Trojan startpage.16.m

  • Thread starter Thread starter Bob C
  • Start date Start date
B

Bob C

A colleague's computer is sitting morosely on my living room floor, infected
(so it seems, according to AVG) with the Trojan startpage.16.m and no matter
how many times AVG finds and heals the offending file - se.dll - the
infection reappears on every reboot. And since this seems to be a variant
of other startpage Trojans, dedicated removal methods don't appear to work
across the board.

There are a number of web forums which are discussing this problem but none
seem to have dealt with it completely on a Windows ME machine, and I'm
rather at a loss as to what I might do short of a reformat, which is an
unpopular option due to important files.

Has anyone seen/come across an effective way of dealing with this little
bugger?

TIA
 
Bob C said:
A colleague's computer is sitting morosely on my living room floor, infected
(so it seems, according to AVG) with the Trojan startpage.16.m and no matter
how many times AVG finds and heals the offending file - se.dll - the
infection reappears on every reboot. And since this seems to be a variant
of other startpage Trojans, dedicated removal methods don't appear to work
across the board. [snip]

I worked for hours two days ago trying to get rid of a hijacker like
that, using all the standard removal tools, and finally had success by
restoring an older version of the registry. If you're using Win9x,
boot into DOS and do scanreg /restore. Choose a backup that pre-dates
the problem, if able. If using XP, can you do a system restore to
prior to the problem occuring?

Larry
 
| A colleague's computer is sitting morosely on my living room floor, infected
| (so it seems, according to AVG) with the Trojan startpage.16.m and no matter
| how many times AVG finds and heals the offending file - se.dll - the
| infection reappears on every reboot. And since this seems to be a variant
| of other startpage Trojans, dedicated removal methods don't appear to work
| across the board.
|
| There are a number of web forums which are discussing this problem but none
| seem to have dealt with it completely on a Windows ME machine, and I'm
| rather at a loss as to what I might do short of a reformat, which is an
| unpopular option due to important files.
|
| Has anyone seen/come across an effective way of dealing with this little
| bugger?
|
| TIA




Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files


1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt454.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *
 
Back
Top