Hi

my sister in law's computer running xp pro is infected with trojan.startpage

I have followed symantec's instructions on how to remove it to the letter...but it's still there!

i installed spybot with the tea timer app so as to protect the registry, but this has no effect on it.

i also ran a full virus scan with all new definitions. (norton 2k3 av) but it didnt find it....but as soon as i open internet explorer....up it pops again!!

it's driving me mad lol

anyone have any advice??

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Close all open Internet Explorer windows
Run a full system scan and delete all the files detected as Trojan.StartPage.F.
Delete the value that was added to the registry.
Reset the Internet Explorer home page.
Reset the Internet Explorer search page



5. To delete the value from the registry


Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617?OpenDocument&src=sec_doc_nam)," for instructions.
Click Start > Run.
Type regedit

Then click OK.
Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
In the right pane, delete the values:

"AddClass" = "<Installation_Path>"
"Host" = ""
Navigate to the key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
In the right pane, delete the value:

"Host" = ""
Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects
In the left pane, delete the value:

{834261E1-DD97-4177-853B-C907E5D5BD6E}
Delete the following keys:

HKEY_CLASSES_ROOT\AnalyzeIE.DOMPeek
HKEY_CLASSES_ROOT\AnalyzeIE.DOMPeek.1
HKEY_CLASSES_ROOT\CLSID\{834261E1-DD97-4177-853B-C907E5D5BD6E}
HKEY_CLASSES_ROOT\TypeLib\{BD0022A3-A43F-4F44-B64F-53EA7575F097}
HKEY_CLASSES_ROOT\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}
HKEY_CLASSES_ROOT\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}
Exit the Registry Editor.


6. To reset the Internet Explorer home page
Start Microsoft Internet Explorer.
Connect to the Internet, and then go to the page that you want to set as your home page.
Click Tools > Internet Options.
In the Home page section of the General tab, click Use Current > OK.

For additional information, or if this procedure does not work, read the Microsoft® Knowledge Base article, "Home Page Setting Changes Unexpectedly, or You Cannot Change Your Home Page Setting, Article ID 320159 (http://support.microsoft.com/default.aspx?scid=kb;en-us;320159)."

Have you followed all the instructions carefully?
http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html

thanks...i'll give it a go ;)

If you don't fix the problem that way, I suggest that you run a full set of malware scans... Start with an online virus scan, do Ad-Aware SE and Spybot (update them first), download and run either TrojanHunter or TDS3 after updating and end by posting a HijackThis log here for us to review....

To run HJT, extract it to a permanent folder such as one
you create like C:\HJT. Close all open windows and
browsers and make sure that all programs are enabled if
you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open
your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items
are either benign or essential to the computer.

http://www.subratam.org/?page=removal