//some 3rd party need geo

Help Please - startpage.s trojan

  lahorie 11:47 17 Jun 04


I have this trojan somewhere on my pc.

I have run spybot s&d, ad-aware, cws hijacker, spyblaster, trendmicro, mcafee and sophos scans.

adaware finds the cws coolsearch registry values whilst sophos always finds the startpage.s trojan.

I have tried the sophos and trend micro recommended ways of removing these through registry keys, trouble is the values they say should be there are not there!.

And when i reboot, it reappears. Adwatch comes back with attempt to replace registry key with startpage and search assistant which i have set to block and automatic.

I would like to remove this once and for all if i know where to look for it.

Can anyone help please.


  Sethhaniel 14:44 17 Jun 04

Start - Run - MSCONFIG - startup tab -

look for 'startpage' or similar and if there untick it -

  Old Shep 15:23 17 Jun 04

Are you saying McCafee did not pick it up.Are you up to date with your dat files click here

  lahorie 15:56 17 Jun 04


Nothing in startup

Mcafee doesn't pick it up, i'm fully updated.

Sophos is the only one that picks it up.

  Old Shep 16:04 17 Jun 04

You say (And when i reboot, it reappears.) What actually appears.

  Fruit Bat 16:14 17 Jun 04

CW Shredder click here

1. Switch off system restore (loses all restore points) 2. Run shredder 3. Switch sys restore back on and create a new restore point.

this should stop it coming back.


  lahorie 22:50 17 Jun 04

Hi guys

In response to Old Shep

Adwatch comes back with registry entry is being modified, proceed or block and its always the start page entry trying to add itself to the registry.

Fruit Bat, i have run cw shredder numerous times. Sometimes it finds noting, othe times CWS search X which it removes.

I have win2k pro, sp4.

  Nellie2 12:07 19 Jun 04


I think it might be an idea if you could post a hijack log.

See click here for instructions

  jack 12:14 19 Jun 04

If you know what the trojan is called you could try this

Start/Run/Regedit/Ctrl F in the field type the name ok
delete it.

This gets rid of enough of it to stop it.

Try also McAfee 'Stinger' That will find what ever it is.

  Fruit Bat /\0/\ 12:57 19 Jun 04

Stinger click here

  lahorie 11:09 21 Jun 04

Hi all

Thanks for the advice.

downloaded reglite and found the blasted dll that was causing the problem.

Deleted it from system32 folder and from registry as key in application initialisation.

This has stopped webpages being redirected and has speeded up access no end.

Thanks for all your help, i will try all suggestions in case there is something left on the system.


This thread is now locked and can not be replied to.

What is Google Allo? What is Google Duo? Google Allo UK release date rumours and features: Google…

1995-2015: How technology has changed the world in 20 years

These clever designs help visualise a complex intelligence tool

iOS 10 troubleshooting tips: Simple fixes for the most common iOS 10 problems, from network…