Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

StartPage.AMB aka Trojan.Win32.StartPage.jo

by shelbud Dec 18, 2005 7:14AM PST

I ran Panda's ActiveScan and it reported the subject Malware. Anyone have experience deleting it. I'm a computer novice and don't really want to muck around with the Registry. I have the lastest McAfee anti-virus; also run CWShredder; Registry Mechanic; AdAware SE; and Hijack Browser Blocker.

Discussion is locked

9 Posts
- Collapse + Expand Details
- Collapse -
Shelbud, More Information Please
by Grif Thomas Former Forum moderator Dec 18, 2005 9:32AM PST

Please tell us the operating system you are using..In addition, tell us the file NAME that was detected and where it currently resides on the computer..

Since you mentioned an "aka" does McAfee also find the problem? One more thought...The free Ewido program is an excellent Trojan remover. From the link below....Please download, install, update, then restart your computer into Safe Mode, then run the Ewido full system scan. It should remove your problem.

Ewido Security Suite

How To Start In 'Safe Mode'

Hope this helps and let us know how it goes.

Grif

- Collapse -
More Information
by shelbud Dec 19, 2005 3:29AM PST

I run Windows XP. McAfee did not detect it. Panda gave the following location but did not identify the complete location.

c:/Documents and Settings/Owner

- Collapse -
Shelbud, Well, We Still Don't Know Much More Than...
by Grif Thomas Former Forum moderator Dec 19, 2005 3:49AM PST

...when we started..We still need to know the name of the file and it's exact location..I'm asking because it may be a false positive. (Not really a virus/trojan at all.) There's no way to know till we know the specifics. By the path you've described, please delete all the files from within the Temporary Internet Files folder and the Temp folder which reside at C\Documents and Settings\Owner\Local Settings\Temp and Temporary Internet Files. After cleaning out those folders, then run another scan at Panda.

In addition, make sure to download, install, update, the run the Ewido program I recommended earlier while in Safe Mode.

Hope this helps and let us know what you find.

Grif

- Collapse -
Follow up
by shelbud Dec 19, 2005 4:36AM PST

I ran panda again and stopped it as soon as the malware showed up. I was able to get the following info.

c:/Documents and Settings/owner/Favorites/Health

I believe one of the safeguards I've installed may have the name PC Health in it.

sheldon

- Collapse -
Sheldon, That's A 'Favorites' Link and Can Easily...
by Grif Thomas Former Forum moderator Dec 19, 2005 4:48AM PST

..be deleted by opening Internet Explorer, then click on the "Favorites" menu in the upper left, then RIGHT click on the "Health" listing, choose "Delete".

That said, it seems strange that a website link would be detected as spyware/virus/trojan..As I suggested earlier, run scans with the other tools I suggested. If they don't find a problem, then you have some further information the detection is a false positive.

Then again, it won't hurt anything to the delete the "Favorites" link right off. It's your decision.

Hope this helps.

Grif

- Collapse -
Trojan
by shelbud Dec 19, 2005 6:14AM PST

I agree-I don't think it's associated with a web page. I've done everything suggested so hopefully it's a false positive. I noted that it was created on 11/16/05. Is there a way to set the system back to before that date?

sheldon

- Collapse -
Sheldon, Please....
by Grif Thomas Former Forum moderator Dec 19, 2005 7:10AM PST

Simply delete the Health shortcut from the Favorites location, then scan again. If you happen to have a "third party" "Health" program installed in your Add/Remove Programs, then uninstall it..If it's gone, then it's gone and nothing else needs to be done.

PCHealth is a program installed by many default Windows HP HOME systems and as such is legitimate..ON the other hand, if you've installed something from a third party vendor, then who knows what it might have placed in the "Favorites" section. Start by simply deleting the Favorites addition and run a scan again. There's no need to us System Restore unless required.

Hope this helps..

Grif

- Collapse -
Trojan
by shelbud Dec 20, 2005 3:52AM PST

I've followed all instructions including deleting the Health folder from favorites and...viola...all's clean.

Thank You.

Sheldon

- Collapse -
(NT) (NT) Way To Go Sheldon!
by Grif Thomas Former Forum moderator Dec 20, 2005 3:58AM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info