Get rid of brower hijacker - Istartsurf

frajer

frajer last edited by

THANK YOU blackbird71!
o man I found it, thank You blackbird71 for that detailed explanation! and so soon!! I was expecting to see the answer in couple of days I manage to remove it from Chrome before and from system it was a pain as it was in lot's of places. Malwarebytes removed some but not all then I started Loaris but ofc it prompted me money at the end but I saw that it has log so I manually removed all suspicious files from that log..and some else lol..but all is ok now apart from Opera beta. I manually removed it from Chrome as well and in restored it to default settings. And is ok now it doesn't appear in Chrome. So as You described I found that, I hope last, peace of it, here is target:

"C:\Program Files (x86)\Opera beta\launcher.exe" ttp://www.istartsurf.com/?type=sc&ts=1424459648&from=smt&uid=WDCXWD2500AAKX-221CA1_WD-WCAYV196280462804

I edited and removed h so address is not clickable..I'm that paranoid , I've spent all day dealing with this

what next?

blackbird71

blackbird71 last edited by

Simply edit the shortcut's command in Target: to read "C:\Program Files (x86)\Opera beta\launcher.exe" by deleting all the text following it, and then click OK to close the shortcut panel.

Finally, just be sure there are no other contaminated shortcuts as well.

frajer

frajer last edited by

this was easiest part.
Well thank You very much once again. This was a drag. Well I don't know how else to check System, Malwarebytes didn't see this from beginning so maybe I should try once more with AdwCleaner? But somehow I think I would know if it is still here. Probably would show in some way. I don't have too many shortcuts on desktop and in the taskbar, I did checked all shortcuts.
Thank You man, You really helped me a lot.

blackbird71

blackbird71 last edited by

You're welcome. You can always try another pass with either tool, especially after rebooting the system, just in case something somewhere got missed earlier. But normally, unless there was true malware (virus-type) infection involved, that should be the end of the matter if their scans come up clean.

In the future, you can best keep free of this sort of thing by using great care in any freeware downloads of any kind - they are increasingly bundling adware with the downloads. Look carefully on the download or initial installer pages for checked boxes relating to other software - uncheck them if they offer to install other things besides what you're seeking. Even Flash and free AV software are doing some of this now. Whenever possible, download freeware directly from the maker's own site, rather than a "downloads house" like cnet, brothers, and the rest - bundling of adware is a growing problem on nearly all of them. Finally, before downloading anything free, go out on the net and spend some quality time seeking independent reviews or opinions of the product, especially at the security forums like Wilders, DSLR, Malwarebytes, etc.

frajer

frajer last edited by

everything completely true. Advices to the point! I usually do everything You said except this time. I believe it all started with downloading core temp application to check my PCU temp. I didn't look at all where do I download from and I remember I just clicked everything just to get it installed so I can check temps as I got 2 different measures and couldn't see what is true one. The difference was about 10degrees so I needed 3rd opinion..and everything went downhill
Lesson learned. Tnx.

lando242

lando242 last edited by

YAC is a bootleg version of Malwarebytes. They are not a legit company and you should avoid using their products.

Sources:
https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/
https://www.opswat.com/blog/opswat-certification-revoked-yac