Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-19-2005, 03:35 AM   #1
Solid State Member
 
Join Date: May 2005
Posts: 16
Default Trojan- Startpage.16.bd.

Just come back from my friendís- his computer was a mess (from, amongst other things, going to broadband, surfing Kazaa and other similar sites, and not using his Anti-Virus and Spy ware on a regular basis. Ran Spybot and Adaware, and picked up, respectively, 30 and 120 malware objects. Ran AVG, and came up with a virus that wonít go away.

Having successfully run AVG with nothing detected, I successfully connected to the internet. However, whenever I tried to connect to Internet Explorer, AVG flagged up, again and again, a Trojan horse virus by the name of Startpage.16.bd.

On deleting it each time, a box with the white cross in the red circle comes up reading:

RUNdll

Error loading Cocume~\Richard\locals~-1\Temp\se.dll

Access is denied

Trying again and again came up with the same result.

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:16:37, on 18/05/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Q92194.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\zzfcofmawsz.exe
C:\faq.exe
C:\PROGRA~1\LSOFTT~1\ACTIVE~1\PopUpKill.exe
C:\WINDOWS\msxmidi.exe
C:\Program Files\Clickguide\client.exe
C:\Program Files\Microsoft Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\OSA.EXE
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Richard\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8F3DA5AD-F515-4A7F-84F9-2ECA64372C16} - C:\WINDOWS\System32\ijpk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINDOWS\gameknot_toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe "
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Windows Critical Host file Handler] zzfcofmawsz.exe
O4 - HKLM\..\Run: [REGRUN] C:\faq.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [Windows Critical Host file Handler] zzfcofmawsz.exe
O4 - HKCU\..\Run: [Active@ PopUp Killer] C:\PROGRA~1\LSOFTT~1\ACTIVE~1\PopUpKill.exe
O4 - HKCU\..\Run: [Autoupdate Service] C:\WINDOWS\msxmidi.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Clickguide.lnk = C:\Program Files\Clickguide\client.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c11.cab
O18 - Filter: text/html - {1F7B4577-B52D-4744-AE33-B3A980EA4E19} - C:\WINDOWS\System32\ijpk.dll
O18 - Filter: text/plain - {1F7B4577-B52D-4744-AE33-B3A980EA4E19} - C:\WINDOWS\System32\ijpk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Creative NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Anyone any suggestions?
__________________

Tosh McCaber is offline   Reply With Quote
Old 05-19-2005, 07:11 AM   #2
Baseband Member
 
AdamAE's Avatar
 
Join Date: May 2005
Posts: 55
Default Re: Trojan- Startpage.16.bd.

Having successfully run AVG with nothing detected, I successfully connected to the internet. However, whenever I tried to connect to Internet Explorer, AVG flagged up, again and again, a Trojan horse virus by the name of Startpage.16.bd.

Anyone any suggestions?[/QUOTE]

Hi....... A few people have the same problem, try this link to a previous forum, it may help you.

http://www.bullguard.com/forum/9/Tro...6BD_11535.html
__________________

__________________
AdamAE
AdamAE is offline   Reply With Quote
Old 05-19-2005, 11:58 AM   #3
per
BSOD
 
Join Date: May 2005
Posts: 805
Default Re: Trojan- Startpage.16.bd.

Go here and follow the procedure for the HJT.
http://www.hijackthis.de/index.php?langselect=english
per is offline   Reply With Quote
Old 05-19-2005, 12:30 PM   #4
Baseband Member
 
AdamAE's Avatar
 
Join Date: May 2005
Posts: 55
Default Re: Trojan- Startpage.16.bd.

Quote:
Originally Posted by per
Go here and follow the procedure for the HJT.
http://www.hijackthis.de/index.php?langselect=english
Thanks Per.......... a nice and handy site
__________________
AdamAE
AdamAE is offline   Reply With Quote
Old 05-19-2005, 09:57 PM   #5
In Runtime
 
Join Date: May 2005
Posts: 427
Default Avg...

AVG free edition is fine detecting viruses,
but there are some kind of them that it can`t
delete...
r53s is offline   Reply With Quote
Old 05-19-2005, 10:03 PM   #6
Baseband Member
 
trigger's Avatar
 
Join Date: May 2005
Posts: 38
Send a message via AIM to trigger Send a message via Yahoo to trigger
Default Re: Trojan- Startpage.16.bd.

well all i can say is you better hope that the trojan isn't working like a virus called hijack because it will turn off all your internet and it's a bitch to get out.
__________________
mess with the best die like the rest.
trigger is offline   Reply With Quote
Old 05-19-2005, 10:05 PM   #7
Fully Optimized
 
money_man's Avatar
 
Join Date: Nov 2004
Posts: 4,353
Send a message via MSN to money_man
Default Re: Trojan- Startpage.16.bd.

meh just reformatte, or pay a shop to get rid of it, sometimes its easier to just pay someone else to fix it than to do it yourself.
__________________
AMD 3000+ @ 2.25
Corsair Twinx 1024mb 2x512mb XMS
MSI 6600GT's SLIed @ 565/1100
Neo 4 Platinum SLI Mobo
3dmark03- 15,542
3dmark05- 7081
money_man is offline   Reply With Quote
Old 05-19-2005, 10:10 PM   #8
Baseband Member
 
trigger's Avatar
 
Join Date: May 2005
Posts: 38
Send a message via AIM to trigger Send a message via Yahoo to trigger
Default Re: Trojan- Startpage.16.bd.

witch would you do pay $30-$500 to have some one elts do it or for acupple of wannabie protection programes get it free have it finished and be protected by some thing that you will never stop useing.
__________________
mess with the best die like the rest.
trigger is offline   Reply With Quote
Old 05-19-2005, 11:00 PM   #9
per
BSOD
 
Join Date: May 2005
Posts: 805
Default Re: Trojan- Startpage.16.bd.

I don't believe some of these posts that have nothing to do with the problem. If you cant help stay away.
per is offline   Reply With Quote
Old 05-19-2005, 11:11 PM   #10
per
BSOD
 
Join Date: May 2005
Posts: 805
Default Re: Trojan- Startpage.16.bd.

Also at least learn to spell so we can determine what you are saying that means absolutely nothing.
__________________

per is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:44 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0