• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
terried

Trojan horse TR/StartPage.IG.1

5 posts in this topic

Any help is greatly appreciated

 

Thanks so much

Terrie

 

 

 

 

 

 

 

StartupList report, 7/23/2004, 12:01:22 AM

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Terrie\Desktop\hijack this\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Terrie\Desktop\hijack this\HijackThis.exe

C:\Program Files\Outlook Express\msimn.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

HPHUPD05 = C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

HPHmon05 = C:\WINDOWS\System32\hphmon05.exe

hpppta = C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON

WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe

Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

NeroCheck = C:\WINDOWS\system32\NeroCheck.exe

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

HP Software Update = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

System32 = C:\WINDOWS\system.exe

VVSN = C:\Program Files\VVSN\VVSN.exe

AVGCtrl = C:\Program Files\AVPersonal\AVGNT.EXE /min

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\WINDOWS\1090368255.dll - {89BD84F1-4A6C-445D-9BE8-5B8C4B019855}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

1-Click Maintenance.job

HP DArC Task #Hewlett-Packard#7700#MY388121P8K5.job

HP Usg Daily.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[sysProWmi Class]

InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx

CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB

 

[DD_v4.DDv4]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\DD_v4.ocx

CODEBASE = http://www.drivershq.com/DD_v4.CAB

 

[PCPitstop Utility]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll

CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

 

[update Class]

InProcServer32 = C:\WINDOWS\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...B?38097.2140625

 

[DoomCln Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\DoomCln.dll

CODEBASE = http://www.microsoft.com/security/controls/DoomCln.CAB

 

[Downloader Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\dwnldr.dll

CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[McFreeScan Class]

InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll

CODEBASE = http://download.mcafee.com/molbin/iss-loc/...380/mcfscan.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

System: C:\WINDOWS\system32\system32.dll

 

--------------------------------------------------

End of report, 6,605 bytes

Report generated in 0.625 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

A quick search at Symantec for "startpage.ig.1" or other variants came up with no results. However, looking at your logfile, I noticed "system.exe" which is suspicious and seems to be connected to Net Controller 1.08 Trojan

 

system - system.exe - Process Information

 

Process File: system or system.exe

Process Name: System

Description: Net Controller 1.08 Trojan.

Company: N/A

System Process: No

Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes

Common Errors: N/A

 

Have you used Spybot Search and Destroy AND Ad-Aware in an attempt to remove these suspicious files?

 

If so, what were the results?

Edited by Sasquatch

Share this post


Link to post
Share on other sites

I ran Ad-Aware as well as a few others and nothing came up about that particular file. When I run Ativir it shows a trojan TR/StartPage.IG.1 and it seems to keep replicating itself as soon as I delete it

Share this post


Link to post
Share on other sites

I just posted this for another person, but you may want to give this a try as well.

 

Also, ensure you dump all of your .tmp (temporary files). These hold many, many nasty recurring problems if not dumped.

 

Go to Start-->Find-->Files and Folders and search for *.tmp

 

Make sure you use the asterisk. Let it search and when it finishes, select all the files and hold down the shift key while pressing delete. Once this is done, go into your Control Panel and find your "Internet Options" icon. This opens the controls for Internet Explorer without actually opening the browser. Delete all temporary internet files and offline content. Restart your computer and then see how things go.

 

I would also suggest running a DOS based anti-virus program such as F-PROT for DOS.

 

First thing: Shut off your system restore

http://support.microsoft.com/default.aspx?...%5BLN%5D;310405

 

Second thing: Download F-PROT

ftp://ftp.f-prot.com/pub/f-prot.zip

 

Once you have it downloaded, I simply extract all contents to the root of C:\\

 

Once you have done this, you will need to update F-PROT with the latest detection strings.

ftp://ftp.f-prot.com/pub/fp-def.zip

 

Extract all files to C:\\ and confirm the file overwrites.

 

Once done, find or create a Windows boot (startup) disk. (Windows 95/98 will work fine).

 

Use it and reboot your system. Once at the command prompt, navigate to the root and then run F-PROT by typing f-prot.exe

 

Once the program starts, you will have to set some parameters regarding what you want it to do. Once done, scan your machine and see what, if anything, it finds.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0