How can I remove trojanhorse.startpage.6.y and5.bf?

I refered with some other website and found this issue remains after you clear with your antivirus and spyware tools. I would like to suggest the following steps to get ride of it.

solution 1: Go to internet options, General Tab, Tempory internet files section, Settings, View Objects and deleted an Object that had a status "unknown", Creation date "none" and last accessed "none".

Solution 2: finding the pogous DLL file and deleting it from your computer.

1. Open Internet Exploer

You will see about:blank and the crap page

2. Click "view" -> "Source"

You will see something like following:
res://%44%3a%5c%57%49%4e%44%4f%(etc,), highlight and right click and copy

3. Go to this website
http://www.simplelogic.com/Developer/URLDecode.asp

4. Paste the code you just copy.

You will see a ***.dll files shows up.

5. Use windows exploer and Go to the directory where it's in (windows/system32) and activate "show hidden files" in this directory. Close all applications. Removing the dll file is not possible, but you can rename it, so do that! Than restart.


Note : By the way, in order to reanme, you have to select the file and then press F2 key on the keyboard.
To show hidden files, you have to click "Tool" -> "Option" and then "View" check "Show hidden files".
Thanks to Rick.

Also check the hidden culprit in the following registry key.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

You need to remove it. Some folks say to change the registry key value to random characters using the free reglite utility (which may work as well) but I removed the key. The value of the key is hidden and causes Windows to load the trojan DLL every time any application is run.

Don't foget to block your computer from feature infection with norton firewall.

Download Norton Personal Firewall.
Configure a rule to always block Port 138
Configure a rule to completely block IP address 192.168.1.255 (or other x.x.x.255, depending on your network) and this should stop about:blank

Murray
January 2005

start windows in safe mode
delete c:\windows\system32\system32.dll
delete c:\windows\secure.html
run in normal mode
execute regedit
search for system32.dll
delete all keys and values found
open c:\windows\hosts
delete all values
replace with :
127.0.0.0 localhost
run internet settings before IExplorer
change start page value from secure.html to blank page
execute IExplorer
and pray.....

Charles
June 2004