Solved

Trojan detected and deleted but keeps reappearing

Posted on 2004-08-12
13
682 Views
Last Modified: 2010-04-11
Hi Everyone:

       I have a crissis with my computer today.  Basically, when I started it up, I got a message from McAfee Anti-Virus indicating the following:  A Trojan has been detected & cleaned!  The file c:\Docume~1\George~1\Locals~1\Temp\sp.html was infected by the StartPage-DU!htm trojan and has been deleted to complete the clean process.  Despite of the message from McAfee indicating this file has been deleted, it keeps popping up when any action is taken on the pc, such as double clicking a folder on the desktop.  

       Since this message, I have been experiencing strange problems like sudden window popups indicating to check for spyware which is from a site I have never heard of to begin with.  Additionally, Nero 6.0 identifies my DVD burner within the list of recorders, but, it looks for the cd burner drive to perform recording operations.  I believe these two situations somehow tie into the Trojan problem being experienced.  

        Any help on resolving this crissis and getting my system stable again will be greatly appreciated.

        Thank you

        George
0
Comment
Question by:GMartin
  • 4
  • 2
  • 2
  • +4
13 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 100 total points
ID: 11788992
Hello GMartin =)

First let's have a look at ur system :)
so Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 2

Accepted Solution

by:
scorpi073 earned 350 total points
ID: 11789247
get spyware removal tools.
heres enough to make your head spin...but they are pretty much necessary on online computers nowadays...

1. adaware
their web page to read about it: http://www.lavasoft.de/

they don't host the file to download, so get adaware at download.com or majorgeeks.com/download506.html

2. spybot search and destroy 1.3
http://www.safer-networking.org/en/download/index.html
or http://www.majorgeeks.com/download2471.html

it's a good idea to update nad run both of these on a routine basis to keep your sys clean.

3. Do a search for spywareblaster and
4. spywareguard

5. and if you wish to spend money on purchasing a pest software, look up Pest Patrol

What it comes down to, companies that primarily use Pest Patrol, adaware, spybot search and destroy, spywareblaster, and spywareguard...their clients PC's are kept pretty safe from malware & spyware crap out there.
0
 
LVL 2

Assisted Solution

by:scorpi073
scorpi073 earned 350 total points
ID: 11789261
To further add some insight...especially if you have multiple user accounts on the PC, first, make sure you have administrative priveledges to begin with, and also, make sure the personal folders aren't keeping each user out of one anothers files...check this by trying to open there files from my computer...if it lets you see the my documents then you don't have it restricted and this means any scan tool you use can detect things in all users folders.

If unrestricting the personal folders isn't a option, you must logon under each user who is restricted and run your scan tools.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 5

Assisted Solution

by:Hypoviax
Hypoviax earned 50 total points
ID: 11789995
I would update your antivirus software do another scan then down load spybot search and destroy from:

www.safer-networking.org

The fact that you are clicking on a folder and the thing pops up indicates modification of the folder.htt file where the section 'persistmoniker' is pointing the trogan or whatever. Despite this you should be able to remove the trogan using spybot and your own antivirus software.

Regards

Hypoviax
0
 

Author Comment

by:GMartin
ID: 11790188
Hi There:

        I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.  In any case, I will go ahead and run all the anti-spyware mentioned and post the results accordingly.  

       Thanks again everybody.

       George
0
 

Author Comment

by:GMartin
ID: 11790351
Hi Everyone:

        I have run the anti-spyware utilities recommended.  Unfortunately, whenever I try to open McAfee Anti-Virus, I get an Internet Script Error.  The McAfee Anti-Virus stays updated daily becuase I am paying AOL for the extra service of McAffee scans.

       Any thoughts on how I might can get rid of the Internet Script Error will be appreciated.  Just as a sidenote, I am using the browswer integrated into AOL.

       Thank you.

       George
0
 

Author Comment

by:GMartin
ID: 11790382
Hi Everyone:

         On the good side of things, the DVD burner is working fine now.  Just thought I would let everyone know.  The technical problem was really not a problem after all with the burner.  I apologize for the personal oversight on this portion of this post.

         I look forward to hearing more from everyone.

        George
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 11790419
Do you find that your initial problem of the trojan has gone?
0
 
LVL 5

Expert Comment

by:ravisimpi
ID: 11790895
You are having 'TROJ_STRTPAGE.SP' trojan in your system.

Information

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
VName=TROJ_STRTPAGE.SP&VSect=T

scolution

www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STRTPAGE.SP 
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11792363
>> I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.

no George,, u have to copy all the contents of that LOG file and just paste it here...... dont worry abt the length my friend :)
0
 
LVL 3

Expert Comment

by:drewtarvin
ID: 11795587
If you have Win XP, make sure you are doing all of your spyware and virii scans with System Restore turned off (Right-click My Computer-> Properties->System Restore) and in safe mode (hit f8 as the computer is restarting).  Otherwise an removal might just be added on the next you restart the computer.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 11798999
~~~~~~~lots of nice spooky music~~~~~~~~~

Come over to the dark side:)


~~~~~~~even more spooky music~~~~~~~~~

I'm sure that these guys can help you get rid of this pesky little thing, But I'm going to suggest a few methods to help avoid them in the future. This particular type of nasty normally takes advantage of 'features' in Internet Explorer.

Therefore STOP using it!

Try Firefox (or indeed some other browser opera etc)

www.mozilla.org

The big plus on this is the ability to automatically stop popups in an extremely small package. The (Ctrl - T )
keystroke to open up a new tab window makes for a vastly superior browsing experience in my experience as well as not being vulnerable to many of these nasties!

Other advice - Do not download 'free' softare unless you know why it's free! Normally spy/adware it their method of funding and getting income from the software.

HTH:)
0
 

Author Comment

by:GMartin
ID: 11803141
Hi Everyone:

        This problem is now solved.  Basically, I ran several different anti-spyware utilities such as Ad-Aware 6.0, SpyBot, CoolWeb Shredder, and HiJack This for the Trojan problem.  Within each of these programs, I chose to delete the problem files it found.  Secondly, I went to Keyword McAfee within AOL and reinstalled the McAfee Anti-Virus software and ran it.  Once I found more infected files using McAfee, I deleted those as well.  

         After all of this clean up, I restarted the pc and everything is fine again.

         Thanks again everyone for the help.

         George
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

827 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question