I just completed a full system scan and have 2 files both infected with trojan.startpage.
I have searched the registry for an exact or any part match to the value that is added once this trojan has "run".
The search came back negative - therefore I presume it has not "activated".
I am pretty sure of the "moment" when I contracted this trojan. My firewall has been alerting me to an ip address attempting to make a connection which is all adding up to the originating source of where I was surfing at the time of the incident.
Has anybody any info that they could share or even point me to a removal tool before I proceed with the removal?
Apparently, the risk is low and the damage is minimal to hardly noticeable i.e. altering your homepage, porno sites added to favourites etc...

I also contracted a trojan called "trojan.byteverify" which although slightly more technical in it's actions, was slightly easier to remove. i.e. file deletion in safe mode - not having to delete anything from the registry etc..

If anyone can clarify any further info - I'd be obliged.

Regards...

Hi Murph,

The following site has information on and how to remove:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.html

The following site has information on trojan.byteverify:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

Hope this helps!
Lorry

My antivirus program (AVG) "told" I might infected with the trojan.startpage. But my homepage has not been changing. Do I have it?
How can I remove it.. what is written at the symantec site seems difficult to be done from me.
Please help me :'(

Hi Murph,

If you are hesitent about editing the Registry, it might be a good idea to have one of your friends who knows computers or have a local tech come over and do it for you.

If you follow the steps mentioned earlier,at the Symantec site, one by one, you should have no problems. Backup the Registry first before doing anything - just in case.

To verify which virus/Trojan you have, go to: http://sarc.com/ Scroll down and click on,"Free Online Virus and Security Check" Write down exactly anything it finds, then return to: http://sarc.com/ and do a search for what was found. Symantec usually has a removal tool and/or directions for manually removing.

Hope this helps!
Lorry

Thank you for your replies. During the last couple of the weeks I have been reading like mad about trojans, spyware, malware, viruses etc and as a sort of response to jibonita I would offer the following advice.

As advised by the other members, the Symantec security page is a great place to obtain info on any particular virus or trojan amongst other issues. They will basically provide a definition of when the virus was first discovered, how damaging and widespread it is and also, removal instructions.

Like you, I'm not overly keen to go messing with the registry, which is the main reason I posted my question. I am Cisco certified but that is more to do with networking and Cisco systems, than Microsoft systems engineering etc.
However - I have found a few sites and pieces of info that may help.

I don't know what OS you have or what connection you have either but this really is general info anyway. I know some of this is obvious, but it's part of what I have done and it has and continues to work an absolute treat.

If you do not have a firewall, download the free Zonealarm - easy to use and understand and a great product. Also, read the information it gives you and the advice on configuring your settings. Configure your settings to give you maximum protection whilst still allowing you to view your favourite websites etc.

An anti-virus is also a must-have if you are connected to the net. There are quite a number of decent ones - I use Norton anti-virus. There are free ones on the net but in all honesty, I really feel that the best option is one of the retail versions such as Norton or Mcafee. The Kapersky stuff is supposed to be good and the interfaces are very easy to navigate but I haven't looked into this one properly. Most importantly, keep your anti-virus up to date by regularly downloading the latest definitions and updates.

If you don't do this - do it now. Go to the Microsoft update site and make sure your OS is up to date with the latest security patches and updates. I am using XP and I have set my system up to advise me when updates are available, which I then will manually go through the procedure to d/load the updates and install them on my machine.

Get Adaware (free) from Lavasoft. It's on version 6.0 at the moment - this is absolutely blinding. This will pick up spyware and any privacy related problem files or objects. This programme scanned my 120gb hd in 7 minutes! It picked up approx 40 suspect objects - read the info again in the programme and set it to do full scans including archives and deep registry scans. It is so easy to use and you can archive the deleted files, registry keys and monitor system performance to make sure it hasn't removed anything that should have stayed. (It is an awesome programme and I don't think you'd have any bother.

Go to Google and get the Google toolbar - again it's free. Stops pop-ups a treat which is where a great many of these trojans are harboured.

I sit here on a Friday evening and scan my system with my a/virus, scan it for spyware, check my firewall logs for anything dodgy and even though I'm set up, I still go to the MS update site. This may be excessive by some peoples standards, but is working great for me.

Lastly, there are 2 really cool sites you may want to have a look at.
www.answersthatwork.com
This has a really cool, constantly growing library of items that may be on your tasklist (press Ctrl, Alt, Del simultaeneously and selct task manager. Navigate to the url and you'll see th homepage with a button "Tasklist" Well worth a look.
Also www.kephyr.com has a file database that will give you details on any didgy files on your system.

Also, I have been inputting file names, task names, registry key names and all sorts into Google and the answers are there, no messing.

Hope this all helps - sorry if I've bored anyone.

murph

Sorry - totally messed up those hyperlinks!!