Trojan.StartPage Infection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by TheFnkyMonkey, Oct 2, 2004.

  1. TheFnkyMonkey

    TheFnkyMonkey Private E-2

    Before I start I'd like to say thanks for the forum. Now to my problem. Somehow or other I have become infected with Trojan.StartPage. I'm not sure how, but then I guess no one ever is. It used to have my home page hijacked, but it seems to only do this every so often, but it's still there. Norton picked up on it, but cannot do anything about it. I followed the instructions on Norton's web site but to no avail. I've also followed the instructions of various threads around the forums, again to no avail. I'm running Windows XP Professional, have current/updated versions of AdAware, Spybot S&D, CWShredder, and any other programs recommended on the boards here. I've run the online scans as well. They all pick up on it, but can do nothing about it, regardless of normal or safe mode. I'm hoping maybe you guys can help me out. Thanks.

    -Jon
     
    TheFnkyMonkey, Oct 2, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 2, 2004
    #2
  3. TheFnkyMonkey

    TheFnkyMonkey Private E-2

    Sorry for the delay. Yes, I've tried those alternative solutions. I tried all of them except for the TrojanScan at windowssecurity.com. Every time I tried to run that one my browser crashed. But all the others ran fine. They each picked up something different, which they took care of, but non of them picked up on the trojan.startpage.
     
    TheFnkyMonkey, Oct 3, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Oct 3, 2004
    #4
  5. TheFnkyMonkey

    TheFnkyMonkey Private E-2

    Sorry for the delay. Here is the log. I tried to close out everything I could. I couldn't get Norton to close however. Every time I try to close it, it pops back up again saying I'm infected...
     
    Last edited by a moderator: Oct 4, 2004
    TheFnkyMonkey, Oct 4, 2004
    #5
  6. Kodo

    Kodo SNATCHSQUATCH

    Monkey,
    You need to run HJT from its's own folder like C:\HJT\HijackThis.exe ...please. Then post another log.
     
    Kodo, Oct 4, 2004
    #6
  7. TheFnkyMonkey

    TheFnkyMonkey Private E-2

    I actually did have it in its own directory. My mistake was I went to make a shortcut to the desktop and I accidentally copied it instead of making a shortcut. Without any more delay...
     

    Attached Files:

    TheFnkyMonkey, Oct 4, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I do not see anything obvious in your log. Who (what program) tells you there is a Trojan.StartPage problem and did it give you more info (like file and path info or was it a registry key)? Does it still indicate it?
     
    chaslang, Oct 4, 2004
    #8
  9. TheFnkyMonkey

    TheFnkyMonkey Private E-2

    The only program that seems to pick up on it is Norton AntiVirus 2003. It tells me I have it both with the AutoProtect, and when I do a standard file scan. It still indicates that I am infected. The infected file is a dll file in the Windows\System32 folder. I believe it to be randomly named, but the file is bfpimkib.dll. I also ran the Norton Online Virus scan and it also came up with this. For some reason, maybe Norton is the only one picking up on it?
     
    TheFnkyMonkey, Oct 5, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't believe this to be a valid (good) file. Try booting into safe mode and renaming the file from bfpimkib.dll to bfpimkib.baddll. Do another scan. If still picking it up, try moving the file off of your hard disk and onto a floppy. Now run your PC for awhile and when you are sure you do not need this file for anything, delete it from the floppy.
     
    chaslang, Oct 5, 2004
    #10
  11. Kodo

    Kodo SNATCHSQUATCH

    curious...does norton "repair" the file or quarantine ?
     
    Kodo, Oct 5, 2004
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds