how do I permanently remove istart123 within Windows 8?

Hello and Good Evening Everyone,

          I wish to help a friend permanently remove istart123 from his computer which is running Windows 8.  He "temporarily" got rid of it by carrying out a recovery from a date before he had the problem. Unfortunately, istart123 has come back in addition to the popups.  He has to close out of each popup before doing anything else on the computer.  

          After reviewing his situation, I am under the strong impression that his computer is infected with malware.  However, I could be wrong and stand to be corrected on this assumption.  At any rate, if someone could provide some technical guidance geared toward resolving this issue, it will be greatly appreciated.  In the meantime, I will look forward to hearing from everybody.

          Thank you

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


I found a how-to guide for this that may help.  It goes in 6 steps so this will be a bit lengthy.  The below information came from -

1. Uninstall

Get to the Windows 8 control panel, from the start screen or by searching for it.  Once found, open it up and go to Uninstall a program if in category view, or Programs and Features if in icon view.  Uninstall any program that has these names - iStart123 uninstaller, WPM17.8.0.3159, Extended Protection, IePluginService, SupTab, and whatever else was recently installed when you noticed this behavior.

2. Remove iStart123 from Internet Explorer

After those are uninstalled, then return to control panel and find Internet Options.  You may need to change the view to icon view to see it.  In Internet Options, go to the Advanced tab, and then click Reset at the bottom.  It will ask for confirmation, be sure to select the checkbox for delete personal settings.  Click Close when reset is complete.

3. Remove iStart123 from Firefox

In the upper-right corner of the Firefox window, click the Firefox menu button, then click on the “Help” button.  From the Help menu, choose Troubleshooting Information.
If you’re unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting information page.  Click the “Reset Firefox” button in the upper-right corner of the “Troubleshooting Information” page.  To continue, click on the “Reset Firefox” button in the new confirmation window that opens.  Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

4. Remove iStart123 from Google Chrome

Click on the “Chrome menu button” on the browser toolbar, select “Tools“, and then click on “Extensions“.  In the Extensions tab, remove Extended Protection 1.9, Lightning Newtab  and any other unknown extensions by clicking the trash can icon.  

Basically, if you have not installed a Chrome extension, you should remove it from your web browser.  Set Google Chrome default search engine from Yahoo Search to Google.
Click the Chrome menu button, then select Settings and click on Manage search engines in the Search section.  In the Search Engines dialog that appears, select Google and click the Make Default button that appears in the row.  

Search for Yahoo Search in the Search Engines list, and click the X button that appears at the end of the row.  Change Google Chrome homepage from to its default.  iStart123 has modified your Google settings to open their webpage whenever you start your browser, so we will need to revert this change.  Click the Chrome menu button, then select Settings and click on One the New Tab page in the On Startup section.

5. Clean windows shortcuts

Search for your browser shortcut (Desktop, Taskbar or Start Menu Shortcut), then right click on it and select Properties.  To view the Properties menu for the browser shortcuts pinned to your Task Bar, right-click on the browser shortcut from the Taskbar, then right-click again on the browser icon as see in the below image. Alternatively, you can just Unpin the browser shortcut from your task bar, then you can add it back after you have removed the “” argument from the original browser shortcut.

In the Shortcut tab, in the Target field, remove the argument. Basically, there should be only the path to browser executable file. Nothing more.  These are the default shortcut path that should be in your Target box, if the argument is there, then you should remove it.

Internet Explorer       “C:\Program Files\Internet Explorer\iexplore.exe”

Chrome       “C:\Program Files\Google\Chrome\Application\chrome.exe” for Windows 32 bit OR “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” for Windows 64-bit

Firefox       “C:\Program Files\Mozilla Firefox\firefox.exe” for Windows 32-bit OR “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” for Windows 64-bit

6. Remove browser hijacker

Download an antimalware program such as Adwcleaner or Malwarebytes.  The malwarebytes may have a higher success rate.  But it wouldn't hurt to use both.  Run a full scan.  Then you can also check again with a 3rd program - hitmanPro.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
You can use Process Explorer from Microsoft to look at the running processes. Specifically look for an alphanumeric (nonsense) name under the Explorer tree (left hand side list of process locations). If such a process exists, kill it, and do NOT restart.

Either way, after the above, run Malwarebytes (
GMartinAuthor Commented:
Hello and Good Evening Everyone,

          Thanks so much for the thorough insights and resourceful links shared in response to my question.  I am confident I have the information needed to resolve this issue now.  If something else should come up during the troubleshooting session, I will create a new open post for it.

           Once again, many thanks.

Certainly, glad we could help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.