I have a Trojan on my computer that Avast antivirus identifies as Win32:Startpage.trj. I can't find any reference to this file outside of Avast's database, and that specific file doesn't exist. It's a browser hijacker that likes to change IE start pages and, sometimes, change browser windows to its own "Search for..." page. I've tried all other scans, including virus and spyware, run things like the RAV online scan: all come up empty. FWIW, the virus/trojan doesn't cahnge files, it creates new .dlls to manipulate my settings. These .dlls are what my AV software picks up.
It stinks, I'm tired of it. Figure out how to make it go away and you win a prize.
Posted by Chris at June 25, 2004 04:31 PMSpybot should take care of it since it's aimed at getting rid of browser "enhancement" programs like that (make sure it's fully updated). That, or Ad Aware.
Posted by: Rick at June 26, 2004 02:10 PMC'mon Ricky Nelson Teen Idol, I've been running AdAware and Spybot weekly since I lived in Nathan's house. But yeah, thanks for trying. I haven't yet tried all the steps in John's links, but those look to be pointing in the right direction.
Real quick - the removal site says I need to disable crss.exe, but Windows won't let me, claiming it's a critical system file. How do I get around this? Also, a system search doesn't find this file. Grr...
Posted by: Chris at June 26, 2004 02:32 PMHmm... yeah, the file is hidden in a DLL file, so you won't be able to find it. Some trojans create a fake crss.exe. If this is the case, use a program like Startup Mechanic to control what starts when Windows loads, and turn off crss.exe. Or you can just go into the registry. Start -> Run -> "regedit", and then it's in HKey Local Machine -> Software -> Microsoft -> Windows -> Current Ver -> Run. If you see a crss.exe in there, delete it. Oh, and if Avast still bitches about the virus even after it claims to have deleted it, it's cause the virus is stuck in a System Restore file. So you'll want to disable System Restore before running Avast (right-click on My Computer -> Properties -> SR Tab).
Posted by: Rick at June 27, 2004 02:24 AMIf none of the rest of it works, you can reimage your hard drive.
Posted by: at June 28, 2004 11:08 AMI'm guessing Nate, the king of hard drive wiping, posted that. I probably will wipe the drive if I can find a legit copy of XP and install SP1. FWIW, crss.exe isn't listed in the registry and, after cleaning the startup of all non-essential files, it still pops up after a boot. Also, SysRestore has been off for like two years.
Posted by: Chris at June 28, 2004 04:36 PMIn the words of Shaggy, 'it wasn't me'
Although since all of the "important" shit you have is on another drive, wiping it isn't out of the question.
Windows sucks ass....get RedHat
Posted by: Nate at June 29, 2004 07:02 AM