Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

trojan.startpage

Status
Not open for further replies.
goolawah

goolawah

Technical User
Jan 6, 2005
94
AU
Just sharing my experience as it may help others -

I recently copped trojan.startpage. Any time I launched IE from the toolbar the start page was "hijacked". If I opened it from my Google desktop shortcut NortonIS detected and deleted the file "sp.dll". The same thing happened when various different applications ran on my system (Windows2000).

I tried to follow the Norton Security Response instructions but none of the files, hosts, or registry entries were findable on my system.

It was more of a nuisance than a serious threat so I downloaded FireFox which seems excellent, and is unaffected by the trojan.

The Norton "detected and deleted" message continued to display in some other applications, but I then noticed that it was referring to a different file "clmf.dll". I tried the norton secrity reponse again but no better.

In the end I just searched the registry and found references to both files in -

Current User|Software|Microsoft|Internet Explorer|Explorer bars|{C4E<###>A1}|FilesNamedMRU

I deleted the values for sp.dll and clmf.dll and nothing has been hijacked since (all fingers and toes crossed), even if I open IE from the toolbar.
[pc]
Hope this helps someone out there...
 
2 other suggestions for you:

1) Run the hijackthis program and see if you have any lines like this:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

AND/OR any O2 or O18 lines which refer to the other dll file you removed.

If so, all those lines could be fixed.

2) cleaning out the temp folders, both in c:\temp and under the various user names would also be good, they sometimes get used as a dumping ground for bad stuff.



-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Status
Not open for further replies.

Similar threads

che8a
  • Locked
  • Question
Help with Trojan.StartPage virus 2
Replies
3
Views
60
che8a
che8a

Part and Inventory Search

Sponsor

Back
Top