I went into my documents and saw something in there called “utility.dll”
It looked suspicious being in my documents so I scanned it in virus total and jotti`s
Kaspersky was the only scanner to find this trojan (results are below)
Antivirus Version Update Result
AntiVir 6.31.1.0 09.02.2005 no virus found
Avast 4.6.695.0 09.02.2005 no virus found
AVG 718 08.31.2005 no virus found
Avira 6.31.1.0 09.02.2005 no virus found
BitDefender 7.0 09.02.2005 no virus found
CAT-QuickHeal 8.00 09.02.2005 no virus found
ClamAV devel-20050725 09.02.2005 no virus found
DrWeb 4.32b 09.02.2005 no virus found
eTrust-Iris 7.1.194.0 09.02.2005 no virus found
eTrust-Vet 11.9.1.0 09.02.2005 no virus found
Fortinet 2.41.0.0 09.02.2005 no virus found
F-Prot 3.16c 09.02.2005 no virus found
Ikarus 0.2.59.0 09.02.2005 no virus found
Kaspersky 4.0.2.24 09.03.2005 Trojan.Win32.StartPage.abj
McAfee 4573 09.02.2005 no virus found
NOD32v2 1.1208 09.02.2005 no virus found
Norman 5.70.10 09.02.2005 no virus found
Panda 8.02.00 09.02.2005 no virus found
Sophos 3.97.0 09.02.2005 no virus found
Symantec 8.0 09.02.2005 no virus found
TheHacker 5.8.2.099 09.02.2005 no virus found
VBA32 3.10.4 09.02.2005 no virus found
jotti`s are below:
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.StartPage.abj
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
I won’t be so sure… this dll is very strange… If I were you, I’ll open Chest and add the file to the user file folder there.
Keep there until further need of it.
Could quite easily be a browser hijack (adware) as the detection indicates StartPage.ab and since avast is an antivirus adware or browser start page hijack may well not be detected as with most of the other AVs.
In fact, it seems a false positive. Anyway, it’s strange a dll located into the my documents folder…
If I can suggest you, besides HiJackThis like Luke said, try ewido 8)
I`ll try scans with RAV and F-secure. In the mean time here is my log
Logfile of HijackThis v1.99.1
Scan saved at 13:18:27, on 03/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
There are a number of items that are either classed as Nasty or Unknown that should be checked and fixed.
R3 - Default URLSearchHook is missing (nasty)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) - Unknown, but I would get rid of it.
Since it is after all in a temp folder I would suggest clearing your temp folders and it should be gone.
You could send it to virus @ avast.com without the spaces as a zipped and password protected (virus would be fine, in the body of the email) with a brief outline on what happened, the link to this thread, etc.
However it does look like it could be a false positive, so there would be little point in sending it to avast unless it was confirmed by more than one source or we could find avast falsely detecting it.
It makes little difference if it is adware, spyware or malware, etc. avast would categorise it acordingly and enter it if required in the VPS file.
interesting I ran the file again against jotti`s and virus total. More scanners are picking it up now-(not just kaspersky)
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing Fortinet Found W32/StartPage.ABJ-tr Kaspersky Anti-Virus Found Trojan.Win32.StartPage.abj
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
This is a report processed by VirusTotal on 09/03/2005 at 23:04:24 (CET) after scanning the file “utility.dll” file.
Antivirus Version Update Result
AntiVir 6.31.1.0 09.02.2005 no virus found
Avast 4.6.695.0 09.02.2005 no virus found
AVG 718 08.31.2005 no virus found
Avira 6.31.1.0 09.02.2005 no virus found
BitDefender 7.0 09.02.2005 no virus found CAT-QuickHeal 8.00 09.03.2005 Trojan.StartPage.abj
ClamAV devel-20050725 09.03.2005 no virus found
DrWeb 4.32b 09.02.2005 no virus found
eTrust-Iris 7.1.194.0 09.02.2005 no virus found
eTrust-Vet 11.9.1.0 09.02.2005 no virus found Fortinet 2.41.0.0 09.03.2005 W32/StartPage.ABJ-tr
F-Prot 3.16c 09.02.2005 no virus found
Ikarus 0.2.59.0 09.02.2005 no virus found Kaspersky 4.0.2.24 09.03.2005 Trojan.Win32.StartPage.abj
McAfee 4573 09.02.2005 no virus found
NOD32v2 1.1208 09.02.2005 no virus found
Norman 5.70.10 09.02.2005 no virus found
Panda 8.02.00 09.03.2005 no virus found
Sophos 3.97.0 09.03.2005 no virus found
Symantec 8.0 09.03.2005 no virus found
TheHacker 5.8.2.099 09.02.2005 no virus found
VBA32 3.10.4 09.02.2005 no virus found
Don`t you think the file should defo be sent to aavast now?