Help with Startpage Trojan

[MJ]

After having my Dell laptop running XP Pro for a month, I got Trojan Startpage.BZP. When I run Windows 2000 for over 7 years, I don't recall having my system infected.
It comes up when I either start firefox or thunderbird and when I close thunderbird. My AVG AT 7.5 detects it but all I can do is heal it, every time I run these programs.
I couldn't find any reference on google, symantec, mcafee or AVG for this specific Trojan. I did found other Startpage trojans but these effect the IE start page. I don't use IE.

Can someone give me a clue on how to rid my laptop of this pest.

Boy, I am beginning to dislike XP.

MJ

 

[donheff]

Have you tried starting in safe mode and then running AVG?

 

[MJ]

Have you tried starting in safe mode and then running AVG?

Yeah but AVG found no threats. I did a search for this trojan but can't find it so I don't know where it is.

What a pain in the butt!

MJ

 

[MJ]

I don't understand why, if AVG recognized this trojan, it allowed the trojan to infect my system. Now, it's telling me after the fact that I have this trojan. I also schedule an AVG download/update every 2 hours so I should have the latest protection on my system. Perhaps this is a very new trojan. Lucky me.

MJ

 

[Ed_The_Gypsy]

I am more than ever motivated to move to freeBSD.

 

[cute fuzzy bunny]

AVG might not be fully effective against some threats. Not the first time I've heard that it whiffed on something.

Try downloading and running windows defender then run it alongside avg. Defender is the technology thats embedded in Vista.

http://www.microsoft.com/athome/security/spyware/software/default.mspx

As a last ditch effort, Look up the stuff on symantecs website on the generic Startpage malignancy and follow its instructions for removal...it involves deleting some stuff in various places just to make sure the thing is ferreted out.

 

[chinaco]

Have you tried a spyware remover?

Here is a tip on the spyware stuff. If you do not follow the instructions exactly, the spyware will survive after you run the clean.

I have had spyware that required me to take some steps and i did not follow them exactly and it survived. Case in point, the spyware would restablish itself because I did not follow a specific manual step that was indicated... I overlooked it the first time.

 

[MJ]

Neither Spybot or Windows Defender detected the hidden trojan.

The symantec instructions appear to be rather old and refers to names that don't exist on XP SP2.

What disturbs me is that I cannot find any information on this trojan .BZP, so would the various removal instructions I find on google, remove it?

Also I did mention that these startpage trojans supposedly change the startpage of IE. Although I don't use IE, I started it and saw no page change nor did I get a AVG trojan alert. I just get the alert when I start thunderbird and firefox and when I close thunderbird.

MJ

 

[eridanus]

Is it a false positive? Can you re-install Firefox?

You can try "Hijack This" also. It's for the more advanced user, but the Hijack community is friendly and will help you understand the output.

 

[Janet H]

Try uninstalling Firefox and then load a new version, see if this helps. You also might try a program called Spyware Doctor - you can get a free download. It's pretty good with these kinds of threats.

 

[ERD50]

I am more than ever motivated to move to freeBSD.

What's stopping you? Looking at threads like this makes me glad I have never had to deal with any of this.

More info here:

Apple - Mac OS X Leopard - Technology - Security

-ERD50

 

[MJ]

This trojan seems to be attacking the 2 Mozilla applications which I though were more resilient to bug attacks.

I will probably reload both apps, though I suspect the trojan is hiding outside of them.

MJ

 

[neels]

I upgraded my Miranda IM on Friday to v0.7.1 (I use MirandaPortable and copied the files from the regular installed version to that folder so I can also use it on my flashdrive) and then this morning immediately when I opened it, AVG popped up and told me that it found .....\Locals~1\temp\nso164.tmp\registry.dll - Trojan horse Startpage.BZP. Now I don't know if this is a coincidence or if Miranda really has been compromised (that temp folder mentioned only contains 3 other files - all related to MirandaPortable)... or maybe it's just AVG giving a false positive... anyone with answers?

 

[dan96max]

Im having this same problem with thunderbird protable. I think the bug is with AVG and that this isnt actually a threat. The virus scans dont pick it up because its a temp file. The files only there when you open that particular program. Mines for a temp registry file and pops up with the splash screen of thrunderbird.

I also tryed back up copies of thunderbird on other flash drives and other computers that use AVG and all had the same issue. It seems unlikely that they all got infected with the same virus at the same time.

Keep this thread posted if you guys figure anything out. Its really annouying to have virus alerts pop up everytime you open your email.

 

[justin]

Try using systemrestore and go back to a previous save point until the trojan problem goes away.

Or the old fallback should work: reinstall the operating system and start from scratch. Make sure to format the hard drive.

 

[Zathras]

First guess is it is a false positive. You can also try Trend Micro's 'Housecall'. It is a free online scanner (Antivirus & Content Security Software | Securing Your Web World: - Trend Micro USA) which does a pretty good job.
I don't think FF is any more secure than IE, it is just not as big a target. Once it gets bigger than IE (which I expect to happen) it will have many more people gunning for it.

 

[dan96max]

What OS are are you guys on that are having the problem? Seems to only be happening on my vista machines. I just tryed it in an xp machine with the latest avg updates and everything was fine, no virus warnings at all.

A full format is a little exteme for this problem though and may or may not fix it. When doing these other virus scans, make sure the program is running and you hit ignore when avg pops up the virus warning. This way the temp file is still there for the other virus scanner to find. Im going to try a few today and see if I have any luck.

 

[Jay_Gatsby]

What about using Trojan Hunter?

 

[ERD50]

I don't think FF is any more secure than IE, it is just not as big a target.

According to wiki/CERT, FF is more secure. I wish they gave a number, I don't know how significant 'not as many' is?

-ERD50

Like other browers, Firefox too has had a number of vulnerabilities that have affected its security, although according to CERT, not as many as Internet Explorer.

 

[MJ]

Im having this same problem with thunderbird protable. I think the bug is with AVG and that this isnt actually a threat. The virus scans dont pick it up because its a temp file. The files only there when you open that particular program. Mines for a temp registry file and pops up with the splash screen of thrunderbird.

You might be right.
Unless the trojan went to sleep, this morning when I restarted both firefox and thunderbird, I didn't get the AVG alert message. What is also strange is a program that was in memory rundll32.exe which several sites recommended to end (which I did) is not in memory at this time. I was never able to find in on my drive as well. For me ,outside of the AVG threat alert, I never noticed that it effected me (yet).

MJ

 

[eridanus]

rundll32.exe runs DLLs in 32 bit mode. It's needed by some apps. Here's a way to see what it's running.


What's the suspicious Rundll32.exe process?

 

[cute fuzzy bunny]

What's stopping you? Looking at threads like this makes me glad I have never had to deal with any of this.

More info here:

Apple - Mac OS X Leopard - Technology - Security

-ERD50

"The Mac OS X Leopard firewall failed every test. It is not activated by default and, even when activated, it does not behave as expected. Network connections to non-authorised services can still be established and even under the most restrictive setting, "Block all incoming connections," it allows access to system services from the internet."

Whoops.

MJ, I cant find any info on this trojan either, so I'm inclined to agree with the 'false positive' line of thinking.

Firefox isnt any more 'secure' than IE much like OS X isnt any more secure than Windows. Any big hunk of code thats worked on by hundreds or thousands of people has bugs and vulnerabilities.

In both cases its a lack of virus writers for one vs the other. Some rather serious deficiencies in Firefox have been discovered and unfortunately left unpatched for a fair period of time. Same with OS X.

Given that it enjoys a limited fascination among the 12 year old script kiddies who write viruses, and doesnt cost you anything, firefox is still a good choice.

At least you arent paying a price premium for something that really isnt any better, and dont have any false perceptions about the product quality.

There also isnt much to be said about XP's vulnerability vs Windows 2000. Both share enough code that they've pretty much got the same pros and cons from a security perspective. In fact, XP may have a few goodies that 2000 doesnt have. Vista has a few more than that, but so far has so many other problems with compatibility that I dont recommend it.

 

[ERD50]

"The Mac OS X Leopard firewall failed every test.....

Whoops.

In other words, you STILL have not been able to find a single case of a virus spreading through the Macintosh community and doing damage. So instead, you dig up these references to potential security vulnerabilities.

Why does the fact that Mac users have not had any virus or spyware problems bother you so much? It doesn't bother me that you prefer Windows. To each their own.

I may or may not have time today, but I plan on starting a new thread on the OSX virus subject. I think that would be better than dragging little snippets of FUD and responses to FUD into any thread where someone expresses an interest in an Apple computer.

I think I can make it quite clear, that if these potential security vulnerabilities were very significant, that Apple users would be inundated with virus and spyware problems, regardless of the market share numbers.

Later.

-ERD50

 

[cute fuzzy bunny]

Security Geeks Say Leopard Needs Patches - Yahoo! News

Whoops again. Not only do they have a bad firewall and forget to enable it, their new security features arent particularly effective.

Care to point out where someone expressed interest in an Apple computer in this thread until you taunted the OP about the supposed superiority of an OS that is far from superior?

Dont pull the finger unless you enjoy the stink.

 

[ERD50]

Security Geeks Say Leopard Needs Patches - Yahoo! News

Whoops again. Not only do they have a bad firewall and forget to enable it, their new security features arent particularly effective.

Care to point out where someone expressed interest in an Apple computer in this thread until you taunted the OP about the supposed superiority of an OS that is far from superior?

Dont pull the finger unless you enjoy the stink.

CFB, try arguing the points here:

http://www.early-retirement.org/forums/f27/any-virus-issues-macs-31008.html#post572927

You are like an old broken record, -----vulnerabilities<skip>, -----vulnerabilities<skip>, -----vulnerabilities<skip>, -----vulnerabilities<skip>, . Yet, once again you selectively edit:

"I don't see anything that they've done out of the box, where it's really any more resistant to attack than Tiger was,"

Of course, there has not been a single damaging malware incident against Tiger (or Panther for that matter), so what's the problem with not being 'any more resistant', when they have not had any exploits? Why do you like wailing about this?

Now, excuse me while I look into the sky for meteors. You know, we are vulnerable to attack...

-ERD50