Trojan thing

Spysweeper by Webroot for $29.95 will fix this problem and it will alert you
to system changes. I am so glad that I bought it and it is well worth the
money for anymore in this day and age of vulnerability.

"Henry" wrote in message ...
: "Mikhail Zhilin" wrote
:
:
: ..
: See also:
: http://www.trojaner-info.de/anleitun...out_blank.html
: (it seems that is your specific case), and
: ..
:
: Sorry, this page is in German... But probably that will help
: nevertheless: the Registry keys and file names are common.
:
: -----------------------------------
:
: Thank you for your response.
:
: You suggested using AdAware, but as I said in the OP, I have already done
so
: and it failed to find the problem, let alone cure it.
:
: The German page, however, seems to confirm that AdAware is no help with
this
: one:
:
: Babelfish translation:
:
: "Numerous users of the InterNet Explorers of Microsoft strike themselves
for
: some weeks with a particularly aggressive Browser Hijacker around, which is
: to be removed only very with difficulty. All usual Tools as for example the
: CWShredder, Spybot search & Destroy, SpywareBlaster and Ad-aware is at
: present not able to remove this Browser Hijacker. Also with most concerning
: meanwhile sufficiently the well-known ' fix ' with HijackThis brings no
: durable release. If it looks first in such a way, as if the problem is
: solved, then the inadvertent entfuehrung of the starting side is suddenly
: again there at the latest after 24 hours."
:
: Also it speaks about SP.html which I cannot find, only SP.dll which keeps
: appearing in my c:\windows\temp.
:
: By the way, it was McAfee which described StartPage-DU.dll as a Trojan, not
: me. I would not know a Trojan if I saw one. I have not a clue what the
: difference is between these various things - they all just viruses to me. I
: just want to get rid of the perishing thing but don't know how.
:
:
:

The user could cross-post with one or more of these groups as well as our
group. The 98 general newsgroup certainly has a lot of smart people here.
:

"David H. Lipman" wrote in message
...
: There are anti virus News Groups specifically for this type of discussion.
:
: microsoft.public.scripting.virus.discussion
: microsoft.public.security.virus
: alt.comp.virus
: alt.comp.anti-virus
:
: There is no doubt that "StartPage-DU.dll" is indeed a Trojan --
: http://vil.nai.com/vil/content/v_127653.htm
:
: 1) Download the following two items...
:
: Trend Sysclean Package
: http://www.trendmicro.com/download/dcs.asp
:
: Latest Trend signature files.
: http://www.trendmicro.com/download/pattern.asp
:
: Create a directory.
: On drive "C:\"
: (e.g., "c:\New Folder")
: or the desktop
: (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
:
: Download SYSCLEAN.COM and place it in that directory.
: Download the signature files (pattern files) by obtaining the ZIP file.
: For example; lpt400.zip
:
: Extract the contents of the ZIP file and place the contents in the same
directory as
: SYSCLEAN.COM.
:
: 2) Reboot your PC into Safe Mode and shutdown as many applications as
possible
: 3) Using the Trend Sysclean utility, perform a Full Scan of your
platform and
: clean/delete any infectors found
: 4) Restart your PC and perform a "final" Full Scan of your platform
:
:
:
: * * * Please report back your results * * *
:
: --
: Dave
:
:
:
:
: "Henry" wrote in message
...
: | I am not a computer technical person, but I am trying to get rid of a
Trojan
: | virus thing which has appeared on my PC, which is an HP Pavilion, new in
: | 2000, 650MHz Athlon processor, using Windows 98SE and IE6.
: |
: | It is called "StartPage-DU.dll" and keeps causing my antivirus software
: | (Regularly autoupdated McAfee) to report that it has removed a file
called
: | SP.dll from my Windows Temp folder. It seems to be triggered by running
: | Internet Explorer.
: |
: | I have looked in the McAfee and Sophos web sites for advice and although
: | they tell me what it does, I can see no advice that I can understand to
help
: | me locate the file in my PC which is actually causing the problem.
: |
: | They talk about changes which the thing makes to the Registry, but that
: | seems so complex that I dare not touch it (I looked in something called
: | Regedit and it was full of very technical looking gobblydegook, though I
did
: | eventually manage to find the bits it was talking about).
: |
: | There was something said about uninstalling a search assist program, but
: | when I try to do that it says it cannot.
: |
: | I tried using something called AdAware which someone suggested and it
never
: | found it, nor did one called Spybot S&D, and I did a virus scan of my
whole
: | machine with McAfee and it didn't find it either, but it is still there
: | because McAfee still keeps deleting this file from TEMP and the home page
: | still keeps changing.
: |
: | I keep seeing references to a file called SP.html, but I can't find one
of
: | those anywhere on my PC.
: |
: | The main thing this seems to be doing is to muck about with my Internet
: | Explorer home page, but I am worried that if I cannot get rid of it I
might
: | send it to other people with my E-Mails.
: |
: | Can anyone give me some advice please - advice in very simple terms that
I
: | might be able to understand please.
: |
: |
: |
:
:

Hugh has the answers for us again. How come you are not an MVP yet, Hugh?
You certainly are smart enough to be one in my opinion.

"Hugh Candlin" wrote in message
...
:
: "Henry" wrote in message
...
: I am not a computer technical person, but I am trying to get rid of a
: Trojan
: virus thing which has appeared on my PC, which is an HP Pavilion, new in
: 2000, 650MHz Athlon processor, using Windows 98SE and IE6.
:
: It is called "StartPage-DU.dll" and keeps causing my antivirus software
: (Regularly autoupdated McAfee) to report that it has removed a file
called
: SP.dll from my Windows Temp folder. It seems to be triggered by running
: Internet Explorer.
:
: I have looked in the McAfee and Sophos web sites for advice and although
: they tell me what it does, I can see no advice that I can understand to
: help
: me locate the file in my PC which is actually causing the problem.
:
: They talk about changes which the thing makes to the Registry, but that
: seems so complex that I dare not touch it (I looked in something called
: Regedit and it was full of very technical looking gobblydegook, though I
: did
: eventually manage to find the bits it was talking about).
:
: There was something said about uninstalling a search assist program, but
: when I try to do that it says it cannot.
:
: I tried using something called AdAware which someone suggested and it
: never
: found it, nor did one called Spybot S&D, and I did a virus scan of my
: whole
: machine with McAfee and it didn't find it either, but it is still there
: because McAfee still keeps deleting this file from TEMP and the home page
: still keeps changing.
:
: I keep seeing references to a file called SP.html, but I can't find one
of
: those anywhere on my PC.
:
: The main thing this seems to be doing is to muck about with my Internet
: Explorer home page, but I am worried that if I cannot get rid of it I
: might
: send it to other people with my E-Mails.
:
: Can anyone give me some advice please - advice in very simple terms that
I
: might be able to understand please.
:
: Run REGEDIT
:
: Double-click your way to
: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
: by clicking on each of the keys in turn until you get to Main
: ========================
: In the right-hand panel, if you find this key
:
: "HOMEOldSP" = "about:blank"
:
: Right-click on it and Delete it
: ========================
: In the right-hand panel, if you find this key
:
: "Search Bar" = "sp.html"
:
: Right-click on it and Modify it to
: http://www.google.com/ or
: http://search.msn.com/
: or any other search engine of your choice
: and click OK
: ========================
: In the right-hand panel, if you find this key
:
: "Use Search Asst" = "no"
:
: Right-click on it and Delete it
: ========================
: Now double-click your way to
:
: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\
:
: In the right-hand panel, if you find this key
:
: RunMRU "e" = "hhk.dll"
: ================================
:
: Search the Registry for any other references to HHK.DLL
: or SP.HTML and get rid of them also
:
: Close REGEDIT
:
: Search your computer, making sure that you search
: My Computer, and not just one folder
:
: If you find either of those files, get rid of them
:
: Reboot
:
: All of the above is based on settings in my own Registry,
: plus the info from the McAfee site
:
:

Henry, run CWShredder v2.13 then seek updates for Ad-aware SE and scan with
it (fix all found).

Next, scan with VirusScan per http://aumha.org/forum/viewtopic.php?t=5878.

If the hijacker is still present, scan with HijackThis (don't fix anything)
and post your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here, for
analysis and further instructions.

You will find links to download CWShredder and HijackThis at
http://aumha.org/a/parasite.htm.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security


Henry wrote:
I am not a computer technical person, but I am trying to get rid of a
Trojan virus thing which has appeared on my PC, which is an HP Pavilion,
new in 2000, 650MHz Athlon processor, using Windows 98SE and IE6.

It is called "StartPage-DU.dll" and keeps causing my antivirus software
(Regularly autoupdated McAfee) to report that it has removed a file called
SP.dll from my Windows Temp folder. It seems to be triggered by running
Internet Explorer.

I have looked in the McAfee and Sophos web sites for advice and although
they tell me what it does, I can see no advice that I can understand to
help me locate the file in my PC which is actually causing the problem.

They talk about changes which the thing makes to the Registry, but that
seems so complex that I dare not touch it (I looked in something called
Regedit and it was full of very technical looking gobblydegook, though I
did eventually manage to find the bits it was talking about).

There was something said about uninstalling a search assist program, but
when I try to do that it says it cannot.

I tried using something called AdAware which someone suggested and it
never found it, nor did one called Spybot S&D, and I did a virus scan of
my whole machine with McAfee and it didn't find it either, but it is
still there because McAfee still keeps deleting this file from TEMP and
the home page still keeps changing.

I keep seeing references to a file called SP.html, but I can't find one of
those anywhere on my PC.

The main thing this seems to be doing is to muck about with my Internet
Explorer home page, but I am worried that if I cannot get rid of it I
might send it to other people with my E-Mails.

Can anyone give me some advice please - advice in very simple terms that I
might be able to understand please.

The main thing this seems to be doing is to muck about with my Internet
Explorer home page, but I am worried that if I cannot get rid of it I
might
send it to other people with my E-Mails.


Hello Henry,
My first port of call would be to change Browser From IE to Mozilla Firefox
or similar.
I have found that virus's are generally attacking Microsoft as opposed to a
user, and hence using a Microsoft product makes you vulnerable, Especially
IE.

regards Jane

jane wrote:
Hello Henry,
My first port of call would be to change Browser From IE to Mozilla Firefox
or similar.
I have found that virus's are generally attacking Microsoft as opposed to a
user, and hence using a Microsoft product makes you vulnerable, Especially
IE.

regards Jane

As much as I like Firefox, the truth is the malware writers are
targeting the users as much as they are targeting MS.(ActiveX garbage
duly noted as an MS thing though.)

While I would also encourage Henry to try Firefox, a poorly maintained
and defended system coupled with a user who just hasn't been told all
the things he/she needs to know will get equally bad results with
Firefox, Opera, IE, and the others.

So, removing the malware and learning how to prevent future problems
would be the first steps, followed by downloading and installing
Firefox. http://www.mozilla.org/products/firefox/

MM

There is no such thing as a totally secure browser, Jane.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

jane wrote:
The main thing this seems to be doing is to muck about with my Internet
Explorer home page, but I am worried that if I cannot get rid of it I
might send it to other people with my E-Mails.


Hello Henry,
My first port of call would be to change Browser From IE to Mozilla
Firefox or similar.
I have found that virus's are generally attacking Microsoft as opposed to
a user, and hence using a Microsoft product makes you vulnerable,
Especially IE.

regards Jane

Yepper !

http://secunia.com/multiple_browsers_idn_spoofing_test/

--
Dave



"PA Bear" wrote in message
...
| There is no such thing as a totally secure browser, Jane.
| --
| ~Robear Dyer (PA Bear)
| MS MVP-Windows (Shell, IE/OE) & Security
|
| jane wrote:
| The main thing this seems to be doing is to muck about with my Internet
| Explorer home page, but I am worried that if I cannot get rid of it I
| might send it to other people with my E-Mails.
|
|
| Hello Henry,
| My first port of call would be to change Browser From IE to Mozilla
| Firefox or similar.
| I have found that virus's are generally attacking Microsoft as opposed to
| a user, and hence using a Microsoft product makes you vulnerable,
| Especially IE.
|
| regards Jane

Hey, I tested my IE at that page and got a 404 (or similar.) What gives?
{;)

--
Gary S. Terhune
MS MVP Shell/User

"David H. Lipman" wrote in message
...
Yepper !

http://secunia.com/multiple_browsers_idn_spoofing_test/

--
Dave



"PA Bear" wrote in message
...
| There is no such thing as a totally secure browser, Jane.
| --
| ~Robear Dyer (PA Bear)
| MS MVP-Windows (Shell, IE/OE) & Security
|
| jane wrote:
| The main thing this seems to be doing is to muck about with my
Internet
| Explorer home page, but I am worried that if I cannot get rid of
it I
| might send it to other people with my E-Mails.
|
|
| Hello Henry,
| My first port of call would be to change Browser From IE to
Mozilla
| Firefox or similar.
| I have found that virus's are generally attacking Microsoft as
opposed to
| a user, and hence using a Microsoft product makes you vulnerable,
| Especially IE.
|
| regards Jane

David H. Lipman wrote:
Yepper !

http://secunia.com/multiple_browsers_idn_spoofing_test/


Yawn.
Fixes already in place.

Place a # in front of 2 lines in the compreg.dat file.

Or use the AdBlock extension.

Problem solved.

MM