Solved

Trojan detected and deleted but keeps reappearing

Posted on 2004-08-12
13
680 Views
Last Modified: 2010-04-11
Hi Everyone:

       I have a crissis with my computer today.  Basically, when I started it up, I got a message from McAfee Anti-Virus indicating the following:  A Trojan has been detected & cleaned!  The file c:\Docume~1\George~1\Locals~1\Temp\sp.html was infected by the StartPage-DU!htm trojan and has been deleted to complete the clean process.  Despite of the message from McAfee indicating this file has been deleted, it keeps popping up when any action is taken on the pc, such as double clicking a folder on the desktop.  

       Since this message, I have been experiencing strange problems like sudden window popups indicating to check for spyware which is from a site I have never heard of to begin with.  Additionally, Nero 6.0 identifies my DVD burner within the list of recorders, but, it looks for the cd burner drive to perform recording operations.  I believe these two situations somehow tie into the Trojan problem being experienced.  

        Any help on resolving this crissis and getting my system stable again will be greatly appreciated.

        Thank you

        George
0
Comment
Question by:GMartin
  • 4
  • 2
  • 2
  • +4
13 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 100 total points
Comment Utility
Hello GMartin =)

First let's have a look at ur system :)
so Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 2

Accepted Solution

by:
scorpi073 earned 350 total points
Comment Utility
get spyware removal tools.
heres enough to make your head spin...but they are pretty much necessary on online computers nowadays...

1. adaware
their web page to read about it: http://www.lavasoft.de/

they don't host the file to download, so get adaware at download.com or majorgeeks.com/download506.html

2. spybot search and destroy 1.3
http://www.safer-networking.org/en/download/index.html
or http://www.majorgeeks.com/download2471.html

it's a good idea to update nad run both of these on a routine basis to keep your sys clean.

3. Do a search for spywareblaster and
4. spywareguard

5. and if you wish to spend money on purchasing a pest software, look up Pest Patrol

What it comes down to, companies that primarily use Pest Patrol, adaware, spybot search and destroy, spywareblaster, and spywareguard...their clients PC's are kept pretty safe from malware & spyware crap out there.
0
 
LVL 2

Assisted Solution

by:scorpi073
scorpi073 earned 350 total points
Comment Utility
To further add some insight...especially if you have multiple user accounts on the PC, first, make sure you have administrative priveledges to begin with, and also, make sure the personal folders aren't keeping each user out of one anothers files...check this by trying to open there files from my computer...if it lets you see the my documents then you don't have it restricted and this means any scan tool you use can detect things in all users folders.

If unrestricting the personal folders isn't a option, you must logon under each user who is restricted and run your scan tools.
0
 
LVL 5

Assisted Solution

by:Hypoviax
Hypoviax earned 50 total points
Comment Utility
I would update your antivirus software do another scan then down load spybot search and destroy from:

www.safer-networking.org

The fact that you are clicking on a folder and the thing pops up indicates modification of the folder.htt file where the section 'persistmoniker' is pointing the trogan or whatever. Despite this you should be able to remove the trogan using spybot and your own antivirus software.

Regards

Hypoviax
0
 

Author Comment

by:GMartin
Comment Utility
Hi There:

        I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.  In any case, I will go ahead and run all the anti-spyware mentioned and post the results accordingly.  

       Thanks again everybody.

       George
0
 

Author Comment

by:GMartin
Comment Utility
Hi Everyone:

        I have run the anti-spyware utilities recommended.  Unfortunately, whenever I try to open McAfee Anti-Virus, I get an Internet Script Error.  The McAfee Anti-Virus stays updated daily becuase I am paying AOL for the extra service of McAffee scans.

       Any thoughts on how I might can get rid of the Internet Script Error will be appreciated.  Just as a sidenote, I am using the browswer integrated into AOL.

       Thank you.

       George
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:GMartin
Comment Utility
Hi Everyone:

         On the good side of things, the DVD burner is working fine now.  Just thought I would let everyone know.  The technical problem was really not a problem after all with the burner.  I apologize for the personal oversight on this portion of this post.

         I look forward to hearing more from everyone.

        George
0
 
LVL 5

Expert Comment

by:Hypoviax
Comment Utility
Do you find that your initial problem of the trojan has gone?
0
 
LVL 5

Expert Comment

by:ravisimpi
Comment Utility
You are having 'TROJ_STRTPAGE.SP' trojan in your system.

Information

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
VName=TROJ_STRTPAGE.SP&VSect=T

scolution

www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STRTPAGE.SP
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
>> I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.

no George,, u have to copy all the contents of that LOG file and just paste it here...... dont worry abt the length my friend :)
0
 
LVL 3

Expert Comment

by:drewtarvin
Comment Utility
If you have Win XP, make sure you are doing all of your spyware and virii scans with System Restore turned off (Right-click My Computer-> Properties->System Restore) and in safe mode (hit f8 as the computer is restarting).  Otherwise an removal might just be added on the next you restart the computer.
0
 
LVL 22

Expert Comment

by:pjedmond
Comment Utility
~~~~~~~lots of nice spooky music~~~~~~~~~

Come over to the dark side:)


~~~~~~~even more spooky music~~~~~~~~~

I'm sure that these guys can help you get rid of this pesky little thing, But I'm going to suggest a few methods to help avoid them in the future. This particular type of nasty normally takes advantage of 'features' in Internet Explorer.

Therefore STOP using it!

Try Firefox (or indeed some other browser opera etc)

www.mozilla.org

The big plus on this is the ability to automatically stop popups in an extremely small package. The (Ctrl - T )
keystroke to open up a new tab window makes for a vastly superior browsing experience in my experience as well as not being vulnerable to many of these nasties!

Other advice - Do not download 'free' softare unless you know why it's free! Normally spy/adware it their method of funding and getting income from the software.

HTH:)
0
 

Author Comment

by:GMartin
Comment Utility
Hi Everyone:

        This problem is now solved.  Basically, I ran several different anti-spyware utilities such as Ad-Aware 6.0, SpyBot, CoolWeb Shredder, and HiJack This for the Trojan problem.  Within each of these programs, I chose to delete the problem files it found.  Secondly, I went to Keyword McAfee within AOL and reinstalled the McAfee Anti-Virus software and ran it.  Once I found more infected files using McAfee, I deleted those as well.  

         After all of this clean up, I restarted the pc and everything is fine again.

         Thanks again everyone for the help.

         George
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now