Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

"Startnow"

11 views
Skip to first unread message

thekma...@gmail.com

unread,
Mar 22, 2013, 1:08:41 PM3/22/13
to
This is a known virus, and upon browsing the Norton AV community forums I learned about and ran Norton Power Eraser.

As usual it failed to find "Startnow" or any other virus, so if Power Eraser cannot find it on my machine I guess nothing can. :(

Paul

unread,
Mar 22, 2013, 2:03:21 PM3/22/13
to
thekma...@gmail.com wrote:
> This is a known virus, and upon browsing the Norton AV community forums I learned about and ran Norton Power Eraser.
>
> As usual it failed to find "Startnow" or any other virus, so if Power Eraser cannot find it on my machine I guess nothing can. :(

When I search for it, StartNow is a "toolbar".
And the proof, is where it is showing up on your computer.

AV programs are not generally set up to "blast" every toolbar they find.
The toolbar writers know this. Toolbar writers are slime-balls,
if you hadn't noticed. Their lawyers would complain about
"restraint of trade", if an AV company blasted them. They're
saints after all.

If I were to "slag" the designers at StartNow, right now,
in a day or so, a poster from StartNow will show up, claim
all the staff at the company are St.Francis of Assisi (holy as
can be, spotlessly clean), and I'm being unnecessarily harsh
in my criticism.

(A toolbar writer at work...)

http://www.catholic.org/images/saints/francis.jpg

I've had this kind of thing happen before,
when I happened to comment on another toolbar someone was
having a problem with. Their tech support sniff around for
bad comments about their business practices.

The toolbar writers, they tread a fine line. They cannot
intrude too far into the computer innards, for fear they
get on the "AV company removal list". They must make their
product obnoxious enough, it can't be removed by mere humans.
But not too obnoxious, or the AV companies will blast it with
both guns.

I'd surprised lawyers aren't writing that software :-(

You don't want the Norton AV forum, because this is not a virus.
If something you hate is a "toolbar", then you need a "toolbar solution".
Some browsers have an "Add-Ons" or "Plug-ins" interface in the
browser, where items can be disabled. You can Google for
something like "StartNow removal" and see if anyone has a
canned procedure for toolbar removal. If the program had an entry
in the "Add/Remove" control panel, you could try to remove it there,
but that seldom works well. And if worse comes to worse,
there are tools like this.

http://www.bleepingcomputer.com/download/adwcleaner/

If you read the release notes for that program, you can see the
classification of the removal tool. You see, the
AV companies had to invent the PUP or Potentially Unwanted Program
classification, to be able to describe despicable business practice,
without the opponents lawyers getting update. That's why we call
it a PUP. It's inoffensive as a term.

http://general-changelog-team.fr/~xplode/Changelogs/CG_AdwCleaner_EN.txt

"AdwCleaner - Adware / Toolbar / PUP Removal Tool"

I can't vouch for the tool, as I haven't used it. The first
thing I do with stuff like this, is upload to Virustotal.com
to have it checked. Then, I have to do extensive reputation
checking (to see if anyone got screwed by using it). You
don't just blindly download and run *anything* these days.
That's how my machine stays clean. I have never been tagged
by a toolbar (knock on wood). I use Wine on Linux, to pre-test
downloads that I am suspicious about. If a download is packed
with something like UPX, the alarm bells are already going off...
I am suspicious by nature.

Paul

thekma...@gmail.com

unread,
Mar 22, 2013, 4:57:02 PM3/22/13
to
___________________

Thanks for the explanation, as usual! :)

This http://community.norton.com/t5/Norton-Internet-Security-Norton/Startnow-com-virus/td-p/482820 ironically is the site where start-now was referred to as a "virus".

Apparently the Power Eraser did remove it from his system and he was satisfied.

As for myself, it did show up in Add/Remove Programs and I was able to eliminated there. Haven't seen/heard a peep out of it since.

Thanks for the tips!

Julie Bove

unread,
Apr 21, 2013, 4:00:41 AM4/21/13
to

<thekma...@gmail.com> wrote in message
news:4f034edf-8583-4175...@googlegroups.com...
Yep. My daughter got one that only attacks Windows 7. I can't remember now
what the name was. She went to Facebook, did nothing other than that, just
went there. Computer repair people said it was probably in an ad that was
there. Some rogue thing popped up, pretending to be an AV and asking her to
pay for it. It disabled not only whatever her AV is...Avast? Maybe, can't
remember... But Malwarebytes too And disabled my ability to start it in
safe mode. They said it was particularly pesky and there was nothing we
could do to stop it.


Paul

unread,
Apr 21, 2013, 4:35:32 AM4/21/13
to
Just keep collecting tools :-)

The one I run occasionally, is a Kaspersky rescue disc.
It does an offline scan. The positive aspect of that
approach, is the malware can't block it (at least, until
multi-OS malwares are introduced, which will happen some
day). The negative aspect, is there is no ability to look
for behaviors. For example, there is a tool which searches
for botnet behavior, and it watches the kinds of IP connections
a computer makes while it is running Windows. And that one
doesn't use AV definitions (signatures). Instead, it uses
heuristics (for example, your computer is caught visiting
a Russian Business Network site).

Since Windows is not running, when the Kaspersky
disc is booted, it can't do any behavior-based checking.
All it can do, is check for signatures. Which is still good,
but not a complete form of protection.

http://support.kaspersky.com/8092

"Iso image of Kaspersky Rescue Disk 10 (237 MB)"

I've tried a couple other tools of that nature, and
never got a warm feeling from them.

You download the ISO9660 file, and use a burning application
like Imgburn, to prepare a bootable CD from it. On the day you
download it, the AV definitions will be no more than a week old.
When you boot the CD, the first thing it does is try to connect
to the Internet, to update the definitions. If for some reason
you cannot update the definitions, then the definitions provided
on the day of download will be used.

And obviously, that tool will do nothing to a "toolbar".
A program has to have a worse reputation than just being
a PUP, before that program will prompt you concerning
quarantine or deleting it.

Tools like Combofix, can remove a bunch of different
things, but it isn't recommended for end users to
wade in with a thing like that and use it. It's intended
for "guided" usage, where someone on one of the malware
removal forums tells you how to use it (feed it a script).

But some toolbars are far enough under the radar, you
might not (easily) find a solution. A search engine will
tell you all sorts of "just go to Add/Remove and remove it"
junk, but we all know that won't work. I like how the
search engine always prioritizes those (useless) references,
when the real cure is buried under pages of other links.

*******

facebook.com is the only site I block with my HOSTS file :-)
I can't even visit there for a look. Bummer. :-)
I just got tired of being tracked by them, when I visited
news sites and the like. There's probably about another
800 entries I could put in the HOSTS file, but that one
annoyed me.

Paul
0 new messages