Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of startsear.


  • Please log in to reply
25 replies to this topic

#1 BreannaNicole

BreannaNicole

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 February 2015 - 03:40 PM

A few days ago my Google Chrome started acting strange. Resetting simple settings nothing too big, but then I got pretty annoyed with it so I decided just to use IE for the time being, but the homepage was some startsear site. So I changed it, and it changed back without my permission. I googled around and tried everything it'd told me to and I always seem to think its gone because it's fine for a while, but then the next day I turn my computer on, check IE and it's back. I don't see any add-ons or extensions for it, ive ran malwarebytes, I've ran Adecleaner, both of which show I have something. I get rid of it and restart but it's always back within minutes. I'm not the greatest with computers and whatnot so maybe i'm missing something but I just can't seem to get rid of it without help at this point. OS is windows 7.

 

This is my first time posting hear so I apologize if i'm missing out on something i'm suppose to be doing :)

 

 

Edit: Forgot to mention a few things. Don't know if it'll help much but..

AwdCleaner shows, and I have deleted:

 

***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
And I have also found 
 
 
in regedit. I have deleted and changed it multiple times but it returns anytime I restart my computer.
 
 
 
It seems to be only changing my IE homepage. it's changed my Chrome ONCE but I changed it back to google and it was fine after that.
Just a little more detail if it'll help.

Edited by BreannaNicole, 11 February 2015 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:47 AM

Posted 11 February 2015 - 04:35 PM

I get hit with search.conduit every few days, GChrome extension extra probably, HitmanPro finds it, I delete it.  I'm guessing an extension somewhere is lodged tight, and replicates startsearch.  Stay tuned, BC regulars will soon give you excellent advice. I'll listen in, maybe I can get rid of my search.conduit while you rid startsearch.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:04:47 AM

Posted 11 February 2015 - 05:03 PM

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
You did Clean (delete) the entries found, right?


#4 BreannaNicole

BreannaNicole
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 February 2015 - 05:06 PM

Yep, I've cleaned them many times. It just keeps coming back :/



#5 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:04:47 AM

Posted 11 February 2015 - 05:10 PM

Have you tried resetting your browsers?

 

How to Reset your Browser



#6 BreannaNicole

BreannaNicole
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 February 2015 - 05:16 PM

Yes, I have. Still getting homepage, and startsear is still in the regedit.



#7 BreannaNicole

BreannaNicole
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 February 2015 - 05:30 PM

Does anyone know what this start item item "Maroon" is? or maroon.exe?

Don't really know what it is and wanna make sure it's ok.



#8 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:04:47 AM

Posted 11 February 2015 - 05:43 PM

maroon.exe is either a game or malware. Where is it located? Is it in C:\users\user\appdata\roaming, and in the following registry location? HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Edited by Phantom010, 11 February 2015 - 05:44 PM.


#9 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:04:47 AM

Posted 11 February 2015 - 05:46 PM

I get hit with search.conduit every few days, GChrome extension extra probably, HitmanPro finds it, I delete it.  I'm guessing an extension somewhere is lodged tight, and replicates startsearch.  Stay tuned, BC regulars will soon give you excellent advice. I'll listen in, maybe I can get rid of my search.conduit while you rid startsearch.

 

Conduit should be removed quite easily with AdwCleaner and Malwarebytes Anti-Malware.



#10 BreannaNicole

BreannaNicole
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 February 2015 - 05:47 PM

C:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup

 

and

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Edited by BreannaNicole, 11 February 2015 - 05:48 PM.


#11 BreannaNicole

BreannaNicole
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 February 2015 - 05:49 PM

Found it while looking through startup items.



#12 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:04:47 AM

Posted 11 February 2015 - 05:49 PM

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} is related to the Bing search engine. Could be a false positive, like many others found by AdwCleaner. I wouldn't worry about it.

 

SearchScopes is related to search engines.


Edited by Phantom010, 11 February 2015 - 05:51 PM.


#13 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:04:47 AM

Posted 11 February 2015 - 05:50 PM

C:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup

 

and

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Is Maroon in your list of installed programs (Programs and Features)?



#14 BreannaNicole

BreannaNicole
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 11 February 2015 - 05:51 PM

No it is not.



#15 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:04:47 AM

Posted 11 February 2015 - 05:52 PM

Is there a folder for it in C:\Program Files?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users