Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trojan StartPage

Status
Not open for further replies.
eggy168

eggy168

Programmer
Joined
Mar 6, 2002
Messages
220
Location
US
Hi,
I have 2 pc got th Trojan StartPage virus. I followed the Symantec removal kit to clean the regedit, unfortunately I found no values that was suggested by the symantec.com. Anyhow, I scaned the pc and it said nothing affected. Then, I deleted the alerts from the Norton AntiVirus. 5 Min after I did all the job, the two pc had the pop up again about the virus found. Now,I tried to open the Hosts file and deleted everything except the "127.0.0.1 localhost".

Now, the question is after deleting all the entries and saved the file, it created a text file instead of the dll (I assumed). Am I doing something wrong here? Will it clear the virus?

Thanks for the help.

Eggy
 
Sort by date Sort by votes
I dont trust norton to much, my advice download ewido from the link below and do a full system scan in safe mode under the infected account. let us know your results.




There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
Ewido is a good malware tool, but is not really for viruses as much as for malware such as spyware, adware, trojans, etc...

So, just to make sure do this:

Run an online antivirus check from


choose extended database for the scan...

And,

Webroot spysweeper Trial:

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Hope that helps,

Erik
 
Upvote 0 Downvote
I had an email worm that I tried to delete several years ago when two PCs were connected to a router with file sharing enabled. As soon as I cleaned one, and then cleaned the other, the fist one was re-infected again. I went through the cleaning cycle several times before I discovered the solution which was to disconnect both from the router, clean them, and then reconnect to the router. It has been a long time, but I remember the worm searched for network shares and installed itself if a share was found.
 
Upvote 0 Downvote
Just referring to your Host file, it is a non-extension type of file, so you can rename it and delete the .txt extension.
You may have to UNcheck "Hide extensions for known file types" in Folder Options/ View, to see and access the file extension bit of the name.



Removing adware & spyware
faq608-4650
 
Upvote 0 Downvote
I can't delete the .txt extension or I have no ideas how to delete it. Can you please let me know? Thanks
 
Upvote 0 Downvote
Uncheck "Hide extensions for known file types" in Folder Options/ View, to see and access the file extension bit of the name.

Use the Rename function in Explorer to delete the .txt part of the name. Ignore any warning message about changing a file extension (in this instance only).
 
Upvote 0 Downvote
I followed the instruction, but it still saying the error message that I can't replace the .txt to a regular HOSTS file. I really have trouble doing this.
Really Annoying.
 
Upvote 0 Downvote
Would you like to post the exact message you are getting when you try to rename it?

Some security programs block changing data in the hosts file by making it a read only file, perhaps you are running into this type of problem?

Have you tried approaching the problem from Safe Mode, or even copying a hosts file from another machine?

 
Upvote 0 Downvote
Someone told me it is because the FAT32 set up? you think it causes the problem?
I have the StopZilla program installed beside the Norton Antivirus program. It causes the problem, too?
I tried to delete the hosts file in Dos and it can't let me delete it, too. Just weird that I can't delete it and copy from other machine.
This is the error message,

Error renaming File or Folder
Cannot rename Hosts: A file with the name you specified already esists. Specify a different file name

Thanks for your help.
 
Upvote 0 Downvote
I would boot into Safe Mode and try it and stop all security programs as well.
 
Upvote 0 Downvote
Go back to Folder Options/ View and tick the box to "show hidden files", and uncheck the other box to "hide protected system files (recommended)".

Recheck your etc folder and see what files you have in there.

You can also go to C:\WINDOWS\system32\drivers\etc via DOS, change the Attributes, using the Attrib command, to show hidden, read only, and system files. Then run a DIR command and see what you have listed in that Directory.

I don't think that FAT32 will be the problem. As the error message says, "Cannot rename Hosts: A file with the name you specified already exists". You already have a file named hosts in existence in that Directory.

Mind you, stranger things have happened with Windows, but look at the obvious reasons first.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

LilBob
  • Locked
  • Question Question
Trojan infection
Replies
7
Views
322
gavm99
gavm99
mach04
  • Locked
  • Question Question
Need help to delete a trojan
Replies
9
Views
315
drjohnbullas
drjohnbullas
Krizalid99v2
  • Locked
  • Question Question
Possible trojan/virus, need help on getting rid of it?
Replies
5
Views
203
BadBigBen
BadBigBen
AntonioAnsell
  • Locked
  • Question Question
Does this Trojan really exist..?
Replies
2
Views
135
ASG0856
ASG0856
jdublu
  • Locked
  • Question Question
popups stating trojan viruses
Replies
3
Views
124
linney
linney

Part and Inventory Search

Sponsor

Back
Top