Hi folks, I have a trojan called Trojan.Startpage and cannot get rid of it. I've tried: NortonAV (but my hopes weren't high as it doesn't seem to do much with trojans); CWShredder (which deletes a hidden dll, which returns soon after); Spybot S&D (didn't work); AdawareSE (deleted it, but it came back); HiJack This (the entries I removed came back); I've messed around tracking it down, tried to outfox it by creating folders with their file names, etc (after I tried everything on several forums!) and other stuff I can't quite recall. Trojan.Startpage still comes back every few hours or so, and it's driving me NUTS. I suspect it all comes down to finding the file or registry key that kicks the whole thing off. (It creates a new random-name.dll in Windows\System32 every time I've "fixed" it so far - is finding the creator of this file the key?) Can anyone help? I can supply HiJack This logs, etc, on request and I'd appreciate any help very much. BL

It is a toughy. I just got rid of it on a friends pc yesterday. The trick is to make sure system restore is turned off and all restore files are deleted. Now disconnect from the web and clean out your prefetch files and temp files. Now you have to use not only spybot but adaware SE also to purge the adware that it hides behind. I then used AVG and found the culprit and had it quarantined and then deleted.I then used "regscrupXP" which removed the false reg files, then used "crap cleaner" and "cwshredder" then plugged back in to the web and went to www.trendmicro.com ran their free scanner and it picked up and was able to deleted it permanately. NOTE*** Mcafee was unable to clean it and I actually had to uninstall it so that AVG would be able to work. also it took all of the programs working togeather to corner it so that it could be fixed. Eack removal tool found some part of it to remove it but none of them were able to fix it by itself. IN THE MATTERS OF STYLE, swim with the current; in matters of principle, STAND LIKE A ROCK

burning lieutenant, be aware that a virus and a trojan are similar, but not the same, that sounds like lots of work. Many times an AV like Norton's can detect one it can't handle. In order to keep it out, suggest Zone Alarm, that will give you a firewall to block anything on the internet from getting access to your computer. You can get ZA free @: http://www.zonealarm.com/store/content/company/zap_za_grid.jsp Since you obviously have Spybot, take a look at the options it offers. Immunize will lock your homepage so it can't be changed (lots of nasties try to change it). There's a free online trojan scan @: http://www.trojanscan.com/trojanscan Dunno for sure, but suspect it can clean your nasty. HTH. Ed in Texas.

Thanks guys, I'll be trying this at the earliest opportunity (at work for now). Lurkswithin: (Appropriate name for this problem ;-) Although I cleaned out all Temp files, I didn't do Prefetch - good call. When I listed the things I tried in my first post, they were done in various combinations in safe mode, all with sys-restore off. As you correctly point out, each detection program finds different bits the others can't. Some of them detect the same thing and will come up clean if it's counterpart got there first. I'll give the reg cleaner and crap cleaner a go too, along with the TrendMicro scan. Ed in Texas: I should clarify that Norton AV DOES detect and try to delete/quarantine/etc the trojan. The catch is, it can't stop it. (But it lets me know it's there - as if 50 pop-up windows saying "You may have spyware" wasn't a clue... ;-) I have a hardware router (but it's cheap so I don't trust it that much), but cannot use ZoneAlarm (due to problems caused when Norton & ZA are on the system together - apparently it's a known ZA bug). I was trying to get the Sygate Personal Firewall but it won't install (component missing). I had this down as a side effect of the trojan too... Anyway, looking into a firewall. Immunizing my homepage sounds like a great idea - didn't know about it. Thanks! Thanks both of you - if you have any more suggestions, keep 'em coming (if you feel inclined, of course) and I will let you know how it works out. BL

Trojan.Startpage APPEARS to be gone from my system. Thank you Lurkswithin and Ed! I'm still experienceing some odd behaviour (sometimes explorer.exe uses 9MB, other times 22MB or 30+MB - is this normal? I figured out that the virus hijacked explorer, but it seems to have gone). When I get the chance I'll post the steps I took so we can help other users. Crap Cleaner is a nice little tool, by the way. Thanks again! BL