A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Trojan thing



 
 
Thread Tools Display Modes
  #1  
Old February 10th 05, 10:50 AM
Henry
external usenet poster
 
Posts: n/a
Default Trojan thing

I am not a computer technical person, but I am trying to get rid of a Trojan
virus thing which has appeared on my PC, which is an HP Pavilion, new in
2000, 650MHz Athlon processor, using Windows 98SE and IE6.

It is called "StartPage-DU.dll" and keeps causing my antivirus software
(Regularly autoupdated McAfee) to report that it has removed a file called
SP.dll from my Windows Temp folder. It seems to be triggered by running
Internet Explorer.

I have looked in the McAfee and Sophos web sites for advice and although
they tell me what it does, I can see no advice that I can understand to help
me locate the file in my PC which is actually causing the problem.

They talk about changes which the thing makes to the Registry, but that
seems so complex that I dare not touch it (I looked in something called
Regedit and it was full of very technical looking gobblydegook, though I did
eventually manage to find the bits it was talking about).

There was something said about uninstalling a search assist program, but
when I try to do that it says it cannot.

I tried using something called AdAware which someone suggested and it never
found it, nor did one called Spybot S&D, and I did a virus scan of my whole
machine with McAfee and it didn't find it either, but it is still there
because McAfee still keeps deleting this file from TEMP and the home page
still keeps changing.

I keep seeing references to a file called SP.html, but I can't find one of
those anywhere on my PC.

The main thing this seems to be doing is to muck about with my Internet
Explorer home page, but I am worried that if I cannot get rid of it I might
send it to other people with my E-Mails.

Can anyone give me some advice please - advice in very simple terms that I
might be able to understand please.



  #2  
Old February 10th 05, 12:56 PM
Mikhail Zhilin
external usenet poster
 
Posts: n/a
Default

Most likely that is not a Trojan, but an adware/spyware program.

So first of all I would run an anti-adware program like Lavasoft
AdAware, www.lavasoftusa.com (don't forget to download the latest
Definition File -- or allow AdAware to download it itself, after its
installation).

See also:
http://www.trojaner-info.de/anleitun...out_blank.html
(it seems that is your specific case), and
http://www.mvps.org/inetexplorer/Darnit.htm
--
Mikhail Zhilin
http://www.aha.ru/~mwz
Sorry, no technical support by e-mail.
Please reply to the newsgroups only.
======
On Thu, 10 Feb 2005 09:50:25 -0000, "Henry" wrote:

I am not a computer technical person, but I am trying to get rid of a Trojan
virus thing which has appeared on my PC, which is an HP Pavilion, new in
2000, 650MHz Athlon processor, using Windows 98SE and IE6.

It is called "StartPage-DU.dll" and keeps causing my antivirus software
(Regularly autoupdated McAfee) to report that it has removed a file called
SP.dll from my Windows Temp folder. It seems to be triggered by running
Internet Explorer.

I have looked in the McAfee and Sophos web sites for advice and although
they tell me what it does, I can see no advice that I can understand to help
me locate the file in my PC which is actually causing the problem.

They talk about changes which the thing makes to the Registry, but that
seems so complex that I dare not touch it (I looked in something called
Regedit and it was full of very technical looking gobblydegook, though I did
eventually manage to find the bits it was talking about).

There was something said about uninstalling a search assist program, but
when I try to do that it says it cannot.

I tried using something called AdAware which someone suggested and it never
found it, nor did one called Spybot S&D, and I did a virus scan of my whole
machine with McAfee and it didn't find it either, but it is still there
because McAfee still keeps deleting this file from TEMP and the home page
still keeps changing.

I keep seeing references to a file called SP.html, but I can't find one of
those anywhere on my PC.

The main thing this seems to be doing is to muck about with my Internet
Explorer home page, but I am worried that if I cannot get rid of it I might
send it to other people with my E-Mails.

Can anyone give me some advice please - advice in very simple terms that I
might be able to understand please.



  #3  
Old February 10th 05, 01:02 PM
Mikhail Zhilin
external usenet poster
 
Posts: n/a
Default

On Thu, 10 Feb 2005 14:56:38 +0300, Mikhail Zhilin
wrote:

..
See also:
http://www.trojaner-info.de/anleitun...out_blank.html
(it seems that is your specific case), and

..

Sorry, this page is in German... But probably that will help
nevertheless: the Registry keys and file names are common.
--
Mikhail Zhilin
http://www.aha.ru/~mwz
Sorry, no technical support by e-mail.
Please reply to the newsgroups only.
======
  #4  
Old February 10th 05, 03:48 PM
Mikhail Zhilin
external usenet poster
 
Posts: n/a
Default

See then if McAfee specific page, with the Removal Instructions, will
help:

http://vil.nai.com/vil/content/v_126244.htm

And see the third message in
http://help.lockergnome.com/index.ph...T&f=48&t=30178

quote
....
This program then placed two dll files. One called sp.dll into my
c:\documentsandsettings\local settings\temp directory and a dmgn.dll
into my c:windows\system32 directory.
....
All back to normal.
/quote

In Win98 they will be in \windows\temp folder -- instead of c:\documents
and settings\local settings\temp, and probably in c:\windows\system
instead of c:\windows\system32 folder. With this correction, the recipe
should work and in WIn98, too.
--
Mikhail Zhilin
http://www.aha.ru/~mwz
Sorry, no technical support by e-mail.
Please reply to the newsgroups only.
======

On Thu, 10 Feb 2005 12:37:01 -0000, "Henry" wrote:

"Mikhail Zhilin" wrote


..
See also:
http://www.trojaner-info.de/anleitun...out_blank.html
(it seems that is your specific case), and

..

Sorry, this page is in German... But probably that will help
nevertheless: the Registry keys and file names are common.


-----------------------------------

Thank you for your response.

You suggested using AdAware, but as I said in the OP, I have already done so
and it failed to find the problem, let alone cure it.

The German page, however, seems to confirm that AdAware is no help with this
one:

Babelfish translation:

"Numerous users of the InterNet Explorers of Microsoft strike themselves for
some weeks with a particularly aggressive Browser Hijacker around, which is
to be removed only very with difficulty. All usual Tools as for example the
CWShredder, Spybot search & Destroy, SpywareBlaster and Ad-aware is at
present not able to remove this Browser Hijacker. Also with most concerning
meanwhile sufficiently the well-known ' fix ' with HijackThis brings no
durable release. If it looks first in such a way, as if the problem is
solved, then the inadvertent entfuehrung of the starting side is suddenly
again there at the latest after 24 hours."

Also it speaks about SP.html which I cannot find, only SP.dll which keeps
appearing in my c:\windows\temp.

By the way, it was McAfee which described StartPage-DU.dll as a Trojan, not
me. I would not know a Trojan if I saw one. I have not a clue what the
difference is between these various things - they all just viruses to me. I
just want to get rid of the perishing thing but don't know how.



  #5  
Old February 10th 05, 04:20 PM
Henry
external usenet poster
 
Posts: n/a
Default

"Mikhail Zhilin" wrote in message
...
See then if McAfee specific page, with the Removal Instructions, will
help:

http://vil.nai.com/vil/content/v_126244.htm

And see the third message in
http://help.lockergnome.com/index.ph...T&f=48&t=30178

quote
...
This program then placed two dll files. One called sp.dll into my
c:\documentsandsettings\local settings\temp directory and a dmgn.dll
into my c:windows\system32 directory.
...
All back to normal.
/quote

In Win98 they will be in \windows\temp folder -- instead of c:\documents
and settings\local settings\temp, and probably in c:\windows\system
instead of c:\windows\system32 folder. With this correction, the recipe
should work and in WIn98, too.
--


Thank you Mikhail.

I will look at the things mentioned in "lockergnome".

I had already looked at the McAfee page you mentioned, but could not
understand the instruction, though McAfee could not detect the problem
except when it removes SP.dll from Windows\temp.


  #6  
Old February 10th 05, 05:05 PM
Satellite Man
external usenet poster
 
Posts: n/a
Default

You might want to try this site: http://www.doxdesk.com/ . When you get
there be prepared to do some reading. Go to the parasites tab and let the
detection script run. Post back your results.

HTH,
DTV
"Henry" wrote in message
...
"Mikhail Zhilin" wrote in message
...
See then if McAfee specific page, with the Removal Instructions, will
help:

http://vil.nai.com/vil/content/v_126244.htm

And see the third message in
http://help.lockergnome.com/index.ph...T&f=48&t=30178

quote
...
This program then placed two dll files. One called sp.dll into my
c:\documentsandsettings\local settings\temp directory and a dmgn.dll
into my c:windows\system32 directory.
...
All back to normal.
/quote

In Win98 they will be in \windows\temp folder -- instead of c:\documents
and settings\local settings\temp, and probably in c:\windows\system
instead of c:\windows\system32 folder. With this correction, the recipe
should work and in WIn98, too.
--


Thank you Mikhail.

I will look at the things mentioned in "lockergnome".

I had already looked at the McAfee page you mentioned, but could not
understand the instruction, though McAfee could not detect the problem
except when it removes SP.dll from Windows\temp.



  #7  
Old February 10th 05, 06:22 PM
David H. Lipman
external usenet poster
 
Posts: n/a
Default

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

There is no doubt that "StartPage-DU.dll" is indeed a Trojan --
http://vil.nai.com/vil/content/v_127653.htm

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt400.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Reboot your PC into Safe Mode and shutdown as many applications as possible
3) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
4) Restart your PC and perform a "final" Full Scan of your platform



* * * Please report back your results * * *

--
Dave




"Henry" wrote in message ...
| I am not a computer technical person, but I am trying to get rid of a Trojan
| virus thing which has appeared on my PC, which is an HP Pavilion, new in
| 2000, 650MHz Athlon processor, using Windows 98SE and IE6.
|
| It is called "StartPage-DU.dll" and keeps causing my antivirus software
| (Regularly autoupdated McAfee) to report that it has removed a file called
| SP.dll from my Windows Temp folder. It seems to be triggered by running
| Internet Explorer.
|
| I have looked in the McAfee and Sophos web sites for advice and although
| they tell me what it does, I can see no advice that I can understand to help
| me locate the file in my PC which is actually causing the problem.
|
| They talk about changes which the thing makes to the Registry, but that
| seems so complex that I dare not touch it (I looked in something called
| Regedit and it was full of very technical looking gobblydegook, though I did
| eventually manage to find the bits it was talking about).
|
| There was something said about uninstalling a search assist program, but
| when I try to do that it says it cannot.
|
| I tried using something called AdAware which someone suggested and it never
| found it, nor did one called Spybot S&D, and I did a virus scan of my whole
| machine with McAfee and it didn't find it either, but it is still there
| because McAfee still keeps deleting this file from TEMP and the home page
| still keeps changing.
|
| I keep seeing references to a file called SP.html, but I can't find one of
| those anywhere on my PC.
|
| The main thing this seems to be doing is to muck about with my Internet
| Explorer home page, but I am worried that if I cannot get rid of it I might
| send it to other people with my E-Mails.
|
| Can anyone give me some advice please - advice in very simple terms that I
| might be able to understand please.
|
|
|


  #8  
Old February 10th 05, 07:00 PM
Hugh Candlin
external usenet poster
 
Posts: n/a
Default


"Henry" wrote in message ...
I am not a computer technical person, but I am trying to get rid of a

Trojan
virus thing which has appeared on my PC, which is an HP Pavilion, new in
2000, 650MHz Athlon processor, using Windows 98SE and IE6.

It is called "StartPage-DU.dll" and keeps causing my antivirus software
(Regularly autoupdated McAfee) to report that it has removed a file called
SP.dll from my Windows Temp folder. It seems to be triggered by running
Internet Explorer.

I have looked in the McAfee and Sophos web sites for advice and although
they tell me what it does, I can see no advice that I can understand to

help
me locate the file in my PC which is actually causing the problem.

They talk about changes which the thing makes to the Registry, but that
seems so complex that I dare not touch it (I looked in something called
Regedit and it was full of very technical looking gobblydegook, though I

did
eventually manage to find the bits it was talking about).

There was something said about uninstalling a search assist program, but
when I try to do that it says it cannot.

I tried using something called AdAware which someone suggested and it

never
found it, nor did one called Spybot S&D, and I did a virus scan of my

whole
machine with McAfee and it didn't find it either, but it is still there
because McAfee still keeps deleting this file from TEMP and the home page
still keeps changing.

I keep seeing references to a file called SP.html, but I can't find one of
those anywhere on my PC.

The main thing this seems to be doing is to muck about with my Internet
Explorer home page, but I am worried that if I cannot get rid of it I

might
send it to other people with my E-Mails.

Can anyone give me some advice please - advice in very simple terms that I
might be able to understand please.


Run REGEDIT

Double-click your way to
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
by clicking on each of the keys in turn until you get to Main
========================
In the right-hand panel, if you find this key

"HOMEOldSP" = "about:blank"

Right-click on it and Delete it
========================
In the right-hand panel, if you find this key

"Search Bar" = "sp.html"

Right-click on it and Modify it to
http://www.google.com/ or
http://search.msn.com/
or any other search engine of your choice
and click OK
========================
In the right-hand panel, if you find this key

"Use Search Asst" = "no"

Right-click on it and Delete it
========================
Now double-click your way to

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\

In the right-hand panel, if you find this key

RunMRU "e" = "hhk.dll"
================================

Search the Registry for any other references to HHK.DLL
or SP.HTML and get rid of them also

Close REGEDIT

Search your computer, making sure that you search
My Computer, and not just one folder

If you find either of those files, get rid of them

Reboot

All of the above is based on settings in my own Registry,
plus the info from the McAfee site


  #9  
Old February 10th 05, 07:08 PM
Dan
external usenet poster
 
Posts: n/a
Default

You may want to consider downloading and using Mozilla Firefox in the future
for a safer but of course not completely safe browsing experience.

"Henry" wrote in message ...
: I am not a computer technical person, but I am trying to get rid of a
Trojan
: virus thing which has appeared on my PC, which is an HP Pavilion, new in
: 2000, 650MHz Athlon processor, using Windows 98SE and IE6.
:
: It is called "StartPage-DU.dll" and keeps causing my antivirus software
: (Regularly autoupdated McAfee) to report that it has removed a file called
: SP.dll from my Windows Temp folder. It seems to be triggered by running
: Internet Explorer.
:
: I have looked in the McAfee and Sophos web sites for advice and although
: they tell me what it does, I can see no advice that I can understand to
help
: me locate the file in my PC which is actually causing the problem.
:
: They talk about changes which the thing makes to the Registry, but that
: seems so complex that I dare not touch it (I looked in something called
: Regedit and it was full of very technical looking gobblydegook, though I
did
: eventually manage to find the bits it was talking about).
:
: There was something said about uninstalling a search assist program, but
: when I try to do that it says it cannot.
:
: I tried using something called AdAware which someone suggested and it never
: found it, nor did one called Spybot S&D, and I did a virus scan of my whole
: machine with McAfee and it didn't find it either, but it is still there
: because McAfee still keeps deleting this file from TEMP and the home page
: still keeps changing.
:
: I keep seeing references to a file called SP.html, but I can't find one of
: those anywhere on my PC.
:
: The main thing this seems to be doing is to muck about with my Internet
: Explorer home page, but I am worried that if I cannot get rid of it I might
: send it to other people with my E-Mails.
:
: Can anyone give me some advice please - advice in very simple terms that I
: might be able to understand please.
:
:
:


  #10  
Old February 10th 05, 07:09 PM
Dan
external usenet poster
 
Posts: n/a
Default

The Germans certainly know a lot about computers. I think one of Sasser worm
creators was a German but I am unsure.

"Mikhail Zhilin" wrote in message
...
: On Thu, 10 Feb 2005 14:56:38 +0300, Mikhail Zhilin
: wrote:
:
: ..
: See also:
: http://www.trojaner-info.de/anleitun...out_blank.html
: (it seems that is your specific case), and
: ..
:
: Sorry, this page is in German... But probably that will help
: nevertheless: the Registry keys and file names are common.
: --
: Mikhail Zhilin
: http://www.aha.ru/~mwz
: Sorry, no technical support by e-mail.
: Please reply to the newsgroups only.
: ======


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
cat & mouse & trojan horse rooster General 22 December 18th 04 09:41 AM
Got a trojan and need help Sweetpea General 9 September 4th 04 09:06 PM
HELP ! Virus, Trojan or what ???? Steve General 0 August 18th 04 08:53 PM
Trojan General 2 August 7th 04 12:35 PM
Trojan Horse Viruses Wendy General 33 July 12th 04 08:15 PM


All times are GMT +1. The time now is 02:34 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.