[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 534
  • Last Modified:

how do I permanently remove istart123 within Windows 8?

Hello and Good Evening Everyone,

          I wish to help a friend permanently remove istart123 from his computer which is running Windows 8.  He "temporarily" got rid of it by carrying out a recovery from a date before he had the problem. Unfortunately, istart123 has come back in addition to the popups.  He has to close out of each popup before doing anything else on the computer.  

          After reviewing his situation, I am under the strong impression that his computer is infected with malware.  However, I could be wrong and stand to be corrected on this assumption.  At any rate, if someone could provide some technical guidance geared toward resolving this issue, it will be greatly appreciated.  In the meantime, I will look forward to hearing from everybody.

          Thank you

          George
0
GMartin
Asked:
GMartin
  • 2
2 Solutions
 
bigeven2002Commented:
Hello,

I found a how-to guide for this that may help.  It goes in 6 steps so this will be a bit lengthy.  The below information came from - http://malwaretips.com/blogs/remove-istart123-virus/#uninstall.


1. Uninstall iStart123.com

Get to the Windows 8 control panel, from the start screen or by searching for it.  Once found, open it up and go to Uninstall a program if in category view, or Programs and Features if in icon view.  Uninstall any program that has these names - iStart123 uninstaller, WPM17.8.0.3159, Extended Protection, IePluginService, SupTab, and whatever else was recently installed when you noticed this behavior.

2. Remove iStart123 from Internet Explorer

After those are uninstalled, then return to control panel and find Internet Options.  You may need to change the view to icon view to see it.  In Internet Options, go to the Advanced tab, and then click Reset at the bottom.  It will ask for confirmation, be sure to select the checkbox for delete personal settings.  Click Close when reset is complete.

3. Remove iStart123 from Firefox

In the upper-right corner of the Firefox window, click the Firefox menu button, then click on the “Help” button.  From the Help menu, choose Troubleshooting Information.
If you’re unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting information page.  Click the “Reset Firefox” button in the upper-right corner of the “Troubleshooting Information” page.  To continue, click on the “Reset Firefox” button in the new confirmation window that opens.  Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

4. Remove iStart123 from Google Chrome

Click on the “Chrome menu button” on the browser toolbar, select “Tools“, and then click on “Extensions“.  In the Extensions tab, remove Extended Protection 1.9, Lightning Newtab  and any other unknown extensions by clicking the trash can icon.  

Basically, if you have not installed a Chrome extension, you should remove it from your web browser.  Set Google Chrome default search engine from Yahoo Search to Google.
Click the Chrome menu button, then select Settings and click on Manage search engines in the Search section.  In the Search Engines dialog that appears, select Google and click the Make Default button that appears in the row.  

Search for Yahoo Search in the Search Engines list, and click the X button that appears at the end of the row.  Change Google Chrome homepage from iStart123.com to its default.  iStart123 has modified your Google settings to open their webpage whenever you start your browser, so we will need to revert this change.  Click the Chrome menu button, then select Settings and click on One the New Tab page in the On Startup section.

5. Clean windows shortcuts

Search for your browser shortcut (Desktop, Taskbar or Start Menu Shortcut), then right click on it and select Properties.  To view the Properties menu for the browser shortcuts pinned to your Task Bar, right-click on the browser shortcut from the Taskbar, then right-click again on the browser icon as see in the below image. Alternatively, you can just Unpin the browser shortcut from your task bar, then you can add it back after you have removed the “iStart123.com” argument from the original browser shortcut.

In the Shortcut tab, in the Target field, remove the http://iStart123.com argument. Basically, there should be only the path to browser executable file. Nothing more.  These are the default shortcut path that should be in your Target box, if the iStart123.com argument is there, then you should remove it.

Internet Explorer       “C:\Program Files\Internet Explorer\iexplore.exe”

Chrome       “C:\Program Files\Google\Chrome\Application\chrome.exe” for Windows 32 bit OR “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” for Windows 64-bit

Firefox       “C:\Program Files\Mozilla Firefox\firefox.exe” for Windows 32-bit OR “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” for Windows 64-bit

6. Remove iStart123.com browser hijacker

Download an antimalware program such as Adwcleaner or Malwarebytes.  The malwarebytes may have a higher success rate.  But it wouldn't hurt to use both.  Run a full scan.  Then you can also check again with a 3rd program - hitmanPro.
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
http://malwaretips.com/download-malwarebytes
http://malwaretips.com/download-hitmanpro
0
 
John HurstBusiness Consultant (Owner)Commented:
You can use Process Explorer from Microsoft to look at the running processes. Specifically look for an alphanumeric (nonsense) name under the Explorer tree (left hand side list of process locations). If such a process exists, kill it, and do NOT restart.

Either way, after the above, run Malwarebytes (malwarebytes.org).
0
 
GMartinAuthor Commented:
Hello and Good Evening Everyone,

          Thanks so much for the thorough insights and resourceful links shared in response to my question.  I am confident I have the information needed to resolve this issue now.  If something else should come up during the troubleshooting session, I will create a new open post for it.

           Once again, many thanks.

           George
0
 
bigeven2002Commented:
Certainly, glad we could help.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now