HELP with startnow - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 05-15-2005, 01:27 AM   #1 (permalink)
Newb Techie
 
Join Date: May 2005
Posts: 15
Send a message via AIM to zacnaphobia
Default HELP with startnow

alright, so i downloaded Warez p2p client, big mistake
it loaded up a program called Startnow Navigation helper
i got it out of my browser, but now it wont leave my add/remove programs list.
its really starting to bug me, especially since im kinda starting to think its pulling in other stuff that i would otherwise be able to get rid of easily, and even block before it got on my comp

i dont often download stuff, so i know where it came from

but can anyone give me a clear set of directions of how to get rid of this thing, programs ill need, places ill need to go, something, even a link to somewhere that does

any help is immensely appreciated, thanks guys
__________________

zacnaphobia is offline  
Old 05-15-2005, 01:32 AM   #2 (permalink)
Monster Techie
 
Join Date: Jan 2005
Posts: 1,100
Send a message via AIM to Blitze105 Send a message via Yahoo to Blitze105
Default

No problem.

Here is what you should try.
1. Reboot in safe mode.
2. Run a search on "startnow" and delete any files that have something to do with your program that you want gone.
3. Remove it from add/remove programs.
4. Run spybot, adware personal, and some free online scans.
5. Reboot, post how it goes.

All the programs mentioned can be found here...
http://www.techist.com/showthread.php?threadid=53623
__________________

__________________
I'm Forgetful! so if i stop posting on something that i was helping you with... PM me or IM me
yahoo and aol: blitze105
you can always IM or PM me if i offend you as well, i will edit the post if i have.
Blitze105 is offline  
Old 05-15-2005, 01:55 AM   #3 (permalink)
Newb Techie
 
Join Date: May 2005
Posts: 15
Send a message via AIM to zacnaphobia
Default

still no dice with the spybot, adaware, safe mode approach
i heard something about hijack this. any thoughts?
im still lookin for stuff


if it helps

the message i get every time i click to uninstall it is:

fatal error during installation


if that is relevant, lemme know
zacnaphobia is offline  
Old 05-15-2005, 07:45 PM   #4 (permalink)
Ultra Techie
 
Join Date: Apr 2005
Posts: 720
Default

Have you removed the folder or files from C:\Program Files\? If you haven't, then do this now, also, it's best to do this in Safe mode. Now, once you're done with that, you can go to
http://www.worldstart.com/weekly-dow...cleaner4.3.htm
and download it. This is a registry checker, that is very user-friendly and will let you edit your registry, making backup(s) if you choose. In it you should be able to find this program, and have it removed from the registry via the program, therefore it shouldn't show up in Add/Remove Programs. Hope this helps(ed).

-SkyHi
SkyHi is offline  
Old 05-15-2005, 09:09 PM   #5 (permalink)
Newb Techie
 
Join Date: May 2005
Posts: 15
Send a message via AIM to zacnaphobia
Default

....thanks for the help, but its still there
zacnaphobia is offline  
Old 05-15-2005, 09:27 PM   #6 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Post your Hijack this log. Post your processes also.
__________________
Osiris is offline  
Old 05-15-2005, 09:57 PM   #7 (permalink)
Newb Techie
 
Join Date: May 2005
Posts: 15
Send a message via AIM to zacnaphobia
Default

Logfile of HijackThis v1.99.1
Scan saved at 8:55:41 PM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\gwdmssp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Zac Mudd\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [twkxsn] c:\windows\system32\gwdmssp.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


lemme know if you find anything other than startnow as well
zacnaphobia is offline  
Old 05-15-2005, 10:07 PM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Delete this ASAP

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Process File: svcproc.exe
Process Name: Trojan.Win32.Stervis.b

Description: svcproc.exe is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of it’s author’s sponsors. This program is usually installed through consent, however is sometimes packaged as another product. It is a registered security risk and should be removed immediately.
Osiris is offline  
Old 05-15-2005, 10:32 PM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Detection and Removal
Manual Removal

Follow these steps to remove StartNow.HyperBar from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

Unregister these DLLs with Regsvr32, then reboot:

systemroot+\system\hyperbar.dll
systemroot+\system32\hyperbar.dll


Clean Registry:

HKEY_CLASSES_ROOT\clsid\{1bc1fc4b-b0d2-4d8d-9307-2e40e2a8c257}
HKEY_CLASSES_ROOT\clsid\{4b2f5308-2cb0-40e2-8030-59936ed5d22c}
HKEY_CLASSES_ROOT\software\microsoft\windows\curre ntversion\explorer\browser helper objects\{4b2f5308-2cb0-40e2-8030-59936ed5d22c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1bc1fc4 b-b0d2-4d8d-9307-2e40e2a8c257}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4b2f530 8-2cb0-40e2-8030-59936ed5d22c}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{1bc1fc4b-b0d2-4d8d-9307-2e40e2a8c257}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{4b2f5308-2cb0-40e2-8030-59936ed5d22c}

Remove Files:

systemroot+\system\hyperbar.dll
systemroot+\system32\hyperbar.dll
Osiris is offline  
Old 05-15-2005, 10:48 PM   #10 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

He also has scvhost.exe running, 2 process

Its a virus known as W32/Agobot-S virus
__________________

Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:00 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.