Last night I got a booby-trapped version of Acrobat that aggressively installed all manner of crap like Bubbledock and its associated rubbish. I've gotten rid of most of it by doing at least four separate hour long scans with Malwarebytes Anti Malware, which found literally hundreds of red items, and I also used SpyHunter to get rid of a lot more (tho SpyHunter now crashes about halfway through). I've also deleted as much as I can find from regedit, and uninstalled all programs and features that came through at that time, also from Program Files, Common Files, App data, Roaming, Temp etc......
Malwarebytes Anti Malware now does a clean scan, no infections found, yet I've still got iStartSurf coming up as the home page on IE and Firefox, even though internet options in both has it listed as a different home page.
Whilst I believe that the bulk of it has gone, there's obviously a remnant of it somewhere that is evading detection. I can't see any processes that look suspicious. A search in regedit leads me to HKEY_LOCAL MACHINE/SOFTWARE/Classes/Interface, where it has several REG_SZ IStartAddress entries, 1, 2 and 3. It won't let me delete these.
I can now surf the net relatively quickly (unlike the pop-up hell I had last night), but I'm still worried that iStartSurf comes up as the homepage and I can't seem to change it, therefore is it still spying on my passwords? I really need to do some internet banking today, but I guess I should go down the webcafe instead until this iStartSurf has gone completely?
I'm running Windows 7 Home Premium 64 bit with Internet Explorer 11 on a HP Presario CQ58 laptop
Edited by Queen-Evie, 18 August 2014 - 10:15 AM.
moved from Windows 7