Trojan problems
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Trojan problems
W2000 Pro, SP4: Running ZA (free), Etrust EZ anti-virus and occasional AVG anti-virus too.
Don't know where it came from, but I CANNOT get rid of W32.Startpage.KG. It keeps on putting up an extra search bar, giving me all sorts of 'pop-ups' (at my age! ), highlighting all its associated search links and when I go through the registry and remove its little presents, the darned thing is trapped again 10 minutes later by my AV programme. The 'files' in which the AV says it lies do not appear to exist either??
Would appreciate some help here please.
Don't know where it came from, but I CANNOT get rid of W32.Startpage.KG. It keeps on putting up an extra search bar, giving me all sorts of 'pop-ups' (at my age! ), highlighting all its associated search links and when I go through the registry and remove its little presents, the darned thing is trapped again 10 minutes later by my AV programme. The 'files' in which the AV says it lies do not appear to exist either??
Would appreciate some help here please.
Last edited by BOAC; 12th Dec 2004 at 18:43.
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
BOAC,
Check your Folder Options. Make sure it says to Show Hidden Files and Folders and Show Protected Operating System Files.
Then I would try:
Trend Micro's HouseCall
and
Lavasoft's Ad-Aware SE Personal Edition 1.05
Just to see if they cannot help.
You could also post the HJT! log file for us to take a look at.
Take Care,
Richard
Check your Folder Options. Make sure it says to Show Hidden Files and Folders and Show Protected Operating System Files.
Then I would try:
Trend Micro's HouseCall
and
Lavasoft's Ad-Aware SE Personal Edition 1.05
Just to see if they cannot help.
You could also post the HJT! log file for us to take a look at.
Take Care,
Richard
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Thanks as always, Richard:
1) I always have 'full' viewing of files set
2) Running HCall as I type - I guess if the files have been 'quarantined' they will not be found?
3) Neither Adaware nor Spybot have noticed it!
Etrust quarantined two instances, one 'dsktrf[1].dll' and the other a temp file, 'WIN8F.tmp', both shown as being in 'Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7Z0ECZR9\' but not there '(quarantined'?) and one instance of 'infected' file 'WIN8F.tmp' in 'Documents and Settings\Administrator\Local Settings\Temp\' but also not there!
PS Should have beenn Startpage.KG - I have corrected the previous post.
HJT next! I'll run it and see if I can decode the problems before I pass it up to you/Eliam.
HC - nil found.
Edited to say: a search for 'dsktrf.dll' showed that others were having trouble with this file, and working through this link seems to have cleared it. One thing I did not know was that running Adaware in SAFE mode pulled out loads of problems whereas in normal it found nothing.
1) I always have 'full' viewing of files set
2) Running HCall as I type - I guess if the files have been 'quarantined' they will not be found?
3) Neither Adaware nor Spybot have noticed it!
Etrust quarantined two instances, one 'dsktrf[1].dll' and the other a temp file, 'WIN8F.tmp', both shown as being in 'Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7Z0ECZR9\' but not there '(quarantined'?) and one instance of 'infected' file 'WIN8F.tmp' in 'Documents and Settings\Administrator\Local Settings\Temp\' but also not there!
PS Should have beenn Startpage.KG - I have corrected the previous post.
HJT next! I'll run it and see if I can decode the problems before I pass it up to you/Eliam.
HC - nil found.
Edited to say: a search for 'dsktrf.dll' showed that others were having trouble with this file, and working through this link seems to have cleared it. One thing I did not know was that running Adaware in SAFE mode pulled out loads of problems whereas in normal it found nothing.
Last edited by BOAC; 13th Dec 2004 at 07:34.
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
BOAC,
It sounds like you have things well under control. Now if you are able to work HJT! then we need to add you to the list of people solving the issues on HJT! Logs for others in this forum.
Let us know if the problem comes back.
Take Care,
Richard
It sounds like you have things well under control. Now if you are able to work HJT! then we need to add you to the list of people solving the issues on HJT! Logs for others in this forum.
Let us know if the problem comes back.
Take Care,
Richard
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
then we need to add you to the list of people solving the issues on HJT! Logs for others in this forum
OOI, the 'search' problem was 'Begin2Search' and it did prove persistent. In the middle of 2 days simulator so will run HJT gain soon. So far B2S has stayed away!