dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
10175

Jimbo406
Premium Member
join:2001-01-07
New York, NY

Jimbo406

Premium Member

Trojan.StartPage.GEN

Spyware Doctor is detecting this and it keeps coming back. I have sent an email to them at Tech Support but their response time is pretty slow. I'm hoping someone can help me out here.

HKCU\Software\Microsoft\Multimedia\ActiveMovie
HKCU\Software\Microsoft\Multimedia\ActiveMovie##
HKCU\Software\Microsoft\Multimedia\FilterCache
HKCU\Software\Microsoft\Multimedia\FilterCache##
HKCU\Sotware\Microsoft\Multimedia\FilterCache##0

It keeps coming back. How do I get rid of this?

CajunTek
Insane Cajun
Premium Member
join:2003-08-08
Arlington, TX

CajunTek

Premium Member

Try these tools, if they don't fix it, post a hijackthis log..
»Security »I think my computer is infected or hijacked. What should I do?
B04
Premium Member
join:2000-10-28

B04 to Jimbo406

Premium Member

to Jimbo406

Perhaps those are merely harmless artifacts along the lines of "tracking cookies" and they get rewritten when you use your media player.

If it's detecting ONLY these registry entries and NOT any actual files, then it hasn't actually found anything harmful...

-- B

Jimbo406
Premium Member
join:2001-01-07
New York, NY

Jimbo406

Premium Member

but how would they get written with media player? i'm not even using it. if someone thinks that if i post a hijack log i will if it will help. i run ewido, boclean, spybot, nis2006, spywareblaster, spyware doctor and trojanhunter.
B04
Premium Member
join:2000-10-28

B04

Premium Member

I dunno -- there seems to be exactly one piece of malware -- a trojan adware deal -- that touches those keys -- »64.233.161.104/search?q= ··· ie&hl=en

But I'm not at all convinced you have anything unusual going on. Perhaps other Spyware Doctor users can help.

And of course, yes, go through the FAQ mentioned above if you're feeling concerned.

-- B

guest1
@dsl.emhril.ameritech

guest1 to Jimbo406

Anon

to Jimbo406
i get the same exact thing... it just keeps coming back when i rescan with spyware doctor... im scared its gonna kill my computer!

BKD
@pipex.com

BKD to Jimbo406

Anon

to Jimbo406
I'm getting exactly the same thing with Spyware Doctor too... I can remove the registry entries with regedit but it keeps coming back, I'm sure that I'm getting infected from some website or other.. I must try and isolate it.

Weird.

Jimbo406
Premium Member
join:2001-01-07
New York, NY

Jimbo406

Premium Member

I received a response from tech support that it is a false postive. Just run Liveupdate and you should be all set.

Freaked
@adsl.wanadoo.nl

Freaked to Jimbo406

Anon

to Jimbo406
I suffer from the same problem,

spyware doctor keeps coming up with these results:

Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High

I have this issue for about three days now.
I use AVG antivirus as well as etrust, my sys is virus free.
Also I have microsoft antispyware and hitmanpro installed.
None of these programs find anything on my sys. The only rapport is that of spyware doctor.

Fortunately, as a noob I`m lucky enough to work with people who support Windows. I`ve concluded from their explanation, that the HKCU\Software\Microsoft\Multimedia\ActiveMovie
ads itself to the registry when using media aplications, this is a completely normal feature in windows.
I have two same computersystems in my house and both have the same spyware doctor issue.......
IT MUST BE A FALSE READOUT.
No need to remove these REG keys by hand.
If you simply reboot your sys and use no media applics. and let spyware doctor run, you probably won`t find anything.You can check what`s happening to your systems registry if you run REGEDIT. As soon as you run a form of media application, the "activemovie" will ad itself to the multimedia register, and spyware doctor comes up with these so called infections.
I`ve let the windows people have a look at my "Hijack This" log and nothing proved to be even remotely out of the ordinary.
After reading the last comment on this page, with the reply from the people of spyware doctor speaking of a false readout, I feel a little more reasured.
The strange thing however is, that my version is completely up to date and I still also have the same issue.....

Keep wondering why this seems to take so long.

I recently had an issue with AVG antivirus recognizing the hitmanpro exe and surfright exe files, as infected visusses as well. I just lost one evening over this, going absolutely nuts with so much protection... after discovering the issue was just caused by AVG and was solved within the same day with an update.....
Therefore even I am still a little bit freaked out over this, It`s good to know though, that the other sys in the house suffers from exactly the same issue, and isn`t used by me....and hasn`t been to the same sites, it must be false readout .......(Orrrrrrrrrrr maybe not, Where are the people fm spyware doctor, I cannot complain because using the free version, HI.)

Freaked

R0Y
@range217-44.btcentra

R0Y to Jimbo406

Anon

to Jimbo406
Thank goodness for these bits of information as i've been tearing what little of my hair is left out over this. I too run AVG, Microsoft Antispyware and Spyware Doctor.

Just recently Spyware Doctor starting alerting me to trojan.startpage.Gen, 6 infections of it to be exact and that's where the paranoia started....
Downloaded McAfee stinger and run that, nothing, did an online "Housecall" nothing, downloaded and ran Trojanhunter again nothing. No wonder nothing was being found if it's just a false positive being thrown up by Spyware Doctor, actually wonder if it's because they've been trying to get me to upgrade to a paid version - they wouldn't be that underhanded would they?.
vidall
join:2005-11-29
Norfolk, VA

1 edit

vidall

Member

try running KillSpy (download from my signature), it may be that you just have some fragments left of the infection and it is really good at detecting them.

R0Y
@range217-44.btcentra

R0Y to Jimbo406

Anon

to Jimbo406
I wouldn't bother with KillSpy -

According to »www.spywarewarrior.com/r ··· ware.htm - " killspy.net uses a flawed, inadequate detections scheme [A: 11-25-05 / U: 11-25-05] "
R0Y

R0Y

Anon

Just to leave you know doubts about Killspy, read another review of it here, seems i'd be left with more false positives than spyware doctor .

Read the review at »www.2-spyware.com/review ··· net.html

Freaked
@adsl.wanadoo.nl

Freaked to Jimbo406

Anon

to Jimbo406
Don`t know nothing about killspy, except that it does get bad reviews.
But guess what? I`ve always used spyware doctor and never had any issues with it (untill now), except for it being very "strict" with hits. But if you google with "spyware doctor false positive" you will find numerous sites that don`t speak very highly of the free version of spyware doctor, because of it`s many false hits.....followed by remarks about the manufacturer wanting people to upgrade to the registered payed version.
I can honoustly say that I`ve never had any trouble with spyware doctor before, but I find it remarkable that it seems to see this
HKCU/software/microsoft/multimedia key (part of windows operating sys) as a trojan.
I also found a spanish Tech forum which are discussing the same Trojan.startpage.gen issue by the way, and although my spanish is as crap as my technical knowledge, I could clearly make out the comments on spyware doctor causing this.

I`ve also noticed something else, since at least 2 days, I think even 3, I haven`t been able to get any updates for spyware doctor. MMMMMmmmmmmmmmmmm.

As I`m typing this I have my sys running for about two hours now, and haven`t run any media application yet(windows media player, real player etc.) and spyware doc is doing a scan. Guess what?
NO INFECTIONS whatsoever.....

Has anyone tried the rebooting trick without running media and directly scanning with spyware doctor?
I`ll bet $100 that you won`t find anything (you can stop scanning once the registry scanner has reached the T of Trojan.startpage.gen)
Then retest it after running media.
Or install spyware doctor on another sys, which you`re sure of doesn`t have any issues and then look for results in the same way.
As I explained before I already have and it does have the same trouble.
I`ve tried to install it at work as well, the program installed fine, but I couldn`t run any updates. This could be by my employer blocking ports or URL`s, but............?

Please post comments of suggested tests.

I`m just talking out of my *ss here, but it`s december of this year and people have been warned about hitmanpro going commercial and I think several other anti spyware manufacturers....
No one knows what`s gonna be left in january to scan with............. It might just be that people who find infections, will panic and buy stuff??????????
Good thing I`m talking out of my *ss huh.

Freaked (about the lack of updates for spyware doctor)
Freaked

Freaked to Jimbo406

Anon

to Jimbo406
Just discovered something else by the way,

The version of sypware doc that I`m using is 3.2.1.359
I`ve been getting the popup for the upgraded version for a little while now, it mentions the upgrade to 3.2.2 for registered users, with a note explaining this isn`t possible for promotional users. Therefore, I`ve never tried it. The strange thing is that my old version itself runs fine, untill now that is, and you have the feeling it`s still working without specific warnings mentioning the fact that it`s out of date.
I checked the live updates that apparantly haven`t been available since 2 december 2005 !!!
Normally there are updates available every day....
The funny thing is that spyware doctor tells me that I have a subscribtion until 31-12-2009 ????
I am a free user of course.

Here`s a link to the 3.2.2 NEW VERSION of spyware doc,
but I don`t know wether it`s valid for free users, I haven`t tried it yet...

»www.pctools.com/spyware- ··· ownload/

Unraffeling the mystery?

still Freaked
flo1356
join:2004-05-01
Fair Lawn, NJ

flo1356

Member

I have the same problem with Spyware Doctor.I believe that the updated free version will now only scan your computer and you have to get the paid version for the program to remove anything now.:(

Freaked
@adsl.wanadoo.nl

Freaked to Jimbo406

Anon

to Jimbo406

+To all people with the trojan.startpage.gen issue, the following link will upgrade you to spyware doctor 3.2.2

www.pctools.com/spyware-doctor/download/

NO MORE FALSE POSITIVES ANYMORE

IT WORKS, the active movie glitch seems to be solved absolutely !

Apparantly some users of the old version of spyware doctor don`t get the "upgrade" pop up (?!)
That`s why everyone was going nuts......

Freaked (not anymore)

zensparky
@miatflad.dynamic.cov

zensparky

Anon

So the paid version has fixed this problem but the free version has not. Hmmm...

fane2222
@rr.com

fane2222

Anon

is not true i have 3.2.2 v but still show up every time i scan ....

Rabidoo
@in-addr.btopenworld.

Rabidoo to Freaked

Anon

to Freaked
Just thought I'd let you know that I too was getting these in Spyware Doctor. Couldn't get rid of it yet could not think how I was being re-infected having deleted it, shut down windows, restarted and done an immediate scan. At the same time, I also noticed the 'Upgrade to version 3.2.2' dialogue which kept coming up when running the free version of Spyware Doctor and that there was a distinct lack of updates available since the dialogue started to appear. I decide that it was time to pay for the registered version, which I did. Immediately, there were many updates available. I downloaded and installed them. The problem disappeared. It seems that the update you need to rid yourself of this (so-called) Trojan is only available in the 'paid for' registered version 3.2.2. In my humble opinion (and please don't quote me on this) the registry keys could be getting generated by Spyware Doctor itself and then reporting it as a 'Big, Huge, Major, Defcon 1, Action Stations, End-Of-The-World Infection' just to freak you into buying the registered version. Worked for me. Conspiracy, What Conspiracy. Anyway, hope this helps.
Debelli
join:2005-09-16
Miami, FL

Debelli to Freaked

Member

to Freaked
Okay, I had the same problem and stupidly clicked on the update, thinking it would take care of the problem, but NOOOOO:o Now I have the new version and no way to fix my problems as it only scans.

I don't have my old version, and trying to locate a link for it on line isn't proving fruitful.

Does anyone have the old version that they saved that they can post?

On another note, I did find a site that's touting a 35% discount for SW after you buy and register it by Dec. 18th - wonder if it's valid - and worth it?

THANKS!
Debelli

Debelli to Jimbo406

Member

to Jimbo406
I had the same problem with the false positive and stupidly clicked on the update thinking I would take care of the problem, but NOOOOO:o Now I have the new version and it only scans.

I don't have my old version, and trying to locate a link for it on line isn't proving fruitful.

Does anyone have the old version that they saved that they can post?

On another note, I did find a site that's touting a 35% discount for SW after you buy and register it by Dec. 18th - wonder if it's valid - and worth it?

THANKS!
Debelli

Debelli

Member

Decided to splurge and bought the registered version, wasn't too bad, 35% off making it $19 and change.
Running right now, at 91% it's already found 5 things:o

Freaked
@193.67.x.x

Freaked to Jimbo406

Anon

to Jimbo406
Dear people with the Trojan.StartPage.GEN issue,

I installed the 3.2.2 VERSION (FREE)

and no longer have any issues, although of course it doesn`t remove anything anymore, also the cookie guard seems to be gone....

FIRST I UNINSTALLED THE OLD VERSION, then downloaded the new version.

I don`t have any issues anymore.............

I`M 100 % POSITIVE the issues were caused by spyware doc.

That`s all I can tell you, please read the previous comments, that I have posted.

Freaked

worried user
@kjj.estpak.ee

worried user to Jimbo406

Anon

to Jimbo406
But does anybody know what the trojan virus does to the computer?
Do you recommend that i should uninstall the spyware doctor then maybe? And install it again or buy the version on spyware doctor?

aca_aca
@168-1-64736c11.cust.

aca_aca

Anon

Scan Results:
scan start: 12/19/2005 12:38:58 PM
scan stop: 12/19/2005 12:51:50 PM
scanned items: 117932
found items: 8
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
Known Bad Sites C:\Documents and Settings\xxxxxxxx\Lokala inställningar\Temporary Internet Files\Content.IE5\0JKL0N2P\setsitecode[2].htm High
Known Bad Sites C:\Documents and Settings\xxxxxxxx\Cookies\xxxxxxxx@www.altnet[2].txt High

Scan Results:
scan start: 12/19/2005 1:24:47 PM
scan stop: 12/19/2005 1:41:26 PM
scanned items: 116294
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Sca

My case is slightly different , beside Trojan.StartPage.GEN , altnet cookie and some bug keep crowling back into my system and it all started after i instaled e-donkey .
Any help would be appreciated .
B04
Premium Member
join:2000-10-28

1 recommendation

B04

Premium Member

For goodness sake, anonymous posters, enough already. It's a false positive. The "Multimedia" entries mean nothing.

In fact, no registry entries in and of themselves mean much -- they don't contain executable program code and can't be considered malware; they merely adjust program settings and thus can redirect your home page, change your search preferences, etc.

It's files and programs you have to worry about -- the only thing suspicious mentioned is C:\Documents and Settings\xxxxxxxx\Lokala inställningar\Temporary Internet Files\Content.IE5\0JKL0N2P\setsitecode[2].htm

Try »Security »I think my computer is infected or hijacked. What should I do?

-- B

Jimbo406
Premium Member
join:2001-01-07
New York, NY

Jimbo406

Premium Member

Consider buying the program!

My initial problem posted has been resolved over a week ago.