Startpage worm

  andy625 11:24 04 Feb 2005

My pc has got the startpage worm. Whenever I open IE it displays fullscreen, and the start page has changed to ":blank" which is a search page. Norton pops up to say that there is a virus detected in C:\DOCUME~1\jon\LOCALS~1\Temp\sp.dll - "delete succeeded access denied" I've updated virus definitions scanned pc and found nothing. Then I installed microsofts spyware prog and found spyware that I then deleted but the virus is still there (start page still changes even if I reset it, and norton pops up).

I tried following the steps on the symantec site, but host files seem to be ok, and as far as I can tell, registry keys havent been changed (I'm not an expert with registry stuff). The only thing I haven't tried yet is running a virus scan in safe mode (don't know what difference that would make?)

Can anyone tell me if there is a tool to remove this virus? If so, where can I get it?



  GANDALF <|:-)> 12:12 04 Feb 2005

Turn off system restore, go to click here and follow the instructions.


  Sethhaniel 12:29 04 Feb 2005

and lose all your roll back settings

When you can get a tweak to unhide the folder and virus scan inside it -
Notice that microsofts latest beta spyware prog scans inside even when hidden.
Link is in one of my postings so will get back to you.

  Sethhaniel 12:37 04 Feb 2005

click here
look under Burrwalnut

  SANTOS7 13:12 04 Feb 2005

click here this will help,good luck.....

  GANDALF <|:-)> 13:53 04 Feb 2005

System Restore will save 'malware' programmes and these wiull keep re-occuring. Turn off sys restore and the programmes get deleted.

  Sethhaniel 14:14 04 Feb 2005

you can be selective - find which points have the malware in and just delete those :)

  andy625 14:27 04 Feb 2005

Thanks for all the advice.

I've turned off the system restore and searched "My computer" for sp.dll, and its not there. I think Norton deleted it.

I've also tried following the links relating to regedit and searching for I've not meddled with the registry before, but in regedit, when I do a registry search for "regedit", it finds some entries, but none of them are in the "run" section. I also can't find anything relating to jethomepage in the registry.

Ive looked at the adaware link which looks like it would do the job, but it seems that you have to buy it, and they don't do any trials.

Sorry if I appear a bit dense here! any other suggestions??

  andy625 15:16 07 Feb 2005

I still haven't had any luck fixing this, can anyone offer any other ideas??

  BH34 15:29 07 Feb 2005

Try this andy625

click here

  andy625 11:12 08 Feb 2005

Thanks BH34. I downloaded the stinger and ran it, but still didn't find or fix it.

If I could explain, the pc is my work pc, otherwise I'd go and buy the adware prog to fix it. Obvously I don't want to spend any of my own money on it!

I can't really ask anyone here for help, as I don't have any requirement to use the internet at work, so if I tell them I've managed to catch a virus, i'll prob get into trouble!! :)

Any other suggestions?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

InVision Studio takes on Adobe XD and Sketch

Camera tips to take better iPhone photos

Comment transformer un iPhone en borne Wi-Fi ?