Help with virus! [NA]

spiderweb

Final Approach
Joined
Feb 22, 2005
Messages
9,488
Display Name

Display name:
Ben
Please help me with this: I think I have a browser hijack virus or something. I've run spybot and adaware, but I can't get rid of it. Two things are happening:

1) I am getting unwanted popup windows and "about blank" windows

2) My VirusScan keeps detecting file name: C:\WINDOWS\VOSPU.DLL with a virus name of "StartPage-DU.dll (neither of which I can't find and delete).

Any advice would be appreciated!
 
This can get pretty difficult to trouble shoot without seeing the machine. Spybot and Adaware are great tools but there are things they don't catch. One thing I would suggest is run an Adaware scan, when it's finished scanning click the "show logfile" button and scroll down through the list of running processes. The logfile will tell you the name of the executable file and give you information like the directory path to the executable and the product and company name for most of them. If you find something you don't recognize, do a google search on the name of the executable. This may help you locate the offending code so you can hopefully get rid of it.

The really nasty ones have more than one executable that monitor each other. When you delete one, the other will respawn the deleted one often with a different name.

I've had several users machines on our network that have had problems like this. I can tell you from experience that it often takes 3 or more hours for a seasoned pro to clean up one of these machines. Sometimes it's easier and faster to just reload the system when it involves something that Adaware and Spybot can't fix.

You may also try Microsoft's Antispyware Beta or Sunbelt Software's CounterSpy.

Good Luck!

Jeannie ~ IT Manager for an automotive supplier
 
Ben,

I do this stuff for a living - e-mail me on the side if you want some help.

Bill
Good Computer Guy
 
BillG said:
Ben,

I do this stuff for a living - e-mail me on the side if you want some help.

Bill
Good Computer Guy
Thanks, Bill. Question: Spybot is picking up lots of stuff on every run, but that virus is still popping up.
 
Maverick said:
I've had several users machines on our network that have had problems like this. I can tell you from experience that it often takes 3 or more hours for a seasoned pro to clean up one of these machines. Sometimes it's easier and faster to just reload the system when it involves something that Adaware and Spybot can't fix.

You may also try Microsoft's Antispyware Beta or Sunbelt Software's CounterSpy.
After installing and updating your anti-spyware software of choice, restart and go into Safe Mode (F8 on bootup, choose Safe Mode from menu). Since the processes that normally start in Normal Mode to avoid the anti-spyware CAN'T start in Safe Mode, Spybot, Adaware, etc., tend to find more and clean in fewer passes.

I use CounterSpy Enterprise in my network now. No issues any longer. ;)
 
wangmyers said:
Please help me with this: I think I have a browser hijack virus or something. I've run spybot and adaware, but I can't get rid of it. Two things are happening:

1) I am getting unwanted popup windows and "about blank" windows

2) My VirusScan keeps detecting file name: C:\WINDOWS\VOSPU.DLL with a virus name of "StartPage-DU.dll (neither of which I can't find and delete).

Any advice would be appreciated!


BEN

What's an artist like yourself doing on a PC. You creative types are suppose to use Mac's. We don't worry about spyware or viruses
 
Brian Austin said:
After installing and updating your anti-spyware software of choice, restart and go into Safe Mode (F8 on bootup, choose Safe Mode from menu). Since the processes that normally start in Normal Mode to avoid the anti-spyware CAN'T start in Safe Mode, Spybot, Adaware, etc., tend to find more and clean in fewer passes.

I use CounterSpy Enterprise in my network now. No issues any longer. ;)

I was part of the first CounterSpy Enterprise Beta program but I couldn't get the central console to communicate with the clients. Couldn't push the clients down either, had to manually install them.

I'm looking at a few different anti spyware appliances now. I was using the Microsoft Beta to give it a try but I didn't like the performance hit. That's why I'm looking at appliances. I can just imagine how bogged down these machines would be with AnitVirus, AntiSpam and AntiSpyware software all running in the background on our PC's.

For Spam control I'm using an Appliance from Baraccuda Networks and it works wonderfully for both Spam and e-mail virus scanning. They have one of the AntiSpyware appliances that I'm looking at.

I realize now that in my post to Ben I forgot to mention booting in safe mode before running the Adaware and Spybot scans. That can be a very important part of getting rid of the really stubborn ones.

Jeannie
 
Maverick said:
I was part of the first CounterSpy Enterprise Beta program but I couldn't get the central console to communicate with the clients. Couldn't push the clients down either, had to manually install them.
Yeah, up until 1.5x, I wasn't too impressed, either. It's better now, though. Still not what I hoped for...but they're getting closer.

Maverick said:
For Spam control I'm using an Appliance from Baraccuda Networks and it works wonderfully for both Spam and e-mail virus scanning. They have one of the AntiSpyware appliances that I'm looking at.
I'm using the same box for spam/virus scanning. Great stuff. If CounterSpy doesn't finish my list of 'wants' by the time I'm up for renewal, I'll be switching to the appliance as well. Barracuda has impressed me with this product.
 
Brian Austin said:
After installing and updating your anti-spyware software of choice, restart and go into Safe Mode (F8 on bootup, choose Safe Mode from menu). Since the processes that normally start in Normal Mode to avoid the anti-spyware CAN'T start in Safe Mode, Spybot, Adaware, etc., tend to find more and clean in fewer passes.

I use CounterSpy Enterprise in my network now. No issues any longer. ;)
Thanks, Brian. I'm going to try this. Can I run spybot in safe mode?
 
corjulo said:
BEN

What's an artist like yourself doing on a PC. You creative types are suppose to use Mac's. We don't worry about spyware or viruses
I'm starting to see the light!
 
wangmyers said:
Thanks, Brian. I'm going to try this. Can I run spybot in safe mode?
Yes, you can run spybot, adaware and others in safe mode. Just do your updates FIRST in normal mode since the network/dialup connections don't work in safe mode.
 
Brian Austin said:
Yes, you can run spybot, adaware and others in safe mode. Just do your updates FIRST in normal mode since the network/dialup connections don't work in safe mode.
Thanks, Brian! I'll try it tonight.
 
Back
Top