I got infected with startpag.hi, how do I clean it?

[Ruahrc]

Ran the usual online free virus scanners today and saw a surprise, I have been infected with trojan.startpag.hi. Two scanners both found the same file (C:\windows\system32\mtwirl.dll) but neither could clean it.

Does anybody know how to clean this trojan? I ran both Ad-aware and Spybot and neither I think detects/cleans trojans either.

I hope this is why my computer has seemed to be running slowly the past couple of days...

Ruahrc

[Elburn]

Have you tried McAfee's stinger?

http://vil.nai.com/vil/stinger/

That may find it.

Also, try downloading Hijack this (becareful running it though). That may let you kill the file for cleaning.

[Ruahrc]

I ran stinger, it didn't find anything (the list on the download page did not include startpage.hi as a detectable item, but at least none of the other viruses were on my system either)

Anyhow I tried to unregister the dll with regsvr32.exe and it failed, said it could not find the unmount point for the dll? so I just erased the file (my friends' PC's did not have that dll, so i figured it was a bogus dll not critical to windows) and now the virus scanners come up clean but my system is still running slow.

I will try that new AVG7.0 listed above, but do you guys think it is something else or is it the trojan still in my system?

I can remember the exact moment things began to act funny/slow, if that helps. I downloaded some airplane sounds for MS Flight Sim 2004 and was trying them on an airplane. When I loaded the airplane everything was really slow, even after I erased the sounds and reverted back to the original sounds. Do you think the download was infected? It only consisted of wav's and txt files, so I don't think there was malicious code in it, also I got it from a pretty reputable site (www.avsim.com) which I think scans for viruses/trojans before they upload files onto their webpage. At any rate even it were infected I think they would have posted news about it at the site too?

Any other suggestions?

Ruahrc

[Elburn]

Hmm, when you bring up the task manager, is there anything that is running that is using a large amount of memory? That is, suspicous applications?

Don't forget about Hijack this, that will tell what processes are currently running on your computer.

[Ruahrc]

That is the thing, I don't really notice any suspicious processes running on my computer, I do however notice this happening sometimes (look at the attached jpg) notice how the cpu usage reported in the bottom is greater than what the individual processes report? I was transferring some files at the time from another computer but normally (i.e. before this wierd behavior happened) this type of stuff wouldn't happen (the cpu usage).

Also during times of system load my mouse gets "choppy" and "jerky" like the computer can't draw it fast enough. Again this has never happened before.

I'm running AVG7.0 scan now I will see if it picks anything up.

Also I am not very familiar with hijackthis.exe, would it help you if I posted the hijackthis log maybe you can make some sense out of it? The first time I ran it it found some browser holes I was suspicious of so I removed them but the behavior is still the same.

Ruahrc

[mazdarx7-64]

That pic is weird. I'd suggest antivir you can download it from www.download.com It gets most of the hard to kill viruses off the PCs that I work on.

[TechKnickle]

Every infection of startpage is a total pain-in-the-butt to get rid of. Your best bet if you cannot format and reload is to just stuff the file somewhere and make sure it hasnt been executed. As long as your IE homepage settings have not been tampered with, the trojan has most likely not been executed.

Try to quarantine the file, because it is really, really hard to delete. I have only had about 3 successes in deleting that .exe file, and i had to use a command prompt via DOS to do it.

[yeadon563]

Have tried A sqaured? It is a freeware malware scanner.

Yeadon563

[Ruahrc]

making some progress here, i think. I installed and ran AVG7.0 and it says it did not find anything. I install and run Spyware Doctor 2.1 for windows and it comes up with a few things, including cws and slotchbar? also a few others.

Spyware doctor freeware cannot remove any of the trojans/problems, you must register it to do so. Is there a freeware program that will both detect and delete/repair these problems? I am trying out a^2 and also antivir to see if they will pick this up.

I do have a backup of my HD although it has gotten a little old (i do a complete image backup to a normally-disconnected spare HD in my computer every so often) so if possible I'd like to fix this installation and keep going on it, although a reformat may be on the calendar at some point (this installation is going on 3 years old now, but before this problem it has run perfectly)

I'm glad I do all my real stuff on my powerbook g4, the pc is just there for flight simulator

Ruahrc

[Kuasimodem]

SpySubtract has a fully functional 30 day trial, it's $30 a year after that.