Get rid of brower hijacker - Istartsurf
-
bogdanlazar last edited by
I have used adwcleaner, and some other programs but did not help. I successfully removed it manually from ie and firefox according to the instructions found on many websites, but nothing about opera. I'm using Opera 24.0. i tried to delete the files from appdata/local/, I've deleted the cookies .. didn't help.
-
frajer last edited by
i don't understand any of this, anyone pls write in step by step
Dave said:
Did you check the command line in Opera's startup shortcut?
Did you check the command line in Opera's startup shortcut?
and sgun:
Is that the shortcut you use to start Opera - and that isn't the command line of the shortcut. The command line should be "C:\Program Files (x86)\Opera\launcher.exe" (with nothing after the second quote).what does that mean, please I can't get rid of this..
-
frajer last edited by
i'm using Opera beta, I managed to remove it from Chrome and apparently form Opera and looks alike from system..I hope..only for Opera beta I can't find it. I don't understand what are switches or how it can be in command line.
thanks -
blackbird71 last edited by
Istartsurf is adware that hijacks your browser to force it to use Istartsurf's websites and show their ads. To get rid of it, you have to remove all of its program files from your computer and undo the changes it makes to your system's registry, which removal is what the Malwarebytes and AdwCleaner tools will try to help you do.
You may also have to manually remove any changes the adware may have made to any of the shortcuts used for starting up your browser... shortcuts are the little icon-buttons on your desktop or your taskbar/toolbars, and they contain commands to the computer to start up the associated program. Adware hijackers can attach special command terminology to what is written within those shortcuts and which may force a browser to go directly to the adware's website upon browser startup... in which case, you have to clear out that added terminology if it exists.
When you right click a startup icon for Opera, you should see a Properties entry (if the icon is in your Windows taskbar instead of the desktop, you will then need to right click on the software name as well to see the Properties entry); left click on that Properites word to bring up the Properties panel for the shortcut. Under the shortcut tab, you should see a Target: line with a computer command in it. That command should ordinarily read "C:\Program Files (x86)\Opera\launcher.exe" with no other terms or letters behind those words. If something else appears there, copy it and report back here. If it reads as written, then the shortcut is OK.
Note that if you have other browsers, or browser shortcuts in other user accounts, you should manually check each and every one to assure that all of the adware linkages have been completely cleared out.
-
frajer last edited by
THANK YOU blackbird71!
o man I found it, thank You blackbird71 for that detailed explanation! and so soon!! I was expecting to see the answer in couple of days I manage to remove it from Chrome before and from system it was a pain as it was in lot's of places. Malwarebytes removed some but not all then I started Loaris but ofc it prompted me money at the end but I saw that it has log so I manually removed all suspicious files from that log..and some else lol..but all is ok now apart from Opera beta. I manually removed it from Chrome as well and in restored it to default settings. And is ok now it doesn't appear in Chrome. So as You described I found that, I hope last, peace of it, here is target:"C:\Program Files (x86)\Opera beta\launcher.exe" ttp://www.istartsurf.com/?type=sc&ts=1424459648&from=smt&uid=WDCXWD2500AAKX-221CA1_WD-WCAYV196280462804
I edited and removed h so address is not clickable..I'm that paranoid , I've spent all day dealing with this
what next?
-
blackbird71 last edited by
Simply edit the shortcut's command in Target: to read "C:\Program Files (x86)\Opera beta\launcher.exe" by deleting all the text following it, and then click OK to close the shortcut panel.
Finally, just be sure there are no other contaminated shortcuts as well.
-
frajer last edited by
this was easiest part.
Well thank You very much once again. This was a drag. Well I don't know how else to check System, Malwarebytes didn't see this from beginning so maybe I should try once more with AdwCleaner? But somehow I think I would know if it is still here. Probably would show in some way. I don't have too many shortcuts on desktop and in the taskbar, I did checked all shortcuts.
Thank You man, You really helped me a lot. -
blackbird71 last edited by
You're welcome. You can always try another pass with either tool, especially after rebooting the system, just in case something somewhere got missed earlier. But normally, unless there was true malware (virus-type) infection involved, that should be the end of the matter if their scans come up clean.
In the future, you can best keep free of this sort of thing by using great care in any freeware downloads of any kind - they are increasingly bundling adware with the downloads. Look carefully on the download or initial installer pages for checked boxes relating to other software - uncheck them if they offer to install other things besides what you're seeking. Even Flash and free AV software are doing some of this now. Whenever possible, download freeware directly from the maker's own site, rather than a "downloads house" like cnet, brothers, and the rest - bundling of adware is a growing problem on nearly all of them. Finally, before downloading anything free, go out on the net and spend some quality time seeking independent reviews or opinions of the product, especially at the security forums like Wilders, DSLR, Malwarebytes, etc.
-
frajer last edited by
everything completely true. Advices to the point! I usually do everything You said except this time. I believe it all started with downloading core temp application to check my PCU temp. I didn't look at all where do I download from and I remember I just clicked everything just to get it installed so I can check temps as I got 2 different measures and couldn't see what is true one. The difference was about 10degrees so I needed 3rd opinion..and everything went downhill
Lesson learned. Tnx. -
lando242 last edited by
YAC is a bootleg version of Malwarebytes. They are not a legit company and you should avoid using their products.
Sources:
https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/
https://www.opswat.com/blog/opswat-certification-revoked-yac