Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'
Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot

Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop & not directly on your hard drive).
If you have anything disabled in MsConfig, please re-enable it/them.
Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is harmless & even necessary to the running of your system.

How to Remove the Trojan Startpage.4.A0 Spyware/Virus (Internet Browser Hijacker)
(From Windows 98/98SE/Me)

Symptoms

Startpage.4.A0 (SP4A) re-directs your browser startpage to a non-identifiable web search page. Attempts to reset your default web page fail repeatedly. The Trojan continues to reset your startpage. The Trojan does this by continuing to copy a series of xxxx.dll files into your Windows/System folder - these files are detected by most virus checkers and can be deleted manually. However, deleting the xxxx.dll files will not solve the problem as the SP4A Trojan will continue to generate randomly named xxxx.dll files in the Windows/System folder. These xxxx.dll files are loaded each time you start your browser and reset the startpage to the undesired search page.

Another test that can be performed to see if you have the SP4A Trojan is to run the Windows games "Freecell" and "Solitaire". If you have the Trojan on your system, "Freecell" will normally fail to run and "Solitaire" may start but display garbled letters in the title box and will then freeze.

Steps to Remove the Startpage.4.A0 Trojan

1) Download http://download.broadbandmedic.com/HostsFileReader.exe. Run the program and click on the "Scan for Hosts" button. Any host files found on your system will be listed in the bottom window. Select any host files found and press the "Reset Default" button. Exit from the program.

2) Download "Startdreck" Version 2.1.5 from http://www.niksoft.at/download/startdreck.htm. Unzip to it's own
folder.

3) Download "Win98fix.zip" from http://www10.brinkster.com/expl0iter...ast/pvtool.htm. Unzip to it's own folder.

Note: If the above links should fail, simply run an internet search with your favourite search engine and you should be able to locate the files. You can also copy and paste the above links into your web browser.

4) Run "StartDreck.exe". Press "Config" and "Unmark All". Check these boxes only: "Registry - Run Keys" and System/Drivers - Running Processes". Press "OK".

In the on-screen log that is generated, look under the section "Local Machine, RunServicesOnce" for a line that is similar to:

aaaa=rundll32 C:/WINDOWS/SYSTEM/xxxxxx.dll, StreamingDeviceSetup.

"aaaa" will any random alphabetic letters and "xxxxxx.dll" will be the name of the offending SP4A Trojan file that must be removed. Note the name of the file as it appears for your system. Mine was "winenh.dll". However, this file will not yet be visible in the Windows/System folder - even though you may have the folder view setting "show hidden files" turned on.

5) Go to the "Win98fix" folder created in Step 3 above. Find the "RunFix.reg" file. Single (or double click) on the file to bring up the "Registry Editor" box - click "Yes" to merge the file with your Windows registry file.

6) Restart your computer/Windows.

7) After system reboot, the offending "xxxxxx.dll"file will now be visible in the Windows/System folder. Delete the "xxxxxx.dll" file and the SP4A Trojan will be deleted from your system.

8) Test to see that the Trojan has been removed by running "Freecell" and "Solitaire" - they should now function normally.

Pirate Pete
Ottawa, Canada
June 14, 2004