trojan java/byteverify and startpage10.ah and startpage.9.bb

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rwilli68, Dec 24, 2004.

  1. rwilli68

    rwilli68 Private E-2

    Ok I followed all your suggestioned steps in your thread...scans/cleaning tools etc. It removed one of the 11 hits I got...now I am down to 10...8 of the java/byteverify and one each of the startpage. I removed the java with the tool, but unfortunately my windows installer is not working correctly (call tech support yeah right for 50.00 maybe) I do not have a hard copy of XP as it was preloaded with my computer. SO I need help removing the viruses/trojan horses and figuring out how to fix my windows installer. Let me know what to do. I have log files etc....

    Renee
     
    rwilli68, Dec 24, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    For Windows Installer problems you should check over in the Software Forum. If you have malware problems and you have followed ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal but still have problems, see below.

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Dec 24, 2004
    #2
  3. rwilli68

    rwilli68 Private E-2

    I have tried using hijackthis several times (more than ten) I downloaded it into a separate folder, etc. and it keeps "encountering a problem" and needing to close. I am very frustrated at this point. I seem to have had nothing but problems with my computer since I downloaded SP2. I may not be a majorgeek, but I am pretty knowlegable at least about everyday computer stuff and I can't get around this one. Any suggestions? Thanks so much. :)
     
    rwilli68, Dec 25, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you install SP2 before or after having problems? If after being infect, that can sometimes cause problems with getting a good install.

    Have you run ALL the steps of the READ ME FIRST?
    Did you download HJT 1.99 from us (here http://www.majorgeeks.com/download3155.html
    )
    Have you extracted HJT from the ZIP file? If so, go to the directory where you put it and try renaming the hijackthis.exe file to myhjt.com. Now double click on myhjt.com to run it. See if that works.
     
    chaslang, Dec 26, 2004
    #4
  5. rwilli68

    rwilli68 Private E-2

    SP2 was installed before I was infected, although it wasn't until I upgraded to the newest AVG (not the virus files, the actual program) that I found the viruses. I kept the virus files updated every three days. I run a scan daily, when I upgraded to the newest AVG it found it. I tried renaming the file and it still encounters an error and closes. So no log file for you yet. I am still trying this....any other suggestions?

    Renee
     
    rwilli68, Dec 27, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you try what I asked in my previous post?

    Also have you tried in safe mode?
     
    chaslang, Dec 27, 2004
    #6
  7. rwilli68

    rwilli68 Private E-2

    Yes I tried what you said earlier. I changed the name of the file It still didn't work. I removed that file....started back up in safe mode, downloaded it again. Changed the name again, and it still encounters a problem and needs to close. I re ran trend online virus scan and removed the startpage viruses, and several of the byte/verify trojans. I still have four byte/verifies that can not be removed. I will try repeating all the steps again tonight, and let you know in the am how it went. I appreciate you taking the time to help me out.

    thanks :)
     
    rwilli68, Dec 27, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try running HJT in safe mode and let me know if that works.

    Have you run CWShredder?
    What about McAfee Avert Stinger?
     
    chaslang, Dec 28, 2004
    #8
  9. rwilli68

    rwilli68 Private E-2

    Ok I started from the beginning again...re ran everything from the starting thread on malware thru hijack this. still no luck. I even ran the extra programs mentioned. Most found the trojans but could not remove them. Can I remove them manually by following the threads? What about deleting the user they are under (ok my son wouldn't appreciate it) but if it means the trojans are gone I would delete his user (all the trojans are showing under his user name in the java files...) Let me know. IT's 1:30 am and I am going to bed....

    :))

    PS ran all of the mentioned programs....Stinger etc...
     
    rwilli68, Dec 28, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I repeat my last question:

    Try running HJT in safe mode and let me know if that works.

    You have bigger problems then those two if you cannot run HijackThis.

    But see the below, maybe they will help you:
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html
    http://www.faqfarm.com/Computer/Virus/Startpage/

    I would recommend take a look at running the Alternative Scans - If still having problems section of the READ ME FIRST thread. There are a bunch of additional tools there.

    Did you also run HSremove, About:Buster, and did you run the VX2 Cleaner for Ad-Aware SE?
     
    Last edited: Dec 28, 2004
    chaslang, Dec 28, 2004
    #10
  11. rwilli68

    rwilli68 Private E-2

    I'm sorry if I didn't make it clear....yes I ran the HijackThis from safe mode...it still did not work. I ran everything last night...all the additional scans and all of those you listed in your previous post. I still haven't had any luck... I'm about ready to restore the computer to it's original settings. I just need to make back ups of about 4000 pictures first. I will try everything one more time....starting from the beginning of the malware thread thru hijackthis. I'm sorry that this isn't working and I haven't been making my posts clear to you.
    Thanks

    Renee
     
    rwilli68, Dec 28, 2004
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please try downloading and running ProcessExplorer from: ProcessExplorer for Win NT/2K/XP

    Unzip it and now run ProcessExplorer and lets configure some options first:
    Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked. Now click on explorer.exe. Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
    Now click on File and then Save As. And save the process list. Post it back here as an attachment. Also, from now on if I say to kill a process, use ProcessExplorer instead of Task Manager. Sometimes ProcessExplorer can kill things that Task Manager cannot.

    If that does not work, try downloading PrcView and get a process list from it and post it.
     
    chaslang, Dec 28, 2004
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds