Help Please - startpage.s trojan

  lahorie 11:47 17 Jun 2004


I have this trojan somewhere on my pc.

I have run spybot s&d, ad-aware, cws hijacker, spyblaster, trendmicro, mcafee and sophos scans.

adaware finds the cws coolsearch registry values whilst sophos always finds the startpage.s trojan.

I have tried the sophos and trend micro recommended ways of removing these through registry keys, trouble is the values they say should be there are not there!.

And when i reboot, it reappears. Adwatch comes back with attempt to replace registry key with startpage and search assistant which i have set to block and automatic.

I would like to remove this once and for all if i know where to look for it.

Can anyone help please.


  Sethhaniel 14:44 17 Jun 2004

Start - Run - MSCONFIG - startup tab -

look for 'startpage' or similar and if there untick it -

  Old Shep 15:23 17 Jun 2004

Are you saying McCafee did not pick it up.Are you up to date with your dat files click here

  lahorie 15:56 17 Jun 2004


Nothing in startup

Mcafee doesn't pick it up, i'm fully updated.

Sophos is the only one that picks it up.

  Old Shep 16:04 17 Jun 2004

You say (And when i reboot, it reappears.) What actually appears.

  Fruit Bat 16:14 17 Jun 2004

CW Shredder click here

1. Switch off system restore (loses all restore points) 2. Run shredder 3. Switch sys restore back on and create a new restore point.

this should stop it coming back.


  lahorie 22:50 17 Jun 2004

Hi guys

In response to Old Shep

Adwatch comes back with registry entry is being modified, proceed or block and its always the start page entry trying to add itself to the registry.

Fruit Bat, i have run cw shredder numerous times. Sometimes it finds noting, othe times CWS search X which it removes.

I have win2k pro, sp4.

  Nellie2 12:07 19 Jun 2004


I think it might be an idea if you could post a hijack log.

See click here for instructions

  jack 12:14 19 Jun 2004

If you know what the trojan is called you could try this

Start/Run/Regedit/Ctrl F in the field type the name ok
delete it.

This gets rid of enough of it to stop it.

Try also McAfee 'Stinger' That will find what ever it is.

  Fruit Bat /\0/\ 12:57 19 Jun 2004

Stinger click here

  lahorie 11:09 21 Jun 2004

Hi all

Thanks for the advice.

downloaded reglite and found the blasted dll that was causing the problem.

Deleted it from system32 folder and from registry as key in application initialisation.

This has stopped webpages being redirected and has speeded up access no end.

Thanks for all your help, i will try all suggestions in case there is something left on the system.


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

Adobe shows still-in-development tools, including automatically colourising black-and-white photos

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?