MyStarting123 Browser Hijacker Infected my PC - Just can't delete, TRIED EVERYTHING

[uthayya]

Hi,

My PC was infected with some Malware a couple of days ago and since then I've just been scanning and deleting unwanted programs and software. No matter which anti-virus/anti-malware programs I use to scan and then quarantine and delete the infected files, the damn Mystarting123.com automatically finds its way back to Google Chrome as my default search engine. As long as it's there, it'll continue to infect my PC with other shit and hence I want it out asap.

What I've already tried:
- Malware Bytes Anti-Malware: Have run umpteen scans on safe mode and normal.
- HitmanPro 3 (Free): Same as above
- UnHackMe: Same as above (this was the only one that actually found the mystarting123.com files and I clicked "fix", there was no delete option, but it clearly hasn't been fixed)
- Bitdefender: Mostly useless, but have scanned using it too
- I've used Revo Uninstaller to remove programs

Before, 2 days ago, it was a lot worse. The virus had taken admin access and wouldn't let me install programs, access the task manager or shutdown my PC and enter safe mode. I managed to do all of that, remove most of the nonsense on safe mode but now it's back. Everything I do, every scan I run .. It's always waiting for me in Chrome. (IE and Edge seem unaffected).

Please please help. All the solutions online say download these softwares and run or check for suspicious programs and processes and in the registry and delete, but there's nothing with the same name or something ridiculous that'll make me want to delete it, and I don't want to mess up my PC even more by deleting some important registry files. All those guides are frustrating as f*@#, if I could've simply changed the browser settings and delete files, I would've done so already!

PC Specs:
- Lenovo Y510P (Model No - 20217)
- 8GB RAM
- NVIDIA GeForce GT755M
- Windows 10 Home, Version - 1511
- Intel Core i7-4700MQ CPU @2.4GHz

My recent post on Lenovo forums yday - https://forums.lenovo.com/t5/Security-Malware/Recently-had-a-Malware-Infection-amp-now-I-don-t-have-admin/m-p/3683467#M155651

Please help. I'm desperate now, need my PC work and haven't been able to do much recently.

 

[Colif]

best answer then is a fresh install

is there anything on C drive you want to rescue? try making this on another PC: http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/ - linux is probably immune to virus so copy anything you want to save using it onto another drive.
Also, on another PC, download the Windows 10 media creation tool and use it to make a win 10 installer on USB

change boot order in BIOS so USB is first, hdd second
boot from installer
follow this guide: http://www.tenforums.com/tutorials/1950-windows-10-clean-install.html

when you reach the screen asking for licence, click "I don't have a key" and win 10 will continue to install and reactivate once finished

On the screen where you choose where to install win 10, if it gives you an error about GPT drives, delete all the partitions on the hdd and press next. If it still gives error, cancel out of the installer and restart PC and start installer again, it will accept next on that screen this time (some PC just need a restart here)

Install a good av like BItdefender Free and scan the contents of the other drive before installing any of the old stuff on PC again to avoid a repeat.

 

[rgd1101]

MERGED QUESTION
Question from uthayya : "MyStarting123 Browser Hijacker Infected my PC - Just can't delete, TRIED EVERYTHING"

Hi,

My PC was infected with some Malware a couple of days ago and since then I've just been scanning and deleting unwanted programs and software. No matter which anti-virus/anti-malware programs I use to scan and then quarantine and delete the infected files, the damn Mystarting123.com automatically finds its way back to Google Chrome as my default search engine. As long as it's there, it'll continue to infect my PC with other shit and hence I want it out asap.

What I've already tried:
- Malware Bytes Anti-Malware: Have run umpteen scans on safe mode and normal.
- HitmanPro 3 (Free): Same as above
- UnHackMe: Same as above (this was the only one that actually found the mystarting123.com files and I clicked "fix", there was no delete option, but it clearly hasn't been fixed)
- Bitdefender: Mostly useless, but have scanned using it too
- I've used Revo Uninstaller to remove programs

Before, 2 days ago, it was a lot worse. The virus had taken admin access and wouldn't let me install programs, access the task manager or shutdown my PC and enter safe mode. I managed to do all of that, remove most of the nonsense on safe mode but now it's back. Everything I do, every scan I run .. It's always waiting for me in Chrome. (IE and Edge seem unaffected).

Please please help. All the solutions online say download these softwares and run or check for suspicious programs and processes and in the registry and delete, but there's nothing with the same name or something ridiculous that'll make me want to delete it, and I don't want to mess up my PC even more by deleting some important registry files. All those guides are frustrating as f*@#, if I could've simply changed the browser settings and delete files, I would've done so already!

PC Specs:
- Lenovo Y510P (Model No - 20217)
- 8GB RAM
- NVIDIA GeForce GT755M
- Windows 10 Home, Version - 1511
- Intel Core i7-4700MQ CPU @2.4GHz

My recent post on Lenovo forums yday - https://forums.lenovo.com/t5/Security-Malware/Recently-had-a-Malware-Infection-amp-now-I-don-t-have-admin/m-p/3683467#M155651

Please help. I'm desperate now, need my PC work and haven't been able to do much recently.

 

[Yamitime]

Try checking the Browsers executable ( the icon you click on for chrome .right click for properties) for lines of code after the exe. Delete as appropriate. for example chrome should look something like . C:\Program Files (x86)\Google\Chrome anything beyond this could be malicious code

 

[schwatzz]

Try Norton Power Eraser https://security.symantec.com/nbrt/npe.aspx

Be careful though, it might detect some false positives i.e programs or files that you need. Completely uninstall chrome. Try using FireFox instead for the time being. What was the means in infection? Did it come from downloading files or from browsing a website?

 

[uthayya]

@Yamitime, that was there initially but I changed that. Has nothing to do with the virus coming back everytime I sign-into Chrome.

@Colif That's what I'm contemplating. Tell me, what about the my others drives, partitions and data on those drives? Those'll be untouched, right?

 

[uthayya]

So, I've managed to remove it for now using RogueKiller. When I first came back to Chrome after using RogueKiller, the virus was still there but I've also used Revo Uninstaller to completely remove Chrome and then reinstalled it (made sure Chrome sync was cleared and off before uninstall) and now there isn't any mention of the search engine anywhere. I still haven't logged in but am contemplating a clean install first, suggestions?

 

[Colif]

if you want the other drives to remain untouched during clean install, unplug PC and then unplug them from internal power in PC so it can't see them. Added bonus is it stops win 10 putting partitions on the other drives. Then once win 10 boots onto new install, unplug PC again and reattach the hdd, and then scan any files you copy over before installing them.

 

[uthayya]

Thanks Colif and everyone else here. FYI, Clean install on affects the ONE drive you choose to install the OS on. As long as you're sure you're doing so only on C, all the other drives and partitions are going to remain untouched, so it's safe. PLUS, Windows creates a "Windows Old" folder that contains all the personal data that you could have on C (Documents, Videos, Downloads, Desktop etc)

Thanks a lot for your time everyone. I'm rid of the nightmare called MyStarting123. Lol.

For anyone else that has this problem:
1) In safe mode - Malware Bytes Anti Malware + Rogue Killer (+ UnHackMe optional).
2) Then use Revo Uninstaller to remove and uninstall all browsers affected (use Advanced search).
NOTE: Before uninstalling Chrome, make sure your Chrome sync has been erased and turned off.
3) Reinstall Browsers and check. Sign into them as well to be sure.
You should be good.
4) On the safe side, clean install Windows too! (Optional but recommended)

 

[uthayya]

If it wasn't clear from the above post. THIS IS NOW SOLVED. Above is the answer and steps wrt how to solve.