Trojan- Startpage.16.bd.

Tosh McCaber

Solid State Member
Messages
16
Just come back from my friend's- his computer was a mess (from, amongst other things, going to broadband, surfing Kazaa and other similar sites, and not using his Anti-Virus and Spy ware on a regular basis. Ran Spybot and Adaware, and picked up, respectively, 30 and 120 malware objects. Ran AVG, and came up with a virus that won't go away.

Having successfully run AVG with nothing detected, I successfully connected to the internet. However, whenever I tried to connect to Internet Explorer, AVG flagged up, again and again, a Trojan horse virus by the name of Startpage.16.bd.

On deleting it each time, a box with the white cross in the red circle comes up reading:

RUNdll

Error loading C:Docume~\Richard\locals~-1\Temp\se.dll

Access is denied

Trying again and again came up with the same result.

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:16:37, on 18/05/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Q92194.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\zzfcofmawsz.exe
C:\faq.exe
C:\PROGRA~1\LSOFTT~1\ACTIVE~1\PopUpKill.exe
C:\WINDOWS\msxmidi.exe
C:\Program Files\Clickguide\client.exe
C:\Program Files\Microsoft Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\OSA.EXE
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Richard\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8F3DA5AD-F515-4A7F-84F9-2ECA64372C16} - C:\WINDOWS\System32\ijpk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINDOWS\gameknot_toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe "
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Windows Critical Host file Handler] zzfcofmawsz.exe
O4 - HKLM\..\Run: [REGRUN] C:\faq.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [Windows Critical Host file Handler] zzfcofmawsz.exe
O4 - HKCU\..\Run: [Active@ PopUp Killer] C:\PROGRA~1\LSOFTT~1\ACTIVE~1\PopUpKill.exe
O4 - HKCU\..\Run: [Autoupdate Service] C:\WINDOWS\msxmidi.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Clickguide.lnk = C:\Program Files\Clickguide\client.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab
O18 - Filter: text/html - {1F7B4577-B52D-4744-AE33-B3A980EA4E19} - C:\WINDOWS\System32\ijpk.dll
O18 - Filter: text/plain - {1F7B4577-B52D-4744-AE33-B3A980EA4E19} - C:\WINDOWS\System32\ijpk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Creative NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Anyone any suggestions?
 
Having successfully run AVG with nothing detected, I successfully connected to the internet. However, whenever I tried to connect to Internet Explorer, AVG flagged up, again and again, a Trojan horse virus by the name of Startpage.16.bd.

Anyone any suggestions?[/QUOTE]

Hi....... A few people have the same problem, try this link to a previous forum, it may help you.

http://www.bullguard.com/forum/9/Trojan-Horse-startpage16BD_11535.html
 
Avg...

AVG free edition is fine detecting viruses,
but there are some kind of them that it can`t
delete...
 
well all i can say is you better hope that the trojan isn't working like a virus called hijack because it will turn off all your internet and it's a bitch to get out.
 
meh just reformatte, or pay a shop to get rid of it, sometimes its easier to just pay someone else to fix it than to do it yourself.
 
witch would you do pay $30-$500 to have some one elts do it or for acupple of wannabie protection programes get it free have it finished and be protected by some thing that you will never stop useing.
 
I don't believe some of these posts that have nothing to do with the problem. If you cant help stay away.
 
Also at least learn to spell so we can determine what you are saying that means absolutely nothing.
 
Back
Top Bottom