Startpage Virus And Cleaning

Alright here's the deal... my boss's home computer is all messed up and i've already got rid of some viruses for him but the worst one i can not get rid of... trojan horse startpage.qr which is picked up by AntiVir. I've tried searching the internet but everyone's computer that has the trojan seems to be effected differently. Here's the hijack this logfile..... any help would be greatly appreciated. Also can someone help me clear up any other junk in the registry as well.

Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

PSGuard


Now, download this file: SpSeHjfix109

Unzip it to your desktop or to a folder.

Boot into Safe Mode

Start SpSeHjfix, click on " Desinfecton starten" (the other button means close) then it will reboot and finish the cleaning.

Run SpSeHjfix one more time.

Reboot in Normal mode.

Run HijackThis again and post a new log. Also post the log from SpSeHjfix, the log should be on your desktop or the same folder as SpSeHjfix.

 

Thanx i'll get back to u tomorrow im going to have my boss bring his computer in to work

 

Okay, try to do it in a timely manner because this particular hijacker will mutate as something different during every reboot. Anything is possible with this hijacker.

Will be awaiting results!

 

I've ran the program and the second time i ran it, it doesnt detect it anymore, but now internet explorer will not open. if u need the log files ill have to transfer them to another computer if internet explorer wont start working again.

 

Alright I got internet explorer working again but some pages wont come up the'll act like their loading but they never will...the status bar address blinks rapidly. Here's the log file's u asked for...

Inline logs attached!

 

Your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. After we fix your current problems, you must get updated. You need to install Service Pack 2 for security purposes.

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/space.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Thanx... Ill get back to u on Sunday when I'm @ work again

 

You need to do this in a timely manner or else it can mutate as a different name and my fix will be useless.

 

I've done all the steps you've listed and i downloaded the latest microsoft updates and service pack 2 but some internet sites still wont work... their address just flashes in the status bar and doesnt load... also my connection icon(under status) says that I have limited or no connectivety. Also i've posted the new hijack this log.

 

I got the sites that were working by turning down the cookies allowd setting(it was on high)... but the connection icon still says limited or no connectivety

 

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

After you complete the above, reboot and let me know if any problems remain.

 

Everything seems to be working good now.... thanx for your help

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!