Trojan detected and deleted but keeps reappearing

Hi Everyone:

       I have a crissis with my computer today.  Basically, when I started it up, I got a message from McAfee Anti-Virus indicating the following:  A Trojan has been detected & cleaned!  The file c:\Docume~1\George~1\Locals~1\Temp\sp.html was infected by the StartPage-DU!htm trojan and has been deleted to complete the clean process.  Despite of the message from McAfee indicating this file has been deleted, it keeps popping up when any action is taken on the pc, such as double clicking a folder on the desktop.  

       Since this message, I have been experiencing strange problems like sudden window popups indicating to check for spyware which is from a site I have never heard of to begin with.  Additionally, Nero 6.0 identifies my DVD burner within the list of recorders, but, it looks for the cd burner drive to perform recording operations.  I believe these two situations somehow tie into the Trojan problem being experienced.  

        Any help on resolving this crissis and getting my system stable again will be greatly appreciated.

        Thank you

        George
GMartinAsked:
Who is Participating?
 
scorpi073Connect With a Mentor Commented:
get spyware removal tools.
heres enough to make your head spin...but they are pretty much necessary on online computers nowadays...

1. adaware
their web page to read about it: http://www.lavasoft.de/

they don't host the file to download, so get adaware at download.com or majorgeeks.com/download506.html

2. spybot search and destroy 1.3
http://www.safer-networking.org/en/download/index.html
or http://www.majorgeeks.com/download2471.html

it's a good idea to update nad run both of these on a routine basis to keep your sys clean.

3. Do a search for spywareblaster and
4. spywareguard

5. and if you wish to spend money on purchasing a pest software, look up Pest Patrol

What it comes down to, companies that primarily use Pest Patrol, adaware, spybot search and destroy, spywareblaster, and spywareguard...their clients PC's are kept pretty safe from malware & spyware crap out there.
0
 
SheharyaarSaahilConnect With a Mentor Commented:
Hello GMartin =)

First let's have a look at ur system :)
so Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
scorpi073Connect With a Mentor Commented:
To further add some insight...especially if you have multiple user accounts on the PC, first, make sure you have administrative priveledges to begin with, and also, make sure the personal folders aren't keeping each user out of one anothers files...check this by trying to open there files from my computer...if it lets you see the my documents then you don't have it restricted and this means any scan tool you use can detect things in all users folders.

If unrestricting the personal folders isn't a option, you must logon under each user who is restricted and run your scan tools.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
HypoviaxConnect With a Mentor Commented:
I would update your antivirus software do another scan then down load spybot search and destroy from:

www.safer-networking.org

The fact that you are clicking on a folder and the thing pops up indicates modification of the folder.htt file where the section 'persistmoniker' is pointing the trogan or whatever. Despite this you should be able to remove the trogan using spybot and your own antivirus software.

Regards

Hypoviax
0
 
GMartinAuthor Commented:
Hi There:

        I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.  In any case, I will go ahead and run all the anti-spyware mentioned and post the results accordingly.  

       Thanks again everybody.

       George
0
 
GMartinAuthor Commented:
Hi Everyone:

        I have run the anti-spyware utilities recommended.  Unfortunately, whenever I try to open McAfee Anti-Virus, I get an Internet Script Error.  The McAfee Anti-Virus stays updated daily becuase I am paying AOL for the extra service of McAffee scans.

       Any thoughts on how I might can get rid of the Internet Script Error will be appreciated.  Just as a sidenote, I am using the browswer integrated into AOL.

       Thank you.

       George
0
 
GMartinAuthor Commented:
Hi Everyone:

         On the good side of things, the DVD burner is working fine now.  Just thought I would let everyone know.  The technical problem was really not a problem after all with the burner.  I apologize for the personal oversight on this portion of this post.

         I look forward to hearing more from everyone.

        George
0
 
HypoviaxCommented:
Do you find that your initial problem of the trojan has gone?
0
 
ravisimpiCommented:
You are having 'TROJ_STRTPAGE.SP' trojan in your system.

Information

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
VName=TROJ_STRTPAGE.SP&VSect=T

scolution

www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STRTPAGE.SP 
0
 
SheharyaarSaahilCommented:
>> I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.

no George,, u have to copy all the contents of that LOG file and just paste it here...... dont worry abt the length my friend :)
0
 
drewtarvinCommented:
If you have Win XP, make sure you are doing all of your spyware and virii scans with System Restore turned off (Right-click My Computer-> Properties->System Restore) and in safe mode (hit f8 as the computer is restarting).  Otherwise an removal might just be added on the next you restart the computer.
0
 
pjedmondCommented:
~~~~~~~lots of nice spooky music~~~~~~~~~

Come over to the dark side:)


~~~~~~~even more spooky music~~~~~~~~~

I'm sure that these guys can help you get rid of this pesky little thing, But I'm going to suggest a few methods to help avoid them in the future. This particular type of nasty normally takes advantage of 'features' in Internet Explorer.

Therefore STOP using it!

Try Firefox (or indeed some other browser opera etc)

www.mozilla.org

The big plus on this is the ability to automatically stop popups in an extremely small package. The (Ctrl - T )
keystroke to open up a new tab window makes for a vastly superior browsing experience in my experience as well as not being vulnerable to many of these nasties!

Other advice - Do not download 'free' softare unless you know why it's free! Normally spy/adware it their method of funding and getting income from the software.

HTH:)
0
 
GMartinAuthor Commented:
Hi Everyone:

        This problem is now solved.  Basically, I ran several different anti-spyware utilities such as Ad-Aware 6.0, SpyBot, CoolWeb Shredder, and HiJack This for the Trojan problem.  Within each of these programs, I chose to delete the problem files it found.  Secondly, I went to Keyword McAfee within AOL and reinstalled the McAfee Anti-Virus software and ran it.  Once I found more infected files using McAfee, I deleted those as well.  

         After all of this clean up, I restarted the pc and everything is fine again.

         Thanks again everyone for the help.

         George
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.