Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


how the #### do i get rid of iStartSurf????

  • Please log in to reply
1 reply to this topic

#1 robertch


  • Members
  • 18 posts
  • Local time:03:29 AM

Posted 18 August 2014 - 08:31 AM

Hi everyone,
Last night I got a booby-trapped version of Acrobat that aggressively installed all manner of crap like Bubbledock and its associated rubbish. I've gotten rid of most of it by doing at least four separate hour long scans with Malwarebytes Anti Malware, which found literally hundreds of red items, and I also used SpyHunter to get rid of a lot more (tho SpyHunter now crashes about halfway through). I've also deleted as much as I can find from regedit, and uninstalled all programs and features that came through at that time, also from Program Files, Common Files, App data, Roaming, Temp etc...... 
Malwarebytes Anti Malware now does a clean scan, no infections found, yet I've still got iStartSurf coming up as the home page on IE and Firefox, even though internet options in both has it listed as a different home page.
Whilst I believe that the bulk of it has gone, there's obviously a remnant of it somewhere that is evading detection. I can't see any processes that look suspicious. A search in regedit leads me to HKEY_LOCAL MACHINE/SOFTWARE/Classes/Interface, where it has several REG_SZ IStartAddress entries, 1, 2 and 3. It won't let me delete these.
I can now surf the net relatively quickly (unlike the pop-up hell I had last night), but I'm still worried that iStartSurf comes up as the homepage and I can't seem to change it, therefore is it still spying on my passwords? I really need to do some internet banking today, but I guess I should go down the webcafe instead until this iStartSurf has gone completely?
I'm running Windows 7 Home Premium 64 bit with Internet Explorer 11 on a HP Presario CQ58 laptop
Please help.
Best wishes,

Edited by Queen-Evie, 18 August 2014 - 10:15 AM.
moved from Windows 7

BC AdBot (Login to Remove)


#2 dc3


    Bleeping Treehugger

  • Members
  • 30,810 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:29 AM

Posted 18 August 2014 - 09:33 AM

Please download AdwCleaner and install it.
When AdwCleaner opens you will see an image like the one below.
Click on Scan to start the scan.
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Please download Junkware Removal Tool.
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
Click on Run to initiate the installation.
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.

Please download Temp File Cleaner by Old Timer and save it to your desktop.
1. Save any unsaved work. (TFC will close ALL open programs including your browser!)
2. Double-click on TFC.exe to run it. (If you are using Vista or Windows 7, right-click on the file and choose "Run As Administrator".)
3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If you are not prompted, manually reboot the machine to ensure a completion.
Please  post the Malware log.

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users