Avast found the trojan: Win32:Startpage-006 [Trj] in my computer. Yet it cannot repair it, not in windows and neither in the boot virus scan. If I move or deleted the infected files, other will appear.
This trojan is damaging the internet explorer, basically making the work with this browser impossible. It constantly goes to some anonymous search page instead of the requested page.
I have tried many adware removal programs, most of them find this trojan, and even repair it, but then it returns.
I also searched this forum for help, and found several topics, but none helped.
If this trojan occured to anyone, or you know how to repair it, please reply.
Well, I’ll assemble this information. Here is the HijackThis log:
The trojan redirects me to: "http://nkvd.us/1525/ ", and indeed I see such entries in the log. However removing them probably won’t help, I guess this is what Adaware did, but then it returned.
Logfile of HijackThis v1.98.2
Scan saved at 2:45:02 AM, on 8/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
reboot to safeMode (F8-Boot) and kill ONLY the RED entries with hijackthis…
(maybe cidial.exe, too ?).
fix yellow items only if you’re absolutely sure you don’t need them, or if onlinescanners KAV or RAV confirmed them as nasty…
where applicable, go to config → misc Tools and check for & kill the respective BAD processes first with hijackthis’s built-in processmanager
reboot normally and update ad-aware and SPYBOT S&D
reboot to safeMode again
-run updated ad-aware and SPYBOT S&D and fix with them, reboot normally and come back with a new HJT-log…
SysRESTORE should probably be disabled, yes… Forgot about this nice XP-feature
P.S.: imho if the detected Startpage-006 would be in sysRESTORE, then avast shield should alert to this, but maybe some other stuff in the HJT-Log is recreating this…
I’m quite sure RAMAN had posted quite good instructions to clean startpage-006, but I’m too lazy too search (it’s late… )
If all else fails, use CLRAV, SPHJFIX and/or ESCAN
if during the cleanup process,
you encounter any malicious files that UPDATED avast doesn’t detect, please send them to virus (at) avast.com
(password-encrypted)
Whocares: Your response to Eugene on 14 Aug about the Restore feature in XP had me intrigued. Would it be your recommendation to turn this feature off, and leave it off? You can send a private e-mail if yu like, since this thread is rather old.
well …
-when cleaning active malware from your PC, it MUST be switched OFF prior to Cleaning…; when the PC is Cleaned & secured, you can switch it on again…
if you secure your System reasonably well so that you don’t attract malware, then sysrestore imho is a good feature for easy restore, if you/a software/ EL Niño bungled something up in your machine…
But there are way better ways to backup/restore your system, e.g. an IMAGE and/or ERUNT