Windows 10 MyStarting123 Browser Hijacker - Just can't delete, TRIED EVERYTHING

ksuthayya · May 25, 2017

Hi,

My PC was infected with some Malware a couple of days ago and since then I've just been scanning and deleting unwated programs and software. No matter which anti-virus/anti-malware programs I use to scan and then quarantine and delete the infected files, the damn Mystarting123 automatically finds its way back to Google Chrome as my default search engine. As long as it's there, it'll continue to infect my PC with other shit and hence I want it out asap.

What I've already tried:
- Malware Bytes Anti-Malware: Have run umpteen scans on safe mode and normal.
- HitmanPro 3 (Free): Same as above
- UnHackMe: Same as above (this was the only one that actually found the mystarting123 files and I clicked "fix", there was no delete option, but it clearly hasn't been fixed)
- Bitdefender: Mostly useless, but have scanned using it too
- I've used Revo uninstaller to remove programs

Before, 2 days ago, it was a lot worse. The virus had taken admin access and wouldn't let me install programs, access the task manager or shutdown my PC and enter safe mode. I managed to do all of that, remove most of the nonsense on safe mode but now it's back. Everything I do, every scan I run .. It's always waiting for me in Chrome. (IE and Edge seem unaffected).

Please please help. All the solutions online say download these softwares and run or check for suspicious programs and processes and in the registry and delete, but there's nothing with the same name or something ridiculous that's make me want to delete it, and I don't want to fuck up my PC even more by deleting some important registry files.

PC Specs:
- Lenovo Y510P (Model No - 20217)
- 8GB RAM
- NVIDIA GeForce GT755M
- Windows 10 Home, Version - 1511
- Intel Core i7-4700MQ CPU @2.4GHz

ksuthayya · May 26, 2017

@kemical, Yep, always ran as admin.

Just did a clean install, all looks good!

Thanks a lot for your time everyone.

For anyone else that has this problem: In safe mode - Malware Bytes Anti Malware + Rogue Killer (+ UnHackMe optional). Then use Revo Uninstaller to remove and uninstall all browsers affected (use Advanced search). Before uninstalling Chrome, make sure your Chrome sync has been erased and turned off. You should be good. On the safe side, clean install Windows too!

ksuthayya · May 25, 2017

My recent post on Lenovo forums (yday) - Re: Recently had a Malware Infection & now I don't have admin access to install/uninstall & - Lenovo Community

Neemobeer · May 25, 2017

It probably has a persistence mechanism that is in memory. Remove it from safe mode.

ksuthayya · May 25, 2017

Neemobeer said:
It probably has a persistence mechanism that is in memory. Remove it from safe mode.

Remove it from Safe Mode? Okay, how? Using what tool? As I've said before, I have deleted and uninstalled everything using safe mode before and it just comes back. Do you have something specific in mind? If I can simply change my default browser from Chrome, which wont open of safe mode though, what're the chances that it'll simply come back?

Neemobeer · May 25, 2017

How to remove MyStarting123.com redirect (Virus Removal Guide)

ksuthayya · May 25, 2017

@Neemobeer, you didn't bother reading my post, did you?

The steps mentioned in the link you posted are the EXACT same steps as I've already taken and done MULTIPLE TIMES.

I have downloaded and run all those programs. I have restored Google Chrome's settings, hell I've even reinstalled Chrome!

Neemobeer · May 25, 2017

Then it probably wasn't completely removed or something else is dropping it on your system.

Neemobeer · May 25, 2017

You can also uninstall Chrome, then remove the UserData from your profile and any lingering Chrome data in C:\ProgramData then re-install. If you have an account linked to Chrome this also could be pulling down sync'd settings.

ksuthayya · May 25, 2017

Yep, that's what I think. Hence I'm looking for other advice/soltuions to make sure it goes once and for all, properly. I need help identifying what's bringing it back.

I do have an account linked to Chrome, so you're saying that after a clean install of Chrome I shouldn't ever log into Chrome again?

Neemobeer · May 25, 2017

You'll need to remove it from your Chrome Sync if it was sync'd, it's more likely it's just a lingering setting locally.

ksuthayya · May 25, 2017

Can you help with removal from Chrome Sync? I'm not sure what do to. I've gone and unsync'd from Google Dashboard, anything else?

Neemobeer · May 25, 2017

I'd start by removing Chrome and any remaining config in %LOCALAPPDATA% and C:\ProgramData. Then install Chrome without signing in and confirm it's gone. If it is then login to google and see if it pulls down. If it pulls down you can clear out Chrome sync from here https://www.google.com/settings/chrome/sync

ksuthayya · May 26, 2017

Thanks to UnHackMe and Rogue Killer I've (temporarily) removed the issue.

The virus actually found its way back even after running those 2 again on safe mode. On opening Chrome and signing back into Chrome, weirdly it'd come back only after going to Settings, it'd show up as my default search engine. Anyhow, I decided to use Revo Uninstaller to completely remove Chrome and reinstall it. ON doing so, the issue has been controlled for now. I haven't signed into my Chrome yet. Note, Chrome sync had been cleared and turned off before the uninstall.

I'm contemplating a clean install of Win from a USB and then and only then trying to sign-into Chrome. I need all the data that is in my partitioned drives apart from C. What do you think?

kemical · May 26, 2017

ksuthayya said:
I'm contemplating a clean install of Win from a USB and then and only then trying to sign-into Chrome. I need all the data that is in my partitioned drives apart from C. What do you think?

Personally I'd try a few more AV scans like this one:
Online Malware Detection

Or try a free trial such as this one.
https://www.kaspersky.co.uk/downloads/thank-you/internet-security-free-trial

Whenever you've ran a scan do you always right click and 'run as admin'?

ksuthayya · May 26, 2017

@kemical, Yep, always ran as admin.

Just did a clean install, all looks good!

Thanks a lot for your time everyone.

For anyone else that has this problem: In safe mode - Malware Bytes Anti Malware + Rogue Killer (+ UnHackMe optional). Then use Revo Uninstaller to remove and uninstall all browsers affected (use Advanced search). Before uninstalling Chrome, make sure your Chrome sync has been erased and turned off. You should be good. On the safe side, clean install Windows too!

kemical · May 26, 2017

ksuthayya said:
@kemical, Yep, always ran as admin.

Just did a clean install, all looks good!

Thanks a lot for your time everyone.

For anyone else that has this problem: In safe mode - Malware Bytes Anti Malware + Rogue Killer (+ UnHackMe optional). Then use Revo Uninstaller to remove and uninstall all browsers affected (use Advanced search). Before uninstalling Chrome, make sure your Chrome sync has been erased and turned off. You should be good. On the safe side, clean install Windows too!

Good job!

BIGBEARJEDI · May 27, 2017

2nd only to Rebooting your PC in fixing ALL kinds of computer problems, Clean Installs are a boon to mankind! Or perhaps, Cyberkind!
We recommend them very frequently when all else fails, or sometimes, even if they don't.

Best,
<<<BIGBEARJEDI>>>

Windows 10 MyStarting123 Browser Hijacker - Just can't delete, TRIED EVERYTHING

ksuthayya

New Member

ksuthayya

ksuthayya

New Member

Neemobeer

Cloud Security Engineer

ksuthayya

New Member

Neemobeer

Cloud Security Engineer

ksuthayya

New Member

Neemobeer

Cloud Security Engineer

Neemobeer

Cloud Security Engineer

ksuthayya

New Member

Neemobeer

Cloud Security Engineer

ksuthayya

New Member

Neemobeer

Cloud Security Engineer

ksuthayya

New Member

kemical

Essential Member

ksuthayya

New Member

kemical

Essential Member

BIGBEARJEDI

Excellent Member

Similar threads