• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

How serious is the trojan "VBS/StartPage.NAM"?

How serious is the trojan "VBS/StartPage.NAM"?
And what should I do with "[7] Object is probably infected with an unknown virus"?

My Eset Smart Security just finished scanning my HP Compaq nx7300 Windows XP SP3 Pro: internal HDD 250 GB, two external HDD (Freecom Toughdrive no. 1 and Freecom Toughdrive no. 2, each on 250 GB).

Results:

No. of threats found: 2
No. of scanned objects: 7,327,848
Scanning time: 8 hours 50 minutes
[4] Object cannot be opened. It may be in use by another application or operating system
[7] Object is probably infected with an unknown virus

I know that one of the two threats that was found is false alarm.
The second threat is this:

I:\Kingston USB\Install directly after wiping HDD\Security software\ComboFix.exe » RAR » 32788R22FWJFW\Creg.dat - VBS/StartPage.NAM trojan

How serious is this virus? It was not found on my USB, but on a folder on my external HDD Freecom toughdrive no. 1 (the folder was named \Kingston USB\).

And what should I do with "[7] Object is probably infected with an unknown virus"?

To the thing is that my external HDD Freecom toughdrive no. 1 was reported this morning as "Unknown device. No drivers are installed for this device". So I can not open  or access my Freecom toughdrive no. 1 now. I have made another posting about this issue. I has happened for a long time that this Freecom Toughdrive no. 1 is not recognized, and I always disconnect it a few times, and after that it finally finds the external HDD.





 
0
hermesalpha
Asked:
hermesalpha
  • 14
  • 9
1 Solution
 
optomaCommented:
Nod is detecting Combofix as a virus. Dont worry. Disregard that. Majority of Anti Virus programs detect Combofix as a virus due to the contents of Combofix.
If any worrries you can delete it anyway and get a new copy.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
optomaCommented:
What is the path of the first detection?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
hermesalphaAuthor Commented:
The first detection is 100 % no virus, I've got that confirmed earlier. Ok, feels good, no virus then. But still a lot of problem with my Windows: Blue screen, freezing. Maybe just too many new installations.
0
 
hermesalphaAuthor Commented:
Before I close down the results from the scan,

what should I do with "[7] Object is probably infected with an unknown virus"?
and
[4] Object cannot be opened. It may be in use by another application or operating system

Are these dangerous to leave and not do anything about? I use Eset Smart Security. How can I do anything about these? Are they saved somewhere?
0
 
optomaCommented:
Is there no file+pathname beside those?
For:
[4] Object cannot be opened. It may be in use by another application or operating system ->most likely is pagefile.sys which is ok.


You can upload three recent minidump files to be checked here to see why machine is blue screening. c:\windows\minidump is location
 
0
 
hermesalphaAuthor Commented:
Hi

The problem remains, I often get the bluescreen with reboot, and laptop is slow and often freezes.

Here are some recent minidump-files uploaded.
Mini120609-01.dmp
Mini020910-01.dmp
0
 
hermesalphaAuthor Commented:
2 more minidump files
Mini020410-01.dmp
Mini013110-01.dmp
0
 
optomaCommented:
Thanks for those.

Run autoruns.
In Autoruns:
Hit options and check "verify code signatures" and rescan (F5 key)
Don't make any other changes...

Within Autoruns,select the file tab and select save(Ctrl+S) and save as AutoRuns Data (*.arn) -Output file is a few megs in size
Once saved then right click autoruns.arn and rename to autoruns.txt to upload

Autoruns http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
0
 
hermesalphaAuthor Commented:
I tried to run 'Autoruns' in Run..., but got this message:

"Windows cannot find 'Autoruns'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

Do you mean I should type Autoruns in Start/Run...?

 
0
 
optomaCommented:
Autoruns is an app from microsoft(systernals)
You can download it from link above :)
0
 
hermesalphaAuthor Commented:
Optoma, thanks, got it now! I'll be back soon with the report from Autoruns
0
 
hermesalphaAuthor Commented:
Here's the AutoRuns file at last...

Could you please keep this posting open a little longer, so I can get the problem resolved?
I want to see what the response will be on my uploaded AutoRuns file.
AutoRuns.txt
0
 
optomaCommented:
Stll have same startup+freezing issue?

1>Get the latest graphics card driver from HP:
http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?prodNameId=3310302<=en&cc=us&prodTypeId=321957&prodSeriesId=3310301&taskId=135

2>Hit start, run, type Dxdiag and run full test

3>Do you know this program:
c:\program files\premier tools\tbu09048\pltbie.dll

If not upload that dll to virustotal
http://www.virustotal.com/
0
 
hermesalphaAuthor Commented:
I have recently received important suggestions on how to solve the whole problem. Would really appreciate if you could keep the question open a little longer so I can try optoma's advices. Otherwise, I would need to post the same question over again.
0
 
hermesalphaAuthor Commented:
Dxdiag: all tests were successful
0
 
hermesalphaAuthor Commented:
Optoma,

"The page you requested can not be found" (the link to the graphics card, but the link was cut off halfways, and to press the link worked). But I couldn't find any graphics card driver.

c:\program files\premier tools\tbu09048\pltbie.dll
(What is the name of the software?) What .dll should I upload?
0
 
optomaCommented:
What operating system is it running?

.dll is c:\program files\premier tools\tbu09048\pltbie.dll


When machine freezes + reboots, has it been running for a while?

0
 
hermesalphaAuthor Commented:
Yes, it has always been running for a while, never happens in the beginning during bootup.

It's a Windows XP Pro SP3 32-bit
0
 
optomaCommented:
If machine has been running for a while, its possibly overheating.
Is the fan running smoothly on underside of laptop?
Would the laptop be placed on a smooth surface like a desk/table?


Heres the xp pro graphics driver
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=3310301&prodNameId=3310302&swEnvOID=1093&swLang=8&mode=2&taskId=135&swItem=ob-66173-1
0
 
hermesalphaAuthor Commented:
I've never had any problems with overheated machine before (the processor is a Intel Celeron M), and I'm in a cold environment now, and the laptop is placed on a smoóth surface (table). I think the fan is running smoothly, at least I hear nothing from it.

I've recently removed malware with ComboFix, and actually the laptop works fine now, except for two things:

1. Desktop items are all selected and not possible to unselect
2. My external HDD is not recognized any longer in My Computer (right-click Manage), but it is recognized in menu for Safely Remove Hardware. Earlier, I could unplug and plug in again, and the external HDD would get recognized. Now, that does not work either, it's only recognized in Safely Remove Hardware (and that is to no use for me as I can't access the data at all now on my external HDD).

See my related postings about this:

1. Why do I get the blue screen and after reboot the message "The system has recovered from a serious error?" ID: 25060416 (This is resolved, it doesn't happen any longer.)
2. Why has my Desktop changed background colour to white and there is a warning triangle in light-blue colour? ID: 25783936 (This is resolved, it doesn't happen any longer. But there are these two new issues now after running ComboFix with all items on Desktop selected and unrecognized external HDD.)
3. Why is my external HDD recognized on my netbook and not on my laptop? ID: 25802966
(Still unresolved.)

Thanks Optoma, I'll try updating to the latest graphics driver now
0
 
hermesalphaAuthor Commented:
Optoma,

after having installed the latest graphics drivers, I can no longer connect to internet. How can this be related to graphics drivers? After installed graphics drivers and reboot, I got several popup-windows after each other:

"Spybot - Search & Destroy has detected an important registry entry that has been changed.
Category: ...
Change:    Value changed
Entry:       ....
Old data: ....
New data: ....
                   Allow change           Deny change"

I chose Allow change for all, because it should be related to the newly installed graphics drivers, right?

But now, I can't get on internet with IE8
0
 
hermesalphaAuthor Commented:
It works fine now to get on internet.

But the problem with selected items on Desktop remains, and not possible unselect, not even after updated graphics drivers
0
 
optomaCommented:
Posted:)
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 14
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now