Re: Trojan startpage.16.m
From: Bob C (invalid_at_bogoff.invalid)
Date: 03/02/05
- Next message: webster72n: "Re: McAfee Stinger updated to v2.5.3"
- Previous message: Trent SC: "Re: How do I remove a Trojan.StartPage virus"
- In reply to: Malke: "Re: Trojan startpage.16.m"
- Next in thread: David H. Lipman: "Re: Trojan startpage.16.m"
- Reply: David H. Lipman: "Re: Trojan startpage.16.m"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Mar 2005 00:16:05 -0000
>> A colleague's computer is sitting morosely on my living room floor,
>> infected (so it seems, according to AVG) with the Trojan
>> startpage.16.m and no matter how many times AVG finds and heals the
>> offending file - se.dll - the
>> infection reappears on every reboot. And since this seems to be a
>> variant of other startpage Trojans, dedicated removal methods don't
>> appear to work across the board.
>>
>> There are a number of web forums which are discussing this problem but
>> none seem to have dealt with it completely on a Windows ME machine,
>> and I'm rather at a loss as to what I might do short of a reformat,
>> which is an unpopular option due to important files.
>>
>> Has anyone seen/come across an effective way of dealing with this
>> little bugger?
>>
>> TIA
>
> Sure, just do the following malware removal steps. Make sure all tools
> are updated and you do all scans in Safe Mode. With ME, when you first
> go into Safe Mode you have to close that stupid Help app that starts.
> Also, delete all the Temporary and Temporary Internet Files before you
> start scanning.
>
> 1) Scan in Safe Mode with current version (not earlier than 2004)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the
> Restore Points. With ME, you must disable System Restore completely.
> With XP, you can delete all but the most recent (presumably clean)
> System Restore point from the More Options section of Disk Cleanup
> (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Malke
No joy, unfortunately. And I printed out and followed the instructions in
David H Lipman's advice to cherrys5 and that didn't do the trick either.
Grrr!
- Next message: webster72n: "Re: McAfee Stinger updated to v2.5.3"
- Previous message: Trent SC: "Re: How do I remove a Trojan.StartPage virus"
- In reply to: Malke: "Re: Trojan startpage.16.m"
- Next in thread: David H. Lipman: "Re: Trojan startpage.16.m"
- Reply: David H. Lipman: "Re: Trojan startpage.16.m"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
