how do I permanently remove istart123 within Windows 8?

Posted on 2014-08-23
Last Modified: 2014-08-26
Hello and Good Evening Everyone,

          I wish to help a friend permanently remove istart123 from his computer which is running Windows 8.  He "temporarily" got rid of it by carrying out a recovery from a date before he had the problem. Unfortunately, istart123 has come back in addition to the popups.  He has to close out of each popup before doing anything else on the computer.  

          After reviewing his situation, I am under the strong impression that his computer is infected with malware.  However, I could be wrong and stand to be corrected on this assumption.  At any rate, if someone could provide some technical guidance geared toward resolving this issue, it will be greatly appreciated.  In the meantime, I will look forward to hearing from everybody.

          Thank you

Question by:GMartin
    LVL 17

    Accepted Solution


    I found a how-to guide for this that may help.  It goes in 6 steps so this will be a bit lengthy.  The below information came from -

    1. Uninstall

    Get to the Windows 8 control panel, from the start screen or by searching for it.  Once found, open it up and go to Uninstall a program if in category view, or Programs and Features if in icon view.  Uninstall any program that has these names - iStart123 uninstaller, WPM17.8.0.3159, Extended Protection, IePluginService, SupTab, and whatever else was recently installed when you noticed this behavior.

    2. Remove iStart123 from Internet Explorer

    After those are uninstalled, then return to control panel and find Internet Options.  You may need to change the view to icon view to see it.  In Internet Options, go to the Advanced tab, and then click Reset at the bottom.  It will ask for confirmation, be sure to select the checkbox for delete personal settings.  Click Close when reset is complete.

    3. Remove iStart123 from Firefox

    In the upper-right corner of the Firefox window, click the Firefox menu button, then click on the “Help” button.  From the Help menu, choose Troubleshooting Information.
    If you’re unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting information page.  Click the “Reset Firefox” button in the upper-right corner of the “Troubleshooting Information” page.  To continue, click on the “Reset Firefox” button in the new confirmation window that opens.  Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

    4. Remove iStart123 from Google Chrome

    Click on the “Chrome menu button” on the browser toolbar, select “Tools“, and then click on “Extensions“.  In the Extensions tab, remove Extended Protection 1.9, Lightning Newtab  and any other unknown extensions by clicking the trash can icon.  

    Basically, if you have not installed a Chrome extension, you should remove it from your web browser.  Set Google Chrome default search engine from Yahoo Search to Google.
    Click the Chrome menu button, then select Settings and click on Manage search engines in the Search section.  In the Search Engines dialog that appears, select Google and click the Make Default button that appears in the row.  

    Search for Yahoo Search in the Search Engines list, and click the X button that appears at the end of the row.  Change Google Chrome homepage from to its default.  iStart123 has modified your Google settings to open their webpage whenever you start your browser, so we will need to revert this change.  Click the Chrome menu button, then select Settings and click on One the New Tab page in the On Startup section.

    5. Clean windows shortcuts

    Search for your browser shortcut (Desktop, Taskbar or Start Menu Shortcut), then right click on it and select Properties.  To view the Properties menu for the browser shortcuts pinned to your Task Bar, right-click on the browser shortcut from the Taskbar, then right-click again on the browser icon as see in the below image. Alternatively, you can just Unpin the browser shortcut from your task bar, then you can add it back after you have removed the “” argument from the original browser shortcut.

    In the Shortcut tab, in the Target field, remove the argument. Basically, there should be only the path to browser executable file. Nothing more.  These are the default shortcut path that should be in your Target box, if the argument is there, then you should remove it.

    Internet Explorer       “C:\Program Files\Internet Explorer\iexplore.exe”

    Chrome       “C:\Program Files\Google\Chrome\Application\chrome.exe” for Windows 32 bit OR “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” for Windows 64-bit

    Firefox       “C:\Program Files\Mozilla Firefox\firefox.exe” for Windows 32-bit OR “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” for Windows 64-bit

    6. Remove browser hijacker

    Download an antimalware program such as Adwcleaner or Malwarebytes.  The malwarebytes may have a higher success rate.  But it wouldn't hurt to use both.  Run a full scan.  Then you can also check again with a 3rd program - hitmanPro.
    LVL 89

    Assisted Solution

    by:John Hurst
    You can use Process Explorer from Microsoft to look at the running processes. Specifically look for an alphanumeric (nonsense) name under the Explorer tree (left hand side list of process locations). If such a process exists, kill it, and do NOT restart.

    Either way, after the above, run Malwarebytes (

    Author Comment

    Hello and Good Evening Everyone,

              Thanks so much for the thorough insights and resourceful links shared in response to my question.  I am confident I have the information needed to resolve this issue now.  If something else should come up during the troubleshooting session, I will create a new open post for it.

               Once again, many thanks.

    LVL 17

    Expert Comment

    Certainly, glad we could help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Suggested Solutions

    Title # Comments Views Activity
    watching porn on a smart tv 9 16,414
    Possible root kit infection 9 168
    Encrypted files, but no way to pay ransom? 23 107
    .Code New Varient 5 66
    I work at a cancer center as the IT guy.  One of the things I run into regularly is infected computers.  Many times these infections are NOT minor, so I've collected a slew of tools to deal with them.  One type of infection is the Rootkit.  I have a…
    The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now