?
Solved

Trojan detected and deleted but keeps reappearing

Posted on 2004-08-12
13
Medium Priority
?
686 Views
Last Modified: 2010-04-11
Hi Everyone:

       I have a crissis with my computer today.  Basically, when I started it up, I got a message from McAfee Anti-Virus indicating the following:  A Trojan has been detected & cleaned!  The file c:\Docume~1\George~1\Locals~1\Temp\sp.html was infected by the StartPage-DU!htm trojan and has been deleted to complete the clean process.  Despite of the message from McAfee indicating this file has been deleted, it keeps popping up when any action is taken on the pc, such as double clicking a folder on the desktop.  

       Since this message, I have been experiencing strange problems like sudden window popups indicating to check for spyware which is from a site I have never heard of to begin with.  Additionally, Nero 6.0 identifies my DVD burner within the list of recorders, but, it looks for the cd burner drive to perform recording operations.  I believe these two situations somehow tie into the Trojan problem being experienced.  

        Any help on resolving this crissis and getting my system stable again will be greatly appreciated.

        Thank you

        George
0
Comment
Question by:GMartin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
13 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 400 total points
ID: 11788992
Hello GMartin =)

First let's have a look at ur system :)
so Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 2

Accepted Solution

by:
scorpi073 earned 1400 total points
ID: 11789247
get spyware removal tools.
heres enough to make your head spin...but they are pretty much necessary on online computers nowadays...

1. adaware
their web page to read about it: http://www.lavasoft.de/

they don't host the file to download, so get adaware at download.com or majorgeeks.com/download506.html

2. spybot search and destroy 1.3
http://www.safer-networking.org/en/download/index.html
or http://www.majorgeeks.com/download2471.html

it's a good idea to update nad run both of these on a routine basis to keep your sys clean.

3. Do a search for spywareblaster and
4. spywareguard

5. and if you wish to spend money on purchasing a pest software, look up Pest Patrol

What it comes down to, companies that primarily use Pest Patrol, adaware, spybot search and destroy, spywareblaster, and spywareguard...their clients PC's are kept pretty safe from malware & spyware crap out there.
0
 
LVL 2

Assisted Solution

by:scorpi073
scorpi073 earned 1400 total points
ID: 11789261
To further add some insight...especially if you have multiple user accounts on the PC, first, make sure you have administrative priveledges to begin with, and also, make sure the personal folders aren't keeping each user out of one anothers files...check this by trying to open there files from my computer...if it lets you see the my documents then you don't have it restricted and this means any scan tool you use can detect things in all users folders.

If unrestricting the personal folders isn't a option, you must logon under each user who is restricted and run your scan tools.
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 5

Assisted Solution

by:Hypoviax
Hypoviax earned 200 total points
ID: 11789995
I would update your antivirus software do another scan then down load spybot search and destroy from:

www.safer-networking.org

The fact that you are clicking on a folder and the thing pops up indicates modification of the folder.htt file where the section 'persistmoniker' is pointing the trogan or whatever. Despite this you should be able to remove the trogan using spybot and your own antivirus software.

Regards

Hypoviax
0
 

Author Comment

by:GMartin
ID: 11790188
Hi There:

        I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.  In any case, I will go ahead and run all the anti-spyware mentioned and post the results accordingly.  

       Thanks again everybody.

       George
0
 

Author Comment

by:GMartin
ID: 11790351
Hi Everyone:

        I have run the anti-spyware utilities recommended.  Unfortunately, whenever I try to open McAfee Anti-Virus, I get an Internet Script Error.  The McAfee Anti-Virus stays updated daily becuase I am paying AOL for the extra service of McAffee scans.

       Any thoughts on how I might can get rid of the Internet Script Error will be appreciated.  Just as a sidenote, I am using the browswer integrated into AOL.

       Thank you.

       George
0
 

Author Comment

by:GMartin
ID: 11790382
Hi Everyone:

         On the good side of things, the DVD burner is working fine now.  Just thought I would let everyone know.  The technical problem was really not a problem after all with the burner.  I apologize for the personal oversight on this portion of this post.

         I look forward to hearing more from everyone.

        George
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 11790419
Do you find that your initial problem of the trojan has gone?
0
 
LVL 5

Expert Comment

by:ravisimpi
ID: 11790895
You are having 'TROJ_STRTPAGE.SP' trojan in your system.

Information

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
VName=TROJ_STRTPAGE.SP&VSect=T

scolution

www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STRTPAGE.SP 
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11792363
>> I have run HiJack This and saved the log.  Due to the lengthy nature of this file, I realize need to somehow post it as a file attachment.

no George,, u have to copy all the contents of that LOG file and just paste it here...... dont worry abt the length my friend :)
0
 
LVL 3

Expert Comment

by:drewtarvin
ID: 11795587
If you have Win XP, make sure you are doing all of your spyware and virii scans with System Restore turned off (Right-click My Computer-> Properties->System Restore) and in safe mode (hit f8 as the computer is restarting).  Otherwise an removal might just be added on the next you restart the computer.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 11798999
~~~~~~~lots of nice spooky music~~~~~~~~~

Come over to the dark side:)


~~~~~~~even more spooky music~~~~~~~~~

I'm sure that these guys can help you get rid of this pesky little thing, But I'm going to suggest a few methods to help avoid them in the future. This particular type of nasty normally takes advantage of 'features' in Internet Explorer.

Therefore STOP using it!

Try Firefox (or indeed some other browser opera etc)

www.mozilla.org

The big plus on this is the ability to automatically stop popups in an extremely small package. The (Ctrl - T )
keystroke to open up a new tab window makes for a vastly superior browsing experience in my experience as well as not being vulnerable to many of these nasties!

Other advice - Do not download 'free' softare unless you know why it's free! Normally spy/adware it their method of funding and getting income from the software.

HTH:)
0
 

Author Comment

by:GMartin
ID: 11803141
Hi Everyone:

        This problem is now solved.  Basically, I ran several different anti-spyware utilities such as Ad-Aware 6.0, SpyBot, CoolWeb Shredder, and HiJack This for the Trojan problem.  Within each of these programs, I chose to delete the problem files it found.  Secondly, I went to Keyword McAfee within AOL and reinstalled the McAfee Anti-Virus software and ran it.  Once I found more infected files using McAfee, I deleted those as well.  

         After all of this clean up, I restarted the pc and everything is fine again.

         Thanks again everyone for the help.

         George
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question