Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan worms in windows me


  • Please log in to reply
10 replies to this topic

#1 noreenparis

noreenparis

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 09 January 2005 - 04:16 PM

Hi..I hope someone can help me with this problem. I'm new to the site so please bear with me if I do not express myself clearly. I have found a trojan worm in my files and Mcafee can not clean, quarantine or delete it...any suggestions? I'm going nuts. I disabled system restore, tried a kill box, ran spybot and adaware se..still there what can I do the name of the trojan is start page-eh and adclick

Edited by noreenparis, 09 January 2005 - 09:33 PM.


BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:07 AM

Posted 09 January 2005 - 04:28 PM

If your AV can't clean it try Panda online scan. It seems to have some success where other Anti virus programs don't.

What is the name of the trojan?

Edited by Leurgy, 09 January 2005 - 04:29 PM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:07 AM

Posted 09 January 2005 - 04:29 PM

Are you using these basic security programs?
aČ free-a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
Ad-Aware-A good program similar to SpyBot S & D.
Spybot S&D-Detects and removes spyware, of different types, from your computer.
SpywareBlaster-A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard-A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.

Important:
Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.

If that doesn't help, then:

Download the latest version of HijackThis (HJT), from here.

Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 noreenparis

noreenparis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 09 January 2005 - 09:30 PM

If your AV can't clean it try Panda online scan. It seems to have some success where other Anti virus programs don't.

What is the name of the trojan?

the name of the trojan is start page-eh and start page-fa and now I also have adclick to make matters worse...........help!!!!!

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:07 AM

Posted 09 January 2005 - 09:45 PM

Sophos Anti-virus can remove these trojans. Go to this page, fill out the form and you can download an evaluation version.

Please post back and let us know how you made out.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 noreenparis

noreenparis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 09 January 2005 - 09:59 PM

If your AV can't clean it try Panda online scan. It seems to have some success where other Anti virus programs don't.

What is the name of the trojan?

the name of the trojan is start page-eh and start page-fa and now I also have adclick to make matters worse...........help!!!!!

I am presently running panda active scan and I hope this does the trick...I will keep you posted. Thanks for your help.

#7 noreenparis

noreenparis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 10 January 2005 - 09:26 PM

If your AV can't clean it try Panda online scan. It seems to have some success where other Anti virus programs don't.

What is the name of the trojan?

the name of the trojan is start page-eh and start page-fa and now I also have adclick to make matters worse...........help!!!!!

I am presently running panda active scan and I hope this does the trick...I will keep you posted. Thanks for your help.

I know I'm going to sound stupid but I ran panda and the computer started crashing so I rebooted and I was able to delete (it looked like I was able to anyway) the worms. Now it seems like they are back. I'm using another computer to talk to you guys. I've started the "sick" computer in safe-mode and I'm running Mcafee again....now here's where I show how stupid I am...if I delete these files and then uninstall one of the av programs (norton) because I was running low on memory can those worms come back?????????/

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:07 AM

Posted 10 January 2005 - 09:46 PM

then uninstall one of the av programs


How many AV's are you running?

And yes, you can get infected again, through your system not being updated, clicking on bogus emails, shareware, file sharing, etc. Definately not a stupid question when it comes to how malware works.

You might want to let someone on the HJT team have a look at your log and see what is going on. Here are instructions that will hep you:
http://www.bleepingcomputer.com/forums/t/956/how-to-submit-a-hijackthis-log/

If Norton is taking up too many system resources, you might want to consider one that is a little easier on the system, such as AntiVir, or AVG, both good, and both are free. I use AntiVir, a lot of other people use AVG, and there are many other free ones.

Another link "How did I get infected in the first place?": http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

#9 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:07 AM

Posted 10 January 2005 - 11:00 PM

Can those worms come back?

Depends. If you are using Win2000 or XP, yes. What are you using, anyway? If its one of those you need to turn off System Restore. Look in Windows Help.

Suggest you download Sophos. Turn off Norton, Mcafee and any other anti-virus. Close all running programs. Leave your firewall on. Install and update and run Sophos. We know that Sophos is the one that can remove those trojans.

Pick ONE anti virus program to use and remove the rest by uninstalling them in Add/Remove Programs . If your Norton and your McAfee don't update they are useless. I don't like them anyway. Norton is a resource hog and MacAfee is just a screw up.

Post back with the (hopefully) good news.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:07 AM

Posted 10 January 2005 - 11:25 PM

Why on earth would you want to turn off system restore? It's not like applications can come creeping back out of it, or something is going to 'leak out' and reinfect your system. It is not executable, it is only a system snapshot.

And if for some reason, something goes terribly wrong, your only option is to reinstall. So again, why on earth would you turn off system restore? :thumbsup:

Edited by groovicus, 10 January 2005 - 11:26 PM.


#11 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:07 AM

Posted 10 January 2005 - 11:32 PM

Turning off System Restore deletes all your backups. You clean your system. You turn on System Restore and you have a clean backup. All your backups are infected. Why on earth would you want infected backups?

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users