a search assist program, but when I try to do that it says it cannot. I tried using something called AdAware which someone suggested and it never found it, nor did one called Spybot S&D, and I did a virus scan of my whole machine with McAfee and it didn't find it either, but it is still there because McAfee still keeps deleting this file from TEMP and the home page still keeps changing. I keep seeing references to a file called SP.html, but I can't find one of those anywhere on my PC. The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Can anyone give me some advice please - advice in very simple terms that I might be able to understand please. |
#3
|
|||
|
|||
On Thu, 10 Feb 2005 14:56:38 +0300, Mikhail Zhilin
wrote: .. See also: http://www.trojaner-info.de/anleitun...out_blank.html (it seems that is your specific case), and .. Sorry, this page is in German... But probably that will help nevertheless: the Registry keys and file names are common. -- Mikhail Zhilin http://www.aha.ru/~mwz Sorry, no technical support by e-mail. Please reply to the newsgroups only. ====== |
#4
|
|||
|
|||
The Germans certainly know a lot about computers. I think one of Sasser worm
creators was a German but I am unsure. "Mikhail Zhilin" wrote in message ... : On Thu, 10 Feb 2005 14:56:38 +0300, Mikhail Zhilin : wrote: : : .. : See also: : http://www.trojaner-info.de/anleitun...out_blank.html : (it seems that is your specific case), and : .. : : Sorry, this page is in German... But probably that will help : nevertheless: the Registry keys and file names are common. : -- : Mikhail Zhilin : http://www.aha.ru/~mwz : Sorry, no technical support by e-mail. : Please reply to the newsgroups only. : ====== |
#5
|
|||
|
|||
There are anti virus News Groups specifically for this type of discussion.
microsoft.public.scripting.virus.discussion microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus There is no doubt that "StartPage-DU.dll" is indeed a Trojan -- http://vil.nai.com/vil/content/v_127653.htm 1) Download the following two items... Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Latest Trend signature files. http://www.trendmicro.com/download/pattern.asp Create a directory. On drive "C:\" (e.g., "c:\New Folder") or the desktop (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder") Download SYSCLEAN.COM and place it in that directory. Download the signature files (pattern files) by obtaining the ZIP file. For example; lpt400.zip Extract the contents of the ZIP file and place the contents in the same directory as SYSCLEAN.COM. 2) Reboot your PC into Safe Mode and shutdown as many applications as possible 3) Using the Trend Sysclean utility, perform a Full Scan of your platform and clean/delete any infectors found 4) Restart your PC and perform a "final" Full Scan of your platform * * * Please report back your results * * * -- Dave "Henry" wrote in message ... | I am not a computer technical person, but I am trying to get rid of a Trojan | virus thing which has appeared on my PC, which is an HP Pavilion, new in | 2000, 650MHz Athlon processor, using Windows 98SE and IE6. | | It is called "StartPage-DU.dll" and keeps causing my antivirus software | (Regularly autoupdated McAfee) to report that it has removed a file called | SP.dll from my Windows Temp folder. It seems to be triggered by running | Internet Explorer. | | I have looked in the McAfee and Sophos web sites for advice and although | they tell me what it does, I can see no advice that I can understand to help | me locate the file in my PC which is actually causing the problem. | | They talk about changes which the thing makes to the Registry, but that | seems so complex that I dare not touch it (I looked in something called | Regedit and it was full of very technical looking gobblydegook, though I did | eventually manage to find the bits it was talking about). | | There was something said about uninstalling a search assist program, but | when I try to do that it says it cannot. | | I tried using something called AdAware which someone suggested and it never | found it, nor did one called Spybot S&D, and I did a virus scan of my whole | machine with McAfee and it didn't find it either, but it is still there | because McAfee still keeps deleting this file from TEMP and the home page | still keeps changing. | | I keep seeing references to a file called SP.html, but I can't find one of | those anywhere on my PC. | | The main thing this seems to be doing is to muck about with my Internet | Explorer home page, but I am worried that if I cannot get rid of it I might | send it to other people with my E-Mails. | | Can anyone give me some advice please - advice in very simple terms that I | might be able to understand please. | | | |
#6
|
|||
|
|||
The user could cross-post with one or more of these groups as well as our
group. The 98 general newsgroup certainly has a lot of smart people here. : "David H. Lipman" wrote in message ... : There are anti virus News Groups specifically for this type of discussion. : : microsoft.public.scripting.virus.discussion : microsoft.public.security.virus : alt.comp.virus : alt.comp.anti-virus : : There is no doubt that "StartPage-DU.dll" is indeed a Trojan -- : http://vil.nai.com/vil/content/v_127653.htm : : 1) Download the following two items... : : Trend Sysclean Package : http://www.trendmicro.com/download/dcs.asp : : Latest Trend signature files. : http://www.trendmicro.com/download/pattern.asp : : Create a directory. : On drive "C:\" : (e.g., "c:\New Folder") : or the desktop : (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder") : : Download SYSCLEAN.COM and place it in that directory. : Download the signature files (pattern files) by obtaining the ZIP file. : For example; lpt400.zip : : Extract the contents of the ZIP file and place the contents in the same directory as : SYSCLEAN.COM. : : 2) Reboot your PC into Safe Mode and shutdown as many applications as possible : 3) Using the Trend Sysclean utility, perform a Full Scan of your platform and : clean/delete any infectors found : 4) Restart your PC and perform a "final" Full Scan of your platform : : : : * * * Please report back your results * * * : : -- : Dave : : : : : "Henry" wrote in message ... : | I am not a computer technical person, but I am trying to get rid of a Trojan : | virus thing which has appeared on my PC, which is an HP Pavilion, new in : | 2000, 650MHz Athlon processor, using Windows 98SE and IE6. : | : | It is called "StartPage-DU.dll" and keeps causing my antivirus software : | (Regularly autoupdated McAfee) to report that it has removed a file called : | SP.dll from my Windows Temp folder. It seems to be triggered by running : | Internet Explorer. : | : | I have looked in the McAfee and Sophos web sites for advice and although : | they tell me what it does, I can see no advice that I can understand to help : | me locate the file in my PC which is actually causing the problem. : | : | They talk about changes which the thing makes to the Registry, but that : | seems so complex that I dare not touch it (I looked in something called : | Regedit and it was full of very technical looking gobblydegook, though I did : | eventually manage to find the bits it was talking about). : | : | There was something said about uninstalling a search assist program, but : | when I try to do that it says it cannot. : | : | I tried using something called AdAware which someone suggested and it never : | found it, nor did one called Spybot S&D, and I did a virus scan of my whole : | machine with McAfee and it didn't find it either, but it is still there : | because McAfee still keeps deleting this file from TEMP and the home page : | still keeps changing. : | : | I keep seeing references to a file called SP.html, but I can't find one of : | those anywhere on my PC. : | : | The main thing this seems to be doing is to muck about with my Internet : | Explorer home page, but I am worried that if I cannot get rid of it I might : | send it to other people with my E-Mails. : | : | Can anyone give me some advice please - advice in very simple terms that I : | might be able to understand please. : | : | : | : : |
#7
|
|||
|
|||
Since it was posted here and not in an Anti Virus newsgroup there is peripheral information
being offered and the OP, Henry, has become confused. The chances would have been reduced if posted in the following News Groups since the query was about the Trojan "StartPage-DU.dll". microsoft.public.scripting.virus.discussion microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus Much advice given, much mis-information. -- Dave "Dan" wrote in message ... | The user could cross-post with one or more of these groups as well as our | group. The 98 general newsgroup certainly has a lot of smart people here. | : |
#8
|
|||
|
|||
You are right David, that would be the best thing for the original poster to
do in the future but the original poster could include our 98 general newsgroup too in that list. "Much advice given, much mis-information" I agree with your thought too. "David H. Lipman" wrote in message ... : Since it was posted here and not in an Anti Virus newsgroup there is peripheral information : being offered and the OP, Henry, has become confused. The chances would have been reduced : if posted in the following News Groups since the query was about the Trojan : "StartPage-DU.dll". : : microsoft.public.scripting.virus.discussion : microsoft.public.security.virus : alt.comp.virus : alt.comp.anti-virus : : Much advice given, much mis-information. : : : -- : Dave : : : : : "Dan" wrote in message ... : | The user could cross-post with one or more of these groups as well as our : | group. The 98 general newsgroup certainly has a lot of smart people here. : | : : : |
#9
|
|||
|
|||
"Henry" wrote in message ... I am not a computer technical person, but I am trying to get rid of a Trojan virus thing which has appeared on my PC, which is an HP Pavilion, new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6. It is called "StartPage-DU.dll" and keeps causing my antivirus software (Regularly autoupdated McAfee) to report that it has removed a file called SP.dll from my Windows Temp folder. It seems to be triggered by running Internet Explorer. I have looked in the McAfee and Sophos web sites for advice and although they tell me what it does, I can see no advice that I can understand to help me locate the file in my PC which is actually causing the problem. They talk about changes which the thing makes to the Registry, but that seems so complex that I dare not touch it (I looked in something called Regedit and it was full of very technical looking gobblydegook, though I did eventually manage to find the bits it was talking about). There was something said about uninstalling a search assist program, but when I try to do that it says it cannot. I tried using something called AdAware which someone suggested and it never found it, nor did one called Spybot S&D, and I did a virus scan of my whole machine with McAfee and it didn't find it either, but it is still there because McAfee still keeps deleting this file from TEMP and the home page still keeps changing. I keep seeing references to a file called SP.html, but I can't find one of those anywhere on my PC. The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Can anyone give me some advice please - advice in very simple terms that I might be able to understand please. Run REGEDIT Double-click your way to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main by clicking on each of the keys in turn until you get to Main ======================== In the right-hand panel, if you find this key "HOMEOldSP" = "about:blank" Right-click on it and Delete it ======================== In the right-hand panel, if you find this key "Search Bar" = "sp.html" Right-click on it and Modify it to http://www.google.com/ or http://search.msn.com/ or any other search engine of your choice and click OK ======================== In the right-hand panel, if you find this key "Use Search Asst" = "no" Right-click on it and Delete it ======================== Now double-click your way to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\ In the right-hand panel, if you find this key RunMRU "e" = "hhk.dll" ================================ Search the Registry for any other references to HHK.DLL or SP.HTML and get rid of them also Close REGEDIT Search your computer, making sure that you search My Computer, and not just one folder If you find either of those files, get rid of them Reboot All of the above is based on settings in my own Registry, plus the info from the McAfee site |
#10
|
|||
|
|||
Hugh has the answers for us again. How come you are not an MVP yet, Hugh?
You certainly are smart enough to be one in my opinion. "Hugh Candlin" wrote in message ... : : "Henry" wrote in message ... : I am not a computer technical person, but I am trying to get rid of a : Trojan : virus thing which has appeared on my PC, which is an HP Pavilion, new in : 2000, 650MHz Athlon processor, using Windows 98SE and IE6. : : It is called "StartPage-DU.dll" and keeps causing my antivirus software : (Regularly autoupdated McAfee) to report that it has removed a file called : SP.dll from my Windows Temp folder. It seems to be triggered by running : Internet Explorer. : : I have looked in the McAfee and Sophos web sites for advice and although : they tell me what it does, I can see no advice that I can understand to : help : me locate the file in my PC which is actually causing the problem. : : They talk about changes which the thing makes to the Registry, but that : seems so complex that I dare not touch it (I looked in something called : Regedit and it was full of very technical looking gobblydegook, though I : did : eventually manage to find the bits it was talking about). : : There was something said about uninstalling a search assist program, but : when I try to do that it says it cannot. : : I tried using something called AdAware which someone suggested and it : never : found it, nor did one called Spybot S&D, and I did a virus scan of my : whole : machine with McAfee and it didn't find it either, but it is still there : because McAfee still keeps deleting this file from TEMP and the home page : still keeps changing. : : I keep seeing references to a file called SP.html, but I can't find one of : those anywhere on my PC. : : The main thing this seems to be doing is to muck about with my Internet : Explorer home page, but I am worried that if I cannot get rid of it I : might : send it to other people with my E-Mails. : : Can anyone give me some advice please - advice in very simple terms that I : might be able to understand please. : : Run REGEDIT : : Double-click your way to : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main : by clicking on each of the keys in turn until you get to Main : ======================== : In the right-hand panel, if you find this key : : "HOMEOldSP" = "about:blank" : : Right-click on it and Delete it : ======================== : In the right-hand panel, if you find this key : : "Search Bar" = "sp.html" : : Right-click on it and Modify it to : http://www.google.com/ or : http://search.msn.com/ : or any other search engine of your choice : and click OK : ======================== : In the right-hand panel, if you find this key : : "Use Search Asst" = "no" : : Right-click on it and Delete it : ======================== : Now double-click your way to : : HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\ : : In the right-hand panel, if you find this key : : RunMRU "e" = "hhk.dll" : ================================ : : Search the Registry for any other references to HHK.DLL : or SP.HTML and get rid of them also : : Close REGEDIT : : Search your computer, making sure that you search : My Computer, and not just one folder : : If you find either of those files, get rid of them : : Reboot : : All of the above is based on settings in my own Registry, : plus the info from the McAfee site : : |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
cat & mouse & trojan horse | rooster | General | 22 | December 18th 04 08:41 AM |
Got a trojan and need help | Sweetpea | General | 9 | September 4th 04 09:06 PM |
HELP ! Virus, Trojan or what ???? | Steve | General | 0 | August 18th 04 08:53 PM |
Trojan | General | 2 | August 7th 04 12:35 PM | |
Trojan Horse Viruses | Wendy | General | 33 | July 12th 04 08:15 PM |