Annoying Trojan called StartPage-EH.....Please help me !!!

Discussion in 'malware problems & news' started by wans, Dec 1, 2004.

Thread Status:
Not open for further replies.
  1. wans

    wans Registered Member

    Joined:
    Dec 1, 2004
    Posts:
    1
    Dear All,

    I have a problem with Trojan detected by McAfee as StartPage-EH. The antivirus says that the file being infected is BEHKNQTW.DLL (located in directory windows\system). However, the antivirus cannot clean it nor can it delete the infected file.

    I then tried deleting it manually (by using both windows explorer and DOS command line but not succeeded that's to say the BEHKNQTW.DLL cannot still be deleted. Is that file required by the windows, I mean what file is it?

    The symptoms I undergo is when I opened the IE Browser to a certain address, say www.yahoo.com. It redirects me to page http://ssearch.biz displaying look like Search Engine but Nothing can do with it.

    I use Win98SE with IE v6, many removal tools I have been trying i.e. SpybotS&D, CWShredder, Doctor Spyware,Spyware Guard, and the likes. I also tried resetting Web Setting to its default

    But the Trojan is still there. It comes back again.

    Your help to get rid of this annoying thing will greatly be appreciated.


    Best regards,
    Wans
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  3. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Firstly, I recommend going to McAfee's Encyclopedia for searching this.
    You may like to delete the offending dll by hand (just have a copy stored in some other place to restore if need be)
    Run spybot SD http://security.kolla.de --->old page
    Also run Adaware http://www.lavasoft.de --->Notice the german hand in the best anti-spyware efforts.
    Then use Javacool's fine software http://javacoolsoftware.com/ ~spyware blaster~ and ~spyware guard~.
    Note: Spybot has a real-time (active) protection module called teatimer and a "bad download" blocker for IE. It also has an On-Demand scanner. Adaware (free) has only an On-Demand scanner. These two with proper updates applied are pretty much unbeatable.
    Javacool's software SG is like TeaTimer, but it works with mozilla firefox too. While SB blocks the installation of spyware by blocking the installation pathways (AFAIK).
    G'luck.
     
  4. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi for future protection consider getting a firewall, there are quite a few free 1s that are very good [ZoneAlarm etc]

    Also using an alternative browser such as FireFox or Opera will give u a bit more protection that IE.
     
  5. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Maybe this thread should be moved to support threads?
    Also, I think someone ought to see whether this was DNS hijacking or not... I *think* it is, but I'm not sure (I'm really not qualified to handle DNS hijacking yet). see quote below
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes. I will move the thread now ...
     
Loading...
Thread Status:
Not open for further replies.