Removal of Trojan Virus Startpage



Dave G
07-09-2005, 10:50 PM
I used AVG anti-virus from Grisoft to detect the StartPage21.AS,
Startpage.21.AR, & Startpage.BW hijacking Trojan viruses and Now I can not
completely
boot to the OS(WinXP home SP2) and have tried safe mode boot too. No Luck
they both get to where you receive the sign on screen and you select user
but next window it appears to just stop with just the desktop picture
showing, no icons no taskbars, no start button. I can use CTL/ALT/DEL to get
to Task manager to run, I got AVG to run from start new task and went into
virus vault where it put the culprits. TROJAN Startpage.BW, in
C:Windows\XMLIBUI.exe, Startpage.21.AS in C:Windows\xmllib.dll primary file
and in (3) backup copies as well, startpage.21.AR found in
C:Windows\System32\Tmntsvr32.EXE, C:Windows\msxmidi.exe,
C:Windows\system32\SMSSU.EXE, C:Windows\iexplore_dbg.exe,
C:Windows\explorer32dbg.exe. I tried to restore the said files to no avail.
I ran adaware not updated since no internet connectivity, and found
Coolwebsearch malware & removed the 14 instances of it. Still o luck. Any
help at this point would be greatly appreciated.

TIA,

Dave

David H. Lipman
07-09-2005, 10:50 PM
From: "Dave G" <dave1ee@yahoo.com>

| I used AVG anti-virus from Grisoft to detect the StartPage21.AS,
| Startpage.21.AR, & Startpage.BW hijacking Trojan viruses and Now I can not
| completely
| boot to the OS(WinXP home SP2) and have tried safe mode boot too. No Luck
| they both get to where you receive the sign on screen and you select user
| but next window it appears to just stop with just the desktop picture
| showing, no icons no taskbars, no start button. I can use CTL/ALT/DEL to get
| to Task manager to run, I got AVG to run from start new task and went into
| virus vault where it put the culprits. TROJAN Startpage.BW, in
| C:Windows\XMLIBUI.exe, Startpage.21.AS in C:Windows\xmllib.dll primary file
| and in (3) backup copies as well, startpage.21.AR found in
| C:Windows\System32\Tmntsvr32.EXE, C:Windows\msxmidi.exe,
| C:Windows\system32\SMSSU.EXE, C:Windows\iexplore_dbg.exe,
| C:Windows\explorer32dbg.exe. I tried to restore the said files to no avail.
| I ran adaware not updated since no internet connectivity, and found
| Coolwebsearch malware & removed the 14 instances of it. Still o luck. Any
| help at this point would be greatly appreciated.
|
| TIA,
|
| Dave
|

In Task Manager se if you can execute; %windir%\system32\lusrmgr.msc

Ad then create a new account and then try logging on with that new account.

Report back and we'll continue from thre.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Chek
07-09-2005, 10:50 PM
FYI Dave,
that command isn't available in XP Home Edition, even with
SP2 applied.


Chek

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
message news:ORkTe7zeFHA.2180@TK2MSFTNGP12.phx.gbl...
> From: "Dave G" <dave1ee@yahoo.com>
>
> | I used AVG anti-virus from Grisoft to detect the
> StartPage21.AS,
> | Startpage.21.AR, & Startpage.BW hijacking Trojan viruses
> and Now I can not
> | completely
> | boot to the OS(WinXP home SP2) and have tried safe mode
> boot too. No Luck
> | they both get to where you receive the sign on screen
> and you select user
> | but next window it appears to just stop with just the
> desktop picture
> | showing, no icons no taskbars, no start button. I can
> use CTL/ALT/DEL to get
> | to Task manager to run, I got AVG to run from start new
> task and went into
> | virus vault where it put the culprits. TROJAN
> Startpage.BW, in
> | C:Windows\XMLIBUI.exe, Startpage.21.AS in
> C:Windows\xmllib.dll primary file
> | and in (3) backup copies as well, startpage.21.AR found
> in
> | C:Windows\System32\Tmntsvr32.EXE, C:Windows\msxmidi.exe,
> | C:Windows\system32\SMSSU.EXE,
> C:Windows\iexplore_dbg.exe,
> | C:Windows\explorer32dbg.exe. I tried to restore the said
> files to no avail.
> | I ran adaware not updated since no internet
> connectivity, and found
> | Coolwebsearch malware & removed the 14 instances of it.
> Still o luck. Any
> | help at this point would be greatly appreciated.
> |
> | TIA,
> |
> | Dave
> |
>
> In Task Manager se if you can execute;
> %windir%\system32\lusrmgr.msc
>
> Ad then create a new account and then try logging on with
> that new account.
>
> Report back and we'll continue from thre.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Dave G
07-09-2005, 10:50 PM
I got the command to run but am using XP home which says it is not a valid
snapin for, says to use user accounts in control panel. How do I get there?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ORkTe7zeFHA.2180@TK2MSFTNGP12.phx.gbl...
> From: "Dave G" <dave1ee@yahoo.com>
>
> | I used AVG anti-virus from Grisoft to detect the StartPage21.AS,
> | Startpage.21.AR, & Startpage.BW hijacking Trojan viruses and Now I can
> not
> | completely
> | boot to the OS(WinXP home SP2) and have tried safe mode boot too. No
> Luck
> | they both get to where you receive the sign on screen and you select
> user
> | but next window it appears to just stop with just the desktop picture
> | showing, no icons no taskbars, no start button. I can use CTL/ALT/DEL to
> get
> | to Task manager to run, I got AVG to run from start new task and went
> into
> | virus vault where it put the culprits. TROJAN Startpage.BW, in
> | C:Windows\XMLIBUI.exe, Startpage.21.AS in C:Windows\xmllib.dll primary
> file
> | and in (3) backup copies as well, startpage.21.AR found in
> | C:Windows\System32\Tmntsvr32.EXE, C:Windows\msxmidi.exe,
> | C:Windows\system32\SMSSU.EXE, C:Windows\iexplore_dbg.exe,
> | C:Windows\explorer32dbg.exe. I tried to restore the said files to no
> avail.
> | I ran adaware not updated since no internet connectivity, and found
> | Coolwebsearch malware & removed the 14 instances of it. Still o luck.
> Any
> | help at this point would be greatly appreciated.
> |
> | TIA,
> |
> | Dave
> |
>
> In Task Manager se if you can execute; %windir%\system32\lusrmgr.msc
>
> Ad then create a new account and then try logging on with that new
> account.
>
> Report back and we'll continue from thre.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

David H. Lipman
07-09-2005, 10:50 PM
From: "Dave G" <dave1ee@yahoo.com>

| I got the command to run but am using XP home which says it is not a valid
| snapin for, says to use user accounts in control panel. How do I get there?
|

Execute; control

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Dave G
07-09-2005, 10:50 PM
huh?

Dave
Dave1ee@yahoo.com

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uh0T0$9eFHA.3880@tk2msftngp13.phx.gbl...
> From: "Dave G" <dave1ee@yahoo.com>
>
> | I got the command to run but am using XP home which says it is not a
> valid
> | snapin for, says to use user accounts in control panel. How do I get
> there?
> |
>
> Execute; control
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Dave G
07-09-2005, 10:50 PM
BTW I was looking in the registry via regedit and noticed that startup did
not complete. So this must be where we need to look now to solve this
problem.

Dave G
Dave1ee@yahoo.com


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uh0T0$9eFHA.3880@tk2msftngp13.phx.gbl...
> From: "Dave G" <dave1ee@yahoo.com>
>
> | I got the command to run but am using XP home which says it is not a
> valid
> | snapin for, says to use user accounts in control panel. How do I get
> there?
> |
>
> Execute; control
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Joe
07-09-2005, 10:50 PM
I had the same Virus and AVG got it but not before it killed 2 of my DVD
Write programs. Here is what I did. Since startpage executes as soon as I
got it I shut down my PC and disconnected from the internet. when I
restarted I did not touch my browser and ran the Virus scanner to clean it.
then using my ZoneAlarm I cleaned the Cache, then did a restore from a date
I knew my machine worked ok, I went back 4 days. After that I turned off
system restore to delete all backups. emptied the virus vault. rebooted,
still off the network. turned on system restore, connected to the internet
(still not touching my browser) did an update on AVG. did a full scan used
zonealarm to look for tracking cookies and deleted them. did a full scan
with AVG and behold all was clean.. then as a last measure I loaded
PestPatrols Memory scanner and cookie patrol, and updated and ran spybot.
Piece of cake.

Joe Chiacchio
IT Admin
Bovis Construction (Retired)
"Dave G" <dave1ee@yahoo.com> wrote in message
news:OMhiSTzeFHA.2736@TK2MSFTNGP12.phx.gbl...
> I used AVG anti-virus from Grisoft to detect the StartPage21.AS,
> Startpage.21.AR, & Startpage.BW hijacking Trojan viruses and Now I can not
> completely
> boot to the OS(WinXP home SP2) and have tried safe mode boot too. No Luck
> they both get to where you receive the sign on screen and you select user
> but next window it appears to just stop with just the desktop picture
> showing, no icons no taskbars, no start button. I can use CTL/ALT/DEL to
> get to Task manager to run, I got AVG to run from start new task and went
> into virus vault where it put the culprits. TROJAN Startpage.BW, in
> C:Windows\XMLIBUI.exe, Startpage.21.AS in C:Windows\xmllib.dll primary
> file and in (3) backup copies as well, startpage.21.AR found in
> C:Windows\System32\Tmntsvr32.EXE, C:Windows\msxmidi.exe,
> C:Windows\system32\SMSSU.EXE, C:Windows\iexplore_dbg.exe,
> C:Windows\explorer32dbg.exe. I tried to restore the said files to no
> avail. I ran adaware not updated since no internet connectivity, and found
> Coolwebsearch malware & removed the 14 instances of it. Still o luck. Any
> help at this point would be greatly appreciated.
>
> TIA,
>
> Dave
>


Removal of Trojan Virus Startpage