Discussion in 'Computer Information' started by thekmanrocks, Mar 22, 2013.

  1. thekmanrocks

    thekmanrocks Guest

    This is a known virus, and upon browsing the Norton AV community forums I learned about and ran Norton Power Eraser.

    As usual it failed to find "Startnow" or any other virus, so if Power Eraser cannot find it on my machine I guess nothing can. :(
    thekmanrocks, Mar 22, 2013
    1. Advertisements

  2. thekmanrocks

    Paul Guest

    When I search for it, StartNow is a "toolbar".
    And the proof, is where it is showing up on your computer.

    AV programs are not generally set up to "blast" every toolbar they find.
    The toolbar writers know this. Toolbar writers are slime-balls,
    if you hadn't noticed. Their lawyers would complain about
    "restraint of trade", if an AV company blasted them. They're
    saints after all.

    If I were to "slag" the designers at StartNow, right now,
    in a day or so, a poster from StartNow will show up, claim
    all the staff at the company are St.Francis of Assisi (holy as
    can be, spotlessly clean), and I'm being unnecessarily harsh
    in my criticism.

    (A toolbar writer at work...)


    I've had this kind of thing happen before,
    when I happened to comment on another toolbar someone was
    having a problem with. Their tech support sniff around for
    bad comments about their business practices.

    The toolbar writers, they tread a fine line. They cannot
    intrude too far into the computer innards, for fear they
    get on the "AV company removal list". They must make their
    product obnoxious enough, it can't be removed by mere humans.
    But not too obnoxious, or the AV companies will blast it with
    both guns.

    I'd surprised lawyers aren't writing that software :-(

    You don't want the Norton AV forum, because this is not a virus.
    If something you hate is a "toolbar", then you need a "toolbar solution".
    Some browsers have an "Add-Ons" or "Plug-ins" interface in the
    browser, where items can be disabled. You can Google for
    something like "StartNow removal" and see if anyone has a
    canned procedure for toolbar removal. If the program had an entry
    in the "Add/Remove" control panel, you could try to remove it there,
    but that seldom works well. And if worse comes to worse,
    there are tools like this.


    If you read the release notes for that program, you can see the
    classification of the removal tool. You see, the
    AV companies had to invent the PUP or Potentially Unwanted Program
    classification, to be able to describe despicable business practice,
    without the opponents lawyers getting update. That's why we call
    it a PUP. It's inoffensive as a term.


    "AdwCleaner - Adware / Toolbar / PUP Removal Tool"

    I can't vouch for the tool, as I haven't used it. The first
    thing I do with stuff like this, is upload to Virustotal.com
    to have it checked. Then, I have to do extensive reputation
    checking (to see if anyone got screwed by using it). You
    don't just blindly download and run *anything* these days.
    That's how my machine stays clean. I have never been tagged
    by a toolbar (knock on wood). I use Wine on Linux, to pre-test
    downloads that I am suspicious about. If a download is packed
    with something like UPX, the alarm bells are already going off...
    I am suspicious by nature.

    Paul, Mar 22, 2013
    1. Advertisements

  3. thekmanrocks

    thekmanrocks Guest


    Thanks for the explanation, as usual! :)

    This http://community.norton.com/t5/Norton-Internet-Security-Norton/Startnow-com-virus/td-p/482820 ironically is the site where start-now was referred to as a "virus".

    Apparently the Power Eraser did remove it from his system and he was satisfied.

    As for myself, it did show up in Add/Remove Programs and I was able to eliminated there. Haven't seen/heard a peep out of it since.

    Thanks for the tips!
    thekmanrocks, Mar 22, 2013
  4. thekmanrocks

    Paul Guest

    Just keep collecting tools :)

    The one I run occasionally, is a Kaspersky rescue disc.
    It does an offline scan. The positive aspect of that
    approach, is the malware can't block it (at least, until
    multi-OS malwares are introduced, which will happen some
    day). The negative aspect, is there is no ability to look
    for behaviors. For example, there is a tool which searches
    for botnet behavior, and it watches the kinds of IP connections
    a computer makes while it is running Windows. And that one
    doesn't use AV definitions (signatures). Instead, it uses
    heuristics (for example, your computer is caught visiting
    a Russian Business Network site).

    Since Windows is not running, when the Kaspersky
    disc is booted, it can't do any behavior-based checking.
    All it can do, is check for signatures. Which is still good,
    but not a complete form of protection.


    "Iso image of Kaspersky Rescue Disk 10 (237 MB)"

    I've tried a couple other tools of that nature, and
    never got a warm feeling from them.

    You download the ISO9660 file, and use a burning application
    like Imgburn, to prepare a bootable CD from it. On the day you
    download it, the AV definitions will be no more than a week old.
    When you boot the CD, the first thing it does is try to connect
    to the Internet, to update the definitions. If for some reason
    you cannot update the definitions, then the definitions provided
    on the day of download will be used.

    And obviously, that tool will do nothing to a "toolbar".
    A program has to have a worse reputation than just being
    a PUP, before that program will prompt you concerning
    quarantine or deleting it.

    Tools like Combofix, can remove a bunch of different
    things, but it isn't recommended for end users to
    wade in with a thing like that and use it. It's intended
    for "guided" usage, where someone on one of the malware
    removal forums tells you how to use it (feed it a script).

    But some toolbars are far enough under the radar, you
    might not (easily) find a solution. A search engine will
    tell you all sorts of "just go to Add/Remove and remove it"
    junk, but we all know that won't work. I like how the
    search engine always prioritizes those (useless) references,
    when the real cure is buried under pages of other links.


    facebook.com is the only site I block with my HOSTS file :)
    I can't even visit there for a look. Bummer. :)
    I just got tired of being tracked by them, when I visited
    news sites and the like. There's probably about another
    800 entries I could put in the HOSTS file, but that one
    annoyed me.

    Paul, Apr 21, 2013
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
There are no similar threads yet.