Removing Trojan Startpage dll

Discussion in 'Malware Help (A Specialist Will Reply)' started by marty77, Apr 1, 2006.

  1. marty77

    marty77 Private E-2

    My antivirus BitDefender 9 Proffesional Plus is reporting a Trojan Startpage dll. I have followed the advice on http://forum.majorgeeks.com/showthread.php?t=35407, but it is still there. There are two infected files:

    Report from BitDefender:

    C:\Documents and Settings\MartinB\Application Data\Thunderbird\Profiles\8twzsty0.default\Mail\Local Folders\Inbox=>(message 634)=>[Subject: Re: povezave][Date: Tue, 18 Oct 2005 22:50:46 +0200]=>(MIME part)=>pdf_995.zip=>activate_crack.exe=>(NSIS o)=>lzma_nsis0001 Okuženo Trojan.Startpage.DLL
    C:\Documents and Settings\MartinB\Application Data\Thunderbird\Profiles\8twzsty0.default\Mail\Local Folders\Inbox=>(message 634)=>[Subject: Re: povezave][Date: Tue, 18 Oct 2005 22:50:46 +0200]=>(MIME part)=>pdf_995.zip=>activate_crack.exe=>(NSIS o)=>lzma_nsis0001 Čiščenje je bilo neuspešno
    C:\Documents and Settings\MartinB\Application Data\Thunderbird\Profiles\8twzsty0.default\Mail\Local Folders\Inbox=>(message 634)=>[Subject: Re: povezave][Date: Tue, 18 Oct 2005 22:50:46 +0200]=>(MIME part)=>pdf_995.zip=>activate_crack.exe=>(NSIS o)=>lzma_nsis0001 Premikanje je bilo neuspešno
    C:\Documents and Settings\MartinB\Application Data\Thunderbird\Profiles\8twzsty0.default\Mail\Local Folders\Inbox=>(message 634)=>[Subject: Re: povezave][Date: Tue, 18 Oct 2005 22:50:46 +0200]=>(MIME part)=>pdf_995.zip=>activate_crack_ultrapdf.exe=>(NSIS o)=>lzma_nsis0001 Okuženo Trojan.Startpage.DLL
    C:\Documents and Settings\MartinB\Application Data\Thunderbird\Profiles\8twzsty0.default\Mail\Local Folders\Inbox=>(message 634)=>[Subject: Re: povezave][Date: Tue, 18 Oct 2005 22:50:46 +0200]=>(MIME part)=>pdf_995.zip=>activate_crack_ultrapdf.exe=>(NSIS o)=>lzma_nsis0001 Čiščenje je bilo neuspešno
    C:\Documents and Settings\MartinB\Application Data\Thunderbird\Profiles\8twzsty0.default\Mail\Local Folders\Inbox=>(message 634)=>[Subject: Re: povezave][Date: Tue, 18 Oct 2005 22:50:46 +0200]=>(MIME part)=>pdf_995.zip=>activate_crack_ultrapdf.exe=>(NSIS o)=>lzma_nsis0001 Premikanje je bilo neuspešno

    Antivirus can't clean or move this Trojan, what can I do?
     
    marty77, Apr 1, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First you should just go to the mentioned email account (the inbox of MartinB) and clean up the files and folders mentioned. Looks like one file/message is infected. You have to delete this yourself. Perhaps Bitdefender could not do it because you had the files open. You should run scans in safe mode with no browsers, email, or other applications running. You should avoid having people send you cracks. This is what you will often get.

    Otherwise, please complete the instructions in the sticky procedure. It tells you if you are still having problems that you must attach the two logs from step 6 and then you must follow step 7 exactly and attach a HijackThis log.
     
    Last edited: Apr 1, 2006
    chaslang, Apr 1, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds