Trojan.startup.2

Overview

Trojan.startup.2 is the detection name for a group of trojans.

Trojan.startup.2 run at startup and is mentioned at some of the security forums, where their removal is recommended. You can find more information how to disable Trojan.startup.2 from running on your computer in the removal instructions.

Trojan.startup.2 can be identified by 'NiceDownloads', 'MoreContent', 'DC6', 'ERS', 'ERS_check', 'DC6_check', 'Norton Updater', 'Microsoft Config 32bit', 'Microsoft Restore', 'Microsoft Update Machine' 'Micro Update', 'System Update', 'Secure Server 32', 'Cryptographic Service', 'Win32 Usb Driver', 'Microsoft Secure Messenger.NET Service', 'Service Scheduler', 'WIN32 USB SERVICE', 'update service', 'ibm', 'Nvidia CTRL Panel', 'Windowz', 'DivX Player', 'Microsofts Support Services', 'Yiy32 System', '{12EE7A5E-0674-42f9-A76B-000000004D00}', 'Win Comm', 'MSN Start', 'Microsoft Servc', 'Messenger Service', 'A70F6A1D-0195-42a2-934C-D8AC0F7C08EB', '98D0CE0C16B1', '36b923ef1bd9', '2ZQLKP#2WLSCTL', 'soundcontrl', 'OfficeGuardUI', 'Microsoft Config 32bit', 'Microsoft Restore' and 'MS Config v13' located in the registry at the following locations:

'HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run',
'HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices'
'HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce'
'HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
'HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices'
'HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce'

Classification

Trojan

Files

MSA64CHK.DLL, dc6_startupmon.exe, ers_startupmon.exe, lsa.exe, mscnfg32.exe, scrgrd.exe systemse.exe, dailin.exe, svhosint32.exe, securitychk.exe, scheduler.exe, usbspool.exe, winu32.exe, ibm.exe, ncsvc32.exe, jli.exe, DivXPlayer.exe, svcwin16.exe, sysyiy32.exe, stlb2.dll, WinComm.exe, msnmsgr7.exe, iOpenGL.exe, msn6.exe, E6F1873B.DLL D0CE0C16B1.dll cfgmgr32.exe, Hof3pL.exe, soundcontrl.exe, svcss.exe, mscnfg32.exe, scrgrd.exe, lrbz32.exe

If you have any of the files related to Trojan.startup.2 on your system, please send them for additional analysis. Generally, I have only analysed a few versions for each software component listed at this web site. With your help I will be able to look at both old and more recent versions of the Trojan.startup.2 software. Thank you very much for your time!

Log references



Vendor

Unknown

Privacy policy

No privacy policy available.

Detection

Bazooka Adware and Spyware Scanner detects Trojan.startup.2. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Uninstall Trojan.startup.2 with FreeFixer

I'm working on a general purpose tool for removing unwanted software. The tool is called FreeFixer and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars and software that starts automatically when you reboot your computer, so it can offer some assistance while uninstalling Trojan.startup.2. The manual removal instructions listed below will help you to identify what to delete with FreeFixer.

Read more about FreeFixer.

Manual removal

Please follow the instructions below if you would like to remove Trojan.startup.2 manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Trojan.startup.2 remains on your system after stepping through the removal instructions, please double-check by stepping through them again.

  1. Start your computer in safe mode.
  2. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
  3. Browse to the key:
    'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
  4. In the right pane, delete the values called 'NiceDownloads', 'MoreContent', 'DC6', 'ERS', 'ERS_check', 'DC6_check', 'Norton Updater', 'Microsoft Config 32bit', 'Microsoft Restore', 'Microsoft Update Machine' 'Micro Update', 'System Update', 'Secure Server 32', 'Cryptographic Service', 'Win32 Usb Driver', 'Microsoft Secure Messenger.NET Service', 'Service Scheduler', 'WIN32 USB SERVICE', 'update service', 'ibm', 'Nvidia CTRL Panel', 'Windowz', 'DivX Player', 'Microsofts Support Services', 'Yiy32 System', '{12EE7A5E-0674-42f9-A76B-000000004D00}', 'Win Comm', 'MSN Start', 'Microsoft Servc', 'Messenger Service', 'A70F6A1D-0195-42a2-934C-D8AC0F7C08EB', '98D0CE0C16B1', '36b923ef1bd9', '2ZQLKP#2WLSCTL', 'soundcontrl', 'OfficeGuardUI', 'Microsoft Config 32bit', 'Microsoft Restore' and 'MS Config v13', if they exists. Remember the name of the file (**) it points to. (Deleting this value prevents Trojan.startup.2 from running next time you reboot your machine.)
  5. Browse to the key:
    'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices'
  6. In the right pane, delete the values called 'NiceDownloads', 'MoreContent', 'DC6', 'ERS', 'ERS_check', 'DC6_check', 'Norton Updater', 'Microsoft Config 32bit', 'Microsoft Restore', 'Microsoft Update Machine' 'Micro Update', 'System Update', 'Secure Server 32', 'Cryptographic Service', 'Win32 Usb Driver', 'Microsoft Secure Messenger.NET Service', 'Service Scheduler', 'WIN32 USB SERVICE', 'update service', 'ibm', 'Nvidia CTRL Panel', 'Windowz', 'DivX Player', 'Microsofts Support Services', 'Yiy32 System', '{12EE7A5E-0674-42f9-A76B-000000004D00}', 'Win Comm', 'MSN Start', 'Microsoft Servc', 'Messenger Service', 'A70F6A1D-0195-42a2-934C-D8AC0F7C08EB', '98D0CE0C16B1', '36b923ef1bd9', '2ZQLKP#2WLSCTL', 'soundcontrl', 'OfficeGuardUI', 'Microsoft Config 32bit', 'Microsoft Restore' and 'MS Config v13', if they exists. Remember the name of the file (**) it points to. (Deleting this value prevents Trojan.startup.2 from running next time you reboot your machine.)
  7. Browse to the key:
    'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce'
  8. In the right pane, delete the values called 'NiceDownloads', 'MoreContent', 'DC6', 'ERS', 'ERS_check', 'DC6_check', 'Norton Updater', 'Microsoft Config 32bit', 'Microsoft Restore', 'Microsoft Update Machine' 'Micro Update', 'System Update', 'Secure Server 32', 'Cryptographic Service', 'Win32 Usb Driver', 'Microsoft Secure Messenger.NET Service', 'Service Scheduler', 'WIN32 USB SERVICE', 'update service', 'ibm', 'Nvidia CTRL Panel', 'Windowz', 'DivX Player', 'Microsofts Support Services', 'Yiy32 System', '{12EE7A5E-0674-42f9-A76B-000000004D00}', 'Win Comm', 'MSN Start', 'Microsoft Servc', 'Messenger Service', 'A70F6A1D-0195-42a2-934C-D8AC0F7C08EB', '98D0CE0C16B1', '36b923ef1bd9', '2ZQLKP#2WLSCTL', 'soundcontrl', 'OfficeGuardUI', 'Microsoft Config 32bit', 'Microsoft Restore' and 'MS Config v13', if they exists. Remember the name of the file (**) it points to. (Deleting this value prevents Trojan.startup.2 from running next time you reboot your machine.)
  9. Browse to the key:
    'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
  10. In the right pane, delete the values called 'NiceDownloads', 'MoreContent', 'DC6', 'ERS', 'ERS_check', 'DC6_check', 'Norton Updater', 'Microsoft Config 32bit', 'Microsoft Restore', 'Microsoft Update Machine' 'Micro Update', 'System Update', 'Secure Server 32', 'Cryptographic Service', 'Win32 Usb Driver', 'Microsoft Secure Messenger.NET Service', 'Service Scheduler', 'WIN32 USB SERVICE', 'update service', 'ibm', 'Nvidia CTRL Panel', 'Windowz', 'DivX Player', 'Microsofts Support Services', 'Yiy32 System', '{12EE7A5E-0674-42f9-A76B-000000004D00}', 'Win Comm', 'MSN Start', 'Microsoft Servc', 'Messenger Service', 'A70F6A1D-0195-42a2-934C-D8AC0F7C08EB', '98D0CE0C16B1', '36b923ef1bd9', '2ZQLKP#2WLSCTL', 'soundcontrl', 'OfficeGuardUI', 'Microsoft Config 32bit', 'Microsoft Restore' and 'MS Config v13', if they exists. Remember the name of the file (**) it points to. (Deleting this value prevents Trojan.startup.2 from running next time you reboot your machine.)
  11. Browse to the key:
    'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices'
  12. In the right pane, delete the values called 'NiceDownloads', 'MoreContent', 'DC6', 'ERS', 'ERS_check', 'DC6_check', 'Norton Updater', 'Microsoft Config 32bit', 'Microsoft Restore', 'Microsoft Update Machine' 'Micro Update', 'System Update', 'Secure Server 32', 'Cryptographic Service', 'Win32 Usb Driver', 'Microsoft Secure Messenger.NET Service', 'Service Scheduler', 'WIN32 USB SERVICE', 'update service', 'ibm', 'Nvidia CTRL Panel', 'Windowz', 'DivX Player', 'Microsofts Support Services', 'Yiy32 System', '{12EE7A5E-0674-42f9-A76B-000000004D00}', 'Win Comm', 'MSN Start', 'Microsoft Servc', 'Messenger Service', 'A70F6A1D-0195-42a2-934C-D8AC0F7C08EB', '98D0CE0C16B1', '36b923ef1bd9', '2ZQLKP#2WLSCTL', 'soundcontrl', 'OfficeGuardUI', 'Microsoft Config 32bit', 'Microsoft Restore' and 'MS Config v13', if they exists. Remember the name of the file (**) it points to. (Deleting this value prevents Trojan.startup.2 from running next time you reboot your machine.)
  13. Browse to the key:
    'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce'
  14. In the right pane, delete the values called 'NiceDownloads', 'MoreContent', 'DC6', 'ERS', 'ERS_check', 'DC6_check', 'Norton Updater', 'Microsoft Config 32bit', 'Microsoft Restore', 'Microsoft Update Machine' 'Micro Update', 'System Update', 'Secure Server 32', 'Cryptographic Service', 'Win32 Usb Driver', 'Microsoft Secure Messenger.NET Service', 'Service Scheduler', 'WIN32 USB SERVICE', 'update service', 'ibm', 'Nvidia CTRL Panel', 'Windowz', 'DivX Player', 'Microsofts Support Services', 'Yiy32 System', '{12EE7A5E-0674-42f9-A76B-000000004D00}', 'Win Comm', 'MSN Start', 'Microsoft Servc', 'Messenger Service', 'A70F6A1D-0195-42a2-934C-D8AC0F7C08EB', '98D0CE0C16B1', '36b923ef1bd9', '2ZQLKP#2WLSCTL', 'soundcontrl', 'OfficeGuardUI', 'Microsoft Config 32bit', 'Microsoft Restore' and 'MS Config v13', if they exists. Remember the name of the file (**) it points to. (Deleting this value prevents Trojan.startup.2 from running next time you reboot your machine.)
  15. Exit the registry editor.
  16. Start Windows Explorer and delete:
    The file (**) mentioned above

Problems uninstalling? Click here.

I'm looking for your help!

Thank you for using my site, I hope you find it useful. I'm looking for help from all users, please read more.

Contact information for Trojan.startup.2's vendor

In order to provide correct, accurate and updated information about Trojan.startup.2 I encourage the vendor to contact me if any part of this write-up needs a revision.

How do you rate the information provided about Trojan.startup.2?


Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com