Home > Please Help > Please Help Me-- StartPage-DU.dll Virus

Please Help Me-- StartPage-DU.dll Virus

tj416, Jul 7, 2005 #6 Seaner Thread Starter Joined: Sep 8, 2003 Messages: 56 Hey TJ, again thanks for the help, currently I'm opening my browser and no hijacking or Virusscan Seaner, Jul 6, 2005 #3 Seaner Thread Starter Joined: Sep 8, 2003 Messages: 56 Ok, everything went smoothly. WE'RE SURE THAT YOU'LL LOVE US! I'm running McAfee (version provided with AOL) and Spysweeper -- both up to date. (cannot download AdAware of Spybot due to IE problem) When the computer is running, I get periodic Source

After trying the derbik.de, and restarting my computer, my internet explorer started to hang, making it very difficult to get back to the internet. you won't believe it! You may use Panda ActiveScan also at http://www.pandasoftware.com/products/activescan. SHOW ME NOW CNET © CBS Interactive Inc.  /  All Rights Reserved. https://www.bleepingcomputer.com/forums/t/34802/please-help-startpage-dudll-is-ruining-my-pc/

Then click Run Tool and OK to start it. Choose "Yes" at the HouseCall message prompt. Click on the View tab and make sure that "Show hidden files and folders" is checked. Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:29 Value : Cookie:[email protected]/ Expires : 2006-06-09 04:20:34 PM LastSync : Hits:29 UseCount :

C:\WINDOWS\ntbtlog.txt:ygzbyh Removed Stream! Tried to modify the Home Page. Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Enable Browser Extensions CoolWebSearch Object Recognized! All rights reserved.

W32/Rbot-AAY may spread to remote network shares protected by weak passwords and computers vulnerable to common exploits. It's just experience that enables us to recognise and fix poorly puters.Happy Safe surfing! 0 #5 Crustyoldbloke Posted 31 July 2005 - 02:16 AM Crustyoldbloke Old Malware Surgeon with a shaky Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : CWS.About:Blank Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall CoolWebSearch Object Recognized! https://forums.whatthetech.com/index.php?showtopic=41924 Did we mention that it's free.

Now Run AboutBuster again and follow the prompts to scan (choose Yes/OK for all). Uncheck the "Hide file extensions for known file types". Please post the entire contents of the logfile here for me. Select/tick the following: Replace on Reboot Use Dummy End Explorer Shell While Killing File Unregister.dll Before Deleting * if it's not grayed out Click the RED X button.

  • It all runs together somehow!
  • Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing)
  • Select the "Tools" menu and click "Folder Options".
  • About CNET Privacy Policy Ad Choice Terms of Use Mobile User Agreement Help Center
  • Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone:

Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service... http://www.techsupportforum.com/forums/f100/infected-with-startpage-cu-trojan-61949.html After I close the message, I am still able to put the comcast address in the address bar and go online. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe __________________ 07-21-2005, 08:44 PM #7 sUBs Management Team, Security Center Expert Analyst, Moderator, Security Team Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts:

Click "Yes" at the Delete on Reboot prompt. this contact form Troj/Ablank-U is a DLL helper component file that may be dropped by members of the Troj/Ablank family of Trojans. You may delete it afterwardsInstall Ewido Security Suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menuYou will You guys are great.

Username or email: I've forgotten my password Forum Password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Community Forum It will ask you if you want a second scan, choose Yes. If any are not cleanable, copy and paste the infected files here. have a peek here However, I was unable to do the TrendMicro house call as I can't get IE to stay open, keeps shutting down with "blank", and the TrendMicro site only supports IE, not

OriginalFilename : Wmiprvse.exe#:18 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 1776 ThreadCreationTime : 2005-07-21 06:10:03 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft Windows Operating System I guess I will find out soon enough. Also go to http://www.lavasoftusa.com/software/...2cleaner.shtml to download the plug-in for fixing VX2 variants.

Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\Windows\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 O4 - Global Startup: GStartup.lnk = C:\Program Files\Common

someone nothing [email protected] [email protected] [email protected] somebody secure [email protected] [email protected] anywhere yourname [email protected] mailer-daemon variabel noreply -dav law2 [email protected] freeav @ca. Click on the Programs tab then click the "Reset Web Settings" button. Please try again now or at a later time. When first run the Trojan will set the following registry entry in order torun automatically each time a user logs in: HKLM\Software\Microsoft\Windows\CurrentVersion\Runsprundll32 ,DllInstall http://www.sophos.com/virusinfo/analyses/trojablanku.html Flag Permalink This was helpful

Beside "Startup Type" in the dropdown menu select "Disabled". Thread Status: Not open for further replies. Choose Copy from the menu. Check This Out Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html CoolWebSearch Object Recognized!

Click on "Start Update". All rights reserved. If it asks if you want to delete a certain random file, choose No and post that filename here. As I try to connect, internet explorer hangs, and I have to reboot the computer.

Prepare CWShredder for use: Download CWShredder. they all start with c:\sindows\system32\ -- so I wondn't repeat that part. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Location: : C:\Documents and Settings\Shevana.Somaru\recent Description : list of recently opened documents MRU List Object Recognized!

OriginalFilename : gcasServ.exe#:25 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3732 ThreadCreationTime : 2005-07-21 08:44:56 AM BasePriority : Normal FileVersion : ProductVersion : SE 106 ProductName : Lavasoft Thank you again! 0 Kudos Posted by jw50 ‎03-12-2005 12:05 AM Most Valued Poster View All Member Since: ‎12-29-2003 Posts: 1,674 Message 22 of 25 (262 Views) Re: startpage-Du.dll trojan Options Right click on the icon (looks like an archery target) in the task bar and click on Security Agents Status (Enabled) then click on Disable Real-time Protection. Click "Yes" at the reboot now prompt..If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying

Next click on the 'Check for Problems' button. http://www.sophos.com/virusinfo/analyses/trojppdoord.html Flag Permalink This was helpful (0) Collapse - Troj/Antimca-A by Marianna Schmudlach / April 20, 2005 1:42 AM PDT In reply to: VIRUS ALERTS - April 20, 2005 Aliases Trojan.Win32.AntiMcAfee.a Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Click OK when prompted to clean files With the first file it prompts to clean, select the option:"Perform action on all infections" Choose clean and click OK.