If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Spysweeper by Webroot for $29.95 will fix this problem and it will alert you
to system changes. I am so glad that I bought it and it is well worth the money for anymore in this day and age of vulnerability. "Henry" wrote in message ... : "Mikhail Zhilin" wrote : : : .. : See also: : http://www.trojaner-info.de/anleitun...out_blank.html : (it seems that is your specific case), and : .. : : Sorry, this page is in German... But probably that will help : nevertheless: the Registry keys and file names are common. : : ----------------------------------- : : Thank you for your response. : : You suggested using AdAware, but as I said in the OP, I have already done so : and it failed to find the problem, let alone cure it. : : The German page, however, seems to confirm that AdAware is no help with this : one: : : Babelfish translation: : : "Numerous users of the InterNet Explorers of Microsoft strike themselves for : some weeks with a particularly aggressive Browser Hijacker around, which is : to be removed only very with difficulty. All usual Tools as for example the : CWShredder, Spybot search & Destroy, SpywareBlaster and Ad-aware is at : present not able to remove this Browser Hijacker. Also with most concerning : meanwhile sufficiently the well-known ' fix ' with HijackThis brings no : durable release. If it looks first in such a way, as if the problem is : solved, then the inadvertent entfuehrung of the starting side is suddenly : again there at the latest after 24 hours." : : Also it speaks about SP.html which I cannot find, only SP.dll which keeps : appearing in my c:\windows\temp. : : By the way, it was McAfee which described StartPage-DU.dll as a Trojan, not : me. I would not know a Trojan if I saw one. I have not a clue what the : difference is between these various things - they all just viruses to me. I : just want to get rid of the perishing thing but don't know how. : : : |
#12
|
|||
|
|||
The user could cross-post with one or more of these groups as well as our
group. The 98 general newsgroup certainly has a lot of smart people here. : "David H. Lipman" wrote in message ... : There are anti virus News Groups specifically for this type of discussion. : : microsoft.public.scripting.virus.discussion : microsoft.public.security.virus : alt.comp.virus : alt.comp.anti-virus : : There is no doubt that "StartPage-DU.dll" is indeed a Trojan -- : http://vil.nai.com/vil/content/v_127653.htm : : 1) Download the following two items... : : Trend Sysclean Package : http://www.trendmicro.com/download/dcs.asp : : Latest Trend signature files. : http://www.trendmicro.com/download/pattern.asp : : Create a directory. : On drive "C:\" : (e.g., "c:\New Folder") : or the desktop : (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder") : : Download SYSCLEAN.COM and place it in that directory. : Download the signature files (pattern files) by obtaining the ZIP file. : For example; lpt400.zip : : Extract the contents of the ZIP file and place the contents in the same directory as : SYSCLEAN.COM. : : 2) Reboot your PC into Safe Mode and shutdown as many applications as possible : 3) Using the Trend Sysclean utility, perform a Full Scan of your platform and : clean/delete any infectors found : 4) Restart your PC and perform a "final" Full Scan of your platform : : : : * * * Please report back your results * * * : : -- : Dave : : : : : "Henry" wrote in message ... : | I am not a computer technical person, but I am trying to get rid of a Trojan : | virus thing which has appeared on my PC, which is an HP Pavilion, new in : | 2000, 650MHz Athlon processor, using Windows 98SE and IE6. : | : | It is called "StartPage-DU.dll" and keeps causing my antivirus software : | (Regularly autoupdated McAfee) to report that it has removed a file called : | SP.dll from my Windows Temp folder. It seems to be triggered by running : | Internet Explorer. : | : | I have looked in the McAfee and Sophos web sites for advice and although : | they tell me what it does, I can see no advice that I can understand to help : | me locate the file in my PC which is actually causing the problem. : | : | They talk about changes which the thing makes to the Registry, but that : | seems so complex that I dare not touch it (I looked in something called : | Regedit and it was full of very technical looking gobblydegook, though I did : | eventually manage to find the bits it was talking about). : | : | There was something said about uninstalling a search assist program, but : | when I try to do that it says it cannot. : | : | I tried using something called AdAware which someone suggested and it never : | found it, nor did one called Spybot S&D, and I did a virus scan of my whole : | machine with McAfee and it didn't find it either, but it is still there : | because McAfee still keeps deleting this file from TEMP and the home page : | still keeps changing. : | : | I keep seeing references to a file called SP.html, but I can't find one of : | those anywhere on my PC. : | : | The main thing this seems to be doing is to muck about with my Internet : | Explorer home page, but I am worried that if I cannot get rid of it I might : | send it to other people with my E-Mails. : | : | Can anyone give me some advice please - advice in very simple terms that I : | might be able to understand please. : | : | : | : : |
#13
|
|||
|
|||
Hugh has the answers for us again. How come you are not an MVP yet, Hugh?
You certainly are smart enough to be one in my opinion. "Hugh Candlin" wrote in message ... : : "Henry" wrote in message ... : I am not a computer technical person, but I am trying to get rid of a : Trojan : virus thing which has appeared on my PC, which is an HP Pavilion, new in : 2000, 650MHz Athlon processor, using Windows 98SE and IE6. : : It is called "StartPage-DU.dll" and keeps causing my antivirus software : (Regularly autoupdated McAfee) to report that it has removed a file called : SP.dll from my Windows Temp folder. It seems to be triggered by running : Internet Explorer. : : I have looked in the McAfee and Sophos web sites for advice and although : they tell me what it does, I can see no advice that I can understand to : help : me locate the file in my PC which is actually causing the problem. : : They talk about changes which the thing makes to the Registry, but that : seems so complex that I dare not touch it (I looked in something called : Regedit and it was full of very technical looking gobblydegook, though I : did : eventually manage to find the bits it was talking about). : : There was something said about uninstalling a search assist program, but : when I try to do that it says it cannot. : : I tried using something called AdAware which someone suggested and it : never : found it, nor did one called Spybot S&D, and I did a virus scan of my : whole : machine with McAfee and it didn't find it either, but it is still there : because McAfee still keeps deleting this file from TEMP and the home page : still keeps changing. : : I keep seeing references to a file called SP.html, but I can't find one of : those anywhere on my PC. : : The main thing this seems to be doing is to muck about with my Internet : Explorer home page, but I am worried that if I cannot get rid of it I : might : send it to other people with my E-Mails. : : Can anyone give me some advice please - advice in very simple terms that I : might be able to understand please. : : Run REGEDIT : : Double-click your way to : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main : by clicking on each of the keys in turn until you get to Main : ======================== : In the right-hand panel, if you find this key : : "HOMEOldSP" = "about:blank" : : Right-click on it and Delete it : ======================== : In the right-hand panel, if you find this key : : "Search Bar" = "sp.html" : : Right-click on it and Modify it to : http://www.google.com/ or : http://search.msn.com/ : or any other search engine of your choice : and click OK : ======================== : In the right-hand panel, if you find this key : : "Use Search Asst" = "no" : : Right-click on it and Delete it : ======================== : Now double-click your way to : : HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\ : : In the right-hand panel, if you find this key : : RunMRU "e" = "hhk.dll" : ================================ : : Search the Registry for any other references to HHK.DLL : or SP.HTML and get rid of them also : : Close REGEDIT : : Search your computer, making sure that you search : My Computer, and not just one folder : : If you find either of those files, get rid of them : : Reboot : : All of the above is based on settings in my own Registry, : plus the info from the McAfee site : : |
#14
|
|||
|
|||
Henry, run CWShredder v2.13 then seek updates for Ad-aware SE and scan with
it (fix all found). Next, scan with VirusScan per http://aumha.org/forum/viewtopic.php?t=5878. If the hijacker is still present, scan with HijackThis (don't fix anything) and post your log to http://forums.spywareinfo.com/, http://castlecops.com/forum67.html or http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here, for analysis and further instructions. You will find links to download CWShredder and HijackThis at http://aumha.org/a/parasite.htm. -- ~Robear Dyer (PA Bear) MS MVP-Windows (Shell, IE/OE) & Security Henry wrote: I am not a computer technical person, but I am trying to get rid of a Trojan virus thing which has appeared on my PC, which is an HP Pavilion, new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6. It is called "StartPage-DU.dll" and keeps causing my antivirus software (Regularly autoupdated McAfee) to report that it has removed a file called SP.dll from my Windows Temp folder. It seems to be triggered by running Internet Explorer. I have looked in the McAfee and Sophos web sites for advice and although they tell me what it does, I can see no advice that I can understand to help me locate the file in my PC which is actually causing the problem. They talk about changes which the thing makes to the Registry, but that seems so complex that I dare not touch it (I looked in something called Regedit and it was full of very technical looking gobblydegook, though I did eventually manage to find the bits it was talking about). There was something said about uninstalling a search assist program, but when I try to do that it says it cannot. I tried using something called AdAware which someone suggested and it never found it, nor did one called Spybot S&D, and I did a virus scan of my whole machine with McAfee and it didn't find it either, but it is still there because McAfee still keeps deleting this file from TEMP and the home page still keeps changing. I keep seeing references to a file called SP.html, but I can't find one of those anywhere on my PC. The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Can anyone give me some advice please - advice in very simple terms that I might be able to understand please. |
#15
|
|||
|
|||
The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Hello Henry, My first port of call would be to change Browser From IE to Mozilla Firefox or similar. I have found that virus's are generally attacking Microsoft as opposed to a user, and hence using a Microsoft product makes you vulnerable, Especially IE. regards Jane |
#16
|
|||
|
|||
jane wrote:
Hello Henry, My first port of call would be to change Browser From IE to Mozilla Firefox or similar. I have found that virus's are generally attacking Microsoft as opposed to a user, and hence using a Microsoft product makes you vulnerable, Especially IE. regards Jane As much as I like Firefox, the truth is the malware writers are targeting the users as much as they are targeting MS.(ActiveX garbage duly noted as an MS thing though.) While I would also encourage Henry to try Firefox, a poorly maintained and defended system coupled with a user who just hasn't been told all the things he/she needs to know will get equally bad results with Firefox, Opera, IE, and the others. So, removing the malware and learning how to prevent future problems would be the first steps, followed by downloading and installing Firefox. http://www.mozilla.org/products/firefox/ MM |
#17
|
|||
|
|||
There is no such thing as a totally secure browser, Jane.
-- ~Robear Dyer (PA Bear) MS MVP-Windows (Shell, IE/OE) & Security jane wrote: The main thing this seems to be doing is to muck about with my Internet Explorer home page, but I am worried that if I cannot get rid of it I might send it to other people with my E-Mails. Hello Henry, My first port of call would be to change Browser From IE to Mozilla Firefox or similar. I have found that virus's are generally attacking Microsoft as opposed to a user, and hence using a Microsoft product makes you vulnerable, Especially IE. regards Jane |
#18
|
|||
|
|||
Yepper !
http://secunia.com/multiple_browsers_idn_spoofing_test/ -- Dave "PA Bear" wrote in message ... | There is no such thing as a totally secure browser, Jane. | -- | ~Robear Dyer (PA Bear) | MS MVP-Windows (Shell, IE/OE) & Security | | jane wrote: | The main thing this seems to be doing is to muck about with my Internet | Explorer home page, but I am worried that if I cannot get rid of it I | might send it to other people with my E-Mails. | | | Hello Henry, | My first port of call would be to change Browser From IE to Mozilla | Firefox or similar. | I have found that virus's are generally attacking Microsoft as opposed to | a user, and hence using a Microsoft product makes you vulnerable, | Especially IE. | | regards Jane |
#19
|
|||
|
|||
Hey, I tested my IE at that page and got a 404 (or similar.) What gives?
{;) -- Gary S. Terhune MS MVP Shell/User "David H. Lipman" wrote in message ... Yepper ! http://secunia.com/multiple_browsers_idn_spoofing_test/ -- Dave "PA Bear" wrote in message ... | There is no such thing as a totally secure browser, Jane. | -- | ~Robear Dyer (PA Bear) | MS MVP-Windows (Shell, IE/OE) & Security | | jane wrote: | The main thing this seems to be doing is to muck about with my Internet | Explorer home page, but I am worried that if I cannot get rid of it I | might send it to other people with my E-Mails. | | | Hello Henry, | My first port of call would be to change Browser From IE to Mozilla | Firefox or similar. | I have found that virus's are generally attacking Microsoft as opposed to | a user, and hence using a Microsoft product makes you vulnerable, | Especially IE. | | regards Jane |
#20
|
|||
|
|||
David H. Lipman wrote:
Yepper ! http://secunia.com/multiple_browsers_idn_spoofing_test/ Yawn. Fixes already in place. Place a # in front of 2 lines in the compreg.dat file. Or use the AdBlock extension. Problem solved. MM |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
cat & mouse & trojan horse | rooster | General | 22 | December 18th 04 08:41 AM |
Got a trojan and need help | Sweetpea | General | 9 | September 4th 04 09:06 PM |
HELP ! Virus, Trojan or what ???? | Steve | General | 0 | August 18th 04 08:53 PM |
Trojan | General | 2 | August 7th 04 12:35 PM | |
Trojan Horse Viruses | Wendy | General | 33 | July 12th 04 08:15 PM |