Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

istartsurf infection - HELP


  • This topic is locked This topic is locked
5 replies to this topic

#1 AXN

AXN

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 09 September 2014 - 01:04 PM

Hello everybody,

All my browswers are infected and go directly to istartsurf.com

 

No idea how/where i I got it

 

I have Windows 7 x84

 

So far I tried "everything" I could think of:

Went throu registry and deleted anything to do with istartsurf.

Restored home page in all browser (IE 8, FF 32.0, Chrome 37.0.2062.103) BTW: I only use FF.

I used IObit Uninstaller and Revo but the istartsurf wasn't there to delete.

I also used:

Avast Premier > didnt find anything

SpyHunter > didnt find anything

TrojanKiller > didnt find anything

Malwarebytes Anti-Malware > didnt find anything

 

You guys here are my last stop. I have no more ideas what to do.

 

I did check the forum and found other victims of this "smart" bug, so I also run:

1.Security check

2.MiniToolBox

3.FSS

4.and also HighJackThis

 

I see this in the MiniToolBox log: (the rest I don't understand)

127.0.0.2                   www.onhax.net
127.0.0.1                   onhax.net
127.0.0.1                   labs.onhax.net
127.0.0.1                   forum.onhax.net
 

No idea what/how it got here - I don't use IDM (ever).

 

I'll wait if any kind soul will reply before posting more info.

 

TIA

AXN

 



BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:32 PM

Posted 09 September 2014 - 04:24 PM

Hi AXN and Welcome to BleepingComputer !

I am awaiting my Mentor to approve my sugguest fix as I am still in training. I will post back as soon as it has been approved ! 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:32 PM

Posted 09 September 2014 - 05:07 PM

Hello AXN

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

Please post the log Mini Toolbox created.

Step 2

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.

Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.


Step 3
 

  • Download TDSSKiller and save it to your Desktop.
  • Unzip the folder (Right Click > Extract to your Desktop).
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.in the style of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 AXN

AXN
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 10 September 2014 - 03:49 AM

Hi Seedy21,

Thank you very much for your help offer.

 

I did already solved the issue last night.

Apparently I did eliminated the iStartSurf but only thing was missing, was to delete the crap from the browsers via > right click on FF icon, right click on properties and delete the iStartSurf from/in Target window.  Do the same for IE etc.

 

I rebooted just in case. Problem and all the traces are gone. This may help others as well.

 

Again, thank YOU very much for your offer.

 

AXN


Edited by AXN, 10 September 2014 - 03:50 AM.


#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:32 PM

Posted 10 September 2014 - 01:50 PM

Hi Axn

 

Thank you for letting me know that you have fixed your problem.

 

I will get somebody to close this topic for you.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:32 AM

Posted 10 September 2014 - 05:36 PM

As the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users