How to get rid of trojain that change home page and add icon on desktop

[WSW]

Two days ago, after browing the web, I noticed that a Trojain software might have entered my computer. The trojain software change my home page, once a while, when I startup my Internet Explorer. It also add two icons on my desktop.

The Trojain change my home page to www.quicksearchgeneology.com. It add the icons "diet pills" and "play online" on the desktop.

I have used McAfee virus scan and Spybot in an effect to locate the Trojain but they could not locate nor clean the Trojain.

Has anyone encounter similar problem? How can I get rid of this Trojain? Is the Trojain harmful to my computer?

[doctorgonzo]

Download AdAware and try that. MooSoft's The Cleaner and SwatIt are also trojan removal tools, so download and give those a shot. Personally, I don't think McAfee is good for much.

[morriswindgate]

McAfee is a virus/trojan (or at least it might as well be)

[WSW]

Thanks for all your suggestions.

I tried the following scan software with the following results:

1. First I ran McAfee Virus Scan with the latest .dat file. McAfee only found one infected file "pskill.exe" and was unable to clean it.

2. Then I ran Swat-It with the latest update. Swat-It did not found any infected files.

3. Lastly I ran Ad-Aware with the latest update. Ad-Aware found 6 problem objects and deleted them.

After the scans I turn on and off my computer several times and the problem seems to have disappeared. However, I know I cannot jump into conclusions yet because I have seen the problem went away and them come back the next day. I'll keep you posted.

[WSW]

Well it does not take long. 5 minutes after I posted this message, the problem is back.

The "Diet Pill" and the "Play On-line" were put on desktop again.

So far it has not change my startup home page yet. I'll have to wait and see.

This seems to be a nasty bug and well hidden. Anyone has more suggestions?

[catfishjoe_1]

Try to run spyaudit by webroot . If it finds anything they offer a free thirty day trial of their spysweeper program and it might catch your problem.
hth
cat

[WSW]

I tried Spyaudit but it did not fix the problem.

The Trojain continue to do the following:

1. When I open Internet Explorer, the Trojain will add two icons - "Diet Pill" and "Online Play" on my Desktop.

2. Occasionaly the Trojain will change my startup home page.

3. When I use Google to do a search, sometimes the Trojain will change it to a different search engine.

I have deleted all cookies and set up to block all cookies but the problem remains.

This problem is becoming a major inconvenient now.

[MulderMan]

i had the exact same icons and browser hijackeer but nothing got rid of them, they also come in the pr0n variety. i jus formated cos i got sick of them. if you do get rid of it tell us what you did

[catfishjoe_1]

spy audit is just that, an audit. If it found the offending items it won't remove them but the spysweeper will, (hopefully). spy audit and spysweeper are two differant things.
cat

[Carpedebass]

I think you are dealing with a variant of trojan.bootconf. I got that stupid thing a few weeks ago and tried every fix I could find with no joy. Finally I downloaded a "fix" from an unknown site and ran it against my better judgement. It got rid of the trojan allright...as well as half my hard drive. I had to reformat and start over.

[WSW]

I downloaded the latest updates from McAfee. This time I ran it to detect everything. I checked the box to check all compressed files. And in the Advanced tab, I checked all the options. This time McAfee found four more viruses / Trojains.

After this, I used TrendMicro HouseCall to check for virus. TrendMicro found nothing.

Then I used Ad-Aware. It found a few of infected registry files and cookies.

Then I used Spybot. It found some more infected registry files.

Then I used Spy Sweep. It found nothing. However, I left Spy Sweep on to detect anything that wants to change my Internet Explorer home page.

After all that, my computer has been running four 24 hours without being hyjacked to other home page and without new icons added to my desktop. This is the first time my computer is hyjack free after I caught the problem four days ago.

I'll continue to monitor and clean the computer until I am sure that the bug is gone.

I am still concerned because when I checked the processes running in my computer, I see processes such as services.exe which I thought is one of those trojains/ viruses.

[catfishjoe_1]

do you see any entry related to spy sweeper? It could be using that entry too.
cat

[WSW]

Yes, there is a process called SpySweeper.
My computer has been hyjack free the whole day.
Thanks for all you suggestions.