Guys,

I am screwed with it ... It comes even in SAFE MODE ...!! When ever I open IE, this shit comes, I tried almost everything I could, but I am not succeeded .. The funny thing is, I have NORTON LATESTTTTTTTTTTTTTTTTTTTT and AVG ... Well, Norton detects, but, the VIRUS is still in.

I did a good websearch and got some idea and followed those, like deleting some reg entries and all .. But, after a reboot it comes again ... I tried SPYBOT and ADAWARE, but no result ...!!

My OS is Win 2k Pro with SP4 .. IE version is the lates 6 with updates ..

Anyone has seen similar prob?.. Any kind of help will be much appreciated ..

Thanks,
Manu

Have you tried mcafee's stinger tool? Might help you

wot about using firefox it's a hell of a lot better then IE and a lot saver!

just uninstall IE and install firefox => problem will be solved

www.firefox.com <= i'm sure u are gonna like it

there could be a program that is running that is adding the reg keys back in. plus you may also want to search the services, because that may also be the way the program is being excuted. so just search and disable anything Suspicious, in the services.

out of curiousity have you tried hijackthis

Scud


i have nothing agaisnt you or anything but dont reply like that. uninstalling ie is generally not a great idea, it seems to create alot of problems. as a proof, try and delete the iexplore.exe from the internet explorer directory and then refresh, the exe will be recreated there. microsofts attempt to try and make u use ie i am sure. it could be true that if you uinstall ie and install firefox that you will nolonger have the problem but that doesnt get rid of the sus files that could be running on the computer.

But manu if you want to remove ie feel free here is a link

hxxp://support.microsoft.com/default.aspx?scid=kb;EN-US;q293907

[edit] opz i forgot to add, check the iexplore.exe to make sure its the real iexplore.exe and not a fake one [/edit]

you can remove IE by start -> settings -> remove/ add software when you remove IE there it won't get reinstalled...

grtz

it's true it doesn't delete the bad files but it would be a good prevention installing firefox

Personally, i can see why you live by firefox, i wouldnt do without it either. its tabbing capabilities are very handy, no more 10 ies open . and ive never actually had firefox hijacked. the day it gets hijacked. is the day i post on this board about it in total shock and denial haha.

Right Manu, is it disabling you from running these commands:

regedit
cmd
services.msc
taskmgr.exe

As some virusses do, if not then I recommend you go through your task manager and look for ANYTHING suspicous (did the site you went on tell you the process names) or better still anything that is not on this list (http://support.microsoft.com/kb/q263201/). Then use the attached program (pskill) and write a .bat file to kill all the other processes at once,(this is so one process cant start the other if its killed and vice versa). Then run the batch script, next go through services disabling startup for all the services that dont appear here (http://www.blackviper.com/WinXP/servicecfg.htm). Run the batch script again and then go into regedit and delete all the registry entries.

Hope this helps,

Chris

can you post a copy of the result by running pk2 -l with prokill v2. ?
also if you can send me a copy of the trojan then please do, perhaps i can figure out what it is doing and how to remove it

my email: wscorpion(at)white-scorpion(dot)nl.

I wouldn't recommend uninstalling IE. There are still sites out there which can only run on IE. Also installing things such as the SDK for M$ Visual Studio REQUIRES IE

i'm running M$ visual studio .net for schoolpurposes... never had any probs with not having IE installed :-s

grtz

It's a hijack so you might be able to remove it with CWShredder.

If that didn't work you can try hijackthis and paste your logfile here.

I hope it'll help

few questions .

What virrii or trojan type ur norton detected ??


What site its opening by it in ie ??

U can probably get better info to remove it by googling abt site which its opening as homepage .

Thanks Guys... I think I should explain a little bit ..

1. I have installed FIREFOX, The first thing I did was that ..!!

2. I want to fix this problem anyhow, Installing FIREFOX is not solving the IE problems, so please get on top of the problem...

Somthing I found

I can see RUNDLL32.EXE in process list ...
There was a file called SE.DLL which was loading on startup, I had deleted it and removed from Reg entry too... But still when I open the IE, I am getting "that SE.DLL file not found" error ... It was in TEMP folder in fact ... I deleted it and so this damn thing is not getting this to load, but still the problem not solved ..

In Address bar I can only see "about:" , BUT on the screan, I am getting the SEARCH page with some links listed .. Each time even when I open WINDOWS EXPLORER, NORTON Says VIRUS DETECTED "TROJAN-STARTPAGE" ... That is the only info which I am getting from NORTON ...

@Jay, STINGER cant find it Jay, I had tried ..... I did try with SPYBOT and ADAWARE to clean Spyware ... I am going to try now MICROSOFT NEW BETA ANYSPYWARE ...

@Chris,

It is not disabling CMD, or REGEDIT or Anything that sort ...

But, it loads even in SAFE MODE ...!! When ever I open IE, This damn seach things comes ... At address bar, just "about:blank" .. Even if I reset the IE default settings, this crap will be back with in seconds ...

Let me go and try with MS ANY SPYWARE ... God damn what a shit this is ... The maker has got good brain anyway

Manu

http://forums.thetechguys.com/showthread.php?t=13990

http://www.google.com/search?q=TROJAN-STAR...=utf-8&oe=utf-8


Hope it helps.

did you try "hijack this" ?

http://www.spywareinfo.com/~merijn/downloads.html

I don't think this trojan only loads one *.dll

use hijack this and go through the log think this will clear up a lot

grtz

edit: srry, didn't notic "spook's" post...

this forum: http://castlecops.com/forum67.html shows some trojan's just like yours...

grtz

Thanks JAY...

I cleaned the mess .. Guys, I could clean it with MS ANTI SPYWARE ... ... I think it wold be easy if I had tried PEST PATROL or some standard commercial Anti spywares..

By the way, We are planning to implement BLUE COAT ..!! Anyone does use this?

Manu

Don't use it but checked out the product at

Blue Coat

Looks awesome Have hit up our main net sec guy to look at it.

BTW, Manu....You should ditch Symatec and come to the Nod32 side.

i know it is a bit too late but maybe it will be helpful for the future
i have burned a boot CD with the whole (maybe almost whole ) Windows XP started from CD without even touching a hard drive
such "live" Windows distro gives an access to the whole file system allowing to delete any unnecessary file
also it has some tools which help to undelete files, repair files, work with the registry etc.
everything with the nice XP GUI
i have downloaded it somewhere
it was made by the guy with a nick - DigitalWizard
definitely worth to have it-just in case

YEAH, You are right ... We should think of NOD32 ...
By the way, BLUE COAT is not just a Spyware control system, It has everything... I read about it alot, actually it is a good product, Uses its own OS to run.... Around 28MB of C++ Code based system ... Builtin Content filters, like WEBSENSE, SURF CONTROL etc, Really good product ...

Manu...

Flyer, Yeah, I would love to find such kind of XP CD .... If somebody has the link to download, please drop a line..

Manu

due to leechers activity, author only posts a site address on email request
just mail him
digiwiz2003@yahoo.com
it is called "miniPE"