Malware Startpaging123

[The Deerhunter]

I think I downloaded this from a trojan site, trying to get an advanced tech manual for a new WiFi range extender.  It now seems to have migrated through my LAN to another machine.  One is Win & Pro and the other is WIN XP.  It came in via Win-7.    I always have Malwarebytes and Spybot S&D free editions loaded and updated but it still got through.    I have been told several things to do but nothing works so far.  I think (hope) it is really just an annoying PUP but want to get rid of it in case it has other features added later.  I have bveen told a formula using three separated  malware programes in sequence that I have not used yet.  It was  supplied by an American VPN site techo.  I have and use one of the required steps already but I am nervous about adding two more  reputed anti-malware progs I have never heard of, into my system.  My international antivirus supplier had a tech person go into my machines by remote and over an hour later had achieved nothing but disabling some innocent programs.

 

Does anyone know of an anti malware prog, even a paid one, that will guarrantee to get rid of it completely.  I have removed the original infecting links but it just reloads itself each time. 

[RichCor]

If the infection can easily spread from system to system over your LAN then you need to physically isolate each machine from each other, clean and re-isolate each device, until you have all the machines clear of the infection. Hopefully you can also update all your machines to close the exploit that allowed it to happen.

 

I'd also suggest you NOT go downloading stuff from random sites to clean this.

Better you go to only technical support websites like Bleeping Computer and follow their guide.

[gjoo888]

My homepage was hijacked a while ago. I found an excellent (and free) solution on Windows Ten Forum:

https://www.tenforums.com/antivirus-firewalls-system-security/63456-what-logger-js-2.html

 

Here are the instructions from a very trusted expert on Windows Ten:

 

Please do NOT, under any circumstances, download and install Spyhunter!
Here are the steps I would recommend to clear your system:
Run the following programs in this order:
RKILL
TDSSKiller (check all boxes and let it reboot so it can scan properly)
RKILL (again, because everything RKILL does is undone by a reboot)
ADWCleaner (scan, then clean; it will reboot as well)
Malwarebytes Antimalware full custom scan of all drives (be sure to check the box for Rootkits)
JRT
Then, run Ccleaner on your registry, and also all your browsers' cache and temp files.
That should clear your system of this infection properly. 
EDIT: all these programs are free.

 

It takes some time, but cleared my problem completely. Good luck.

[RichCor]

I find it interesting that elizabe posts the first 3 suggestions showing direct links to malwarebytes programs, but the 4th for "doing a scan with malware removal tool (free virus scanner)" doesn't show what site/program is being downloaded.  "SpyHunter" is a bit controversial.

[chrisinth]

Basically this is a browser hijacker, not sure how it spread through a network to infect other computers?

 

To get rid of it manually, you need to reset your homepage, delete the add-ins and clear from the registry. This is applicable for each browser you use.

 

There are quite a few guides out there, the link below is just one of them. If you are tempted to go the Spyhunter route, make sure you download from the original website and delete it from your system once you are happy. If you follow the manual steps, you should be OK.

 

http://guides.uufix.com/guide-to-remove-startpageing123-com-completely/ 

[RichCor]

1 hour ago, chrisinth said:

If you follow the manual steps, you should be OK.

Hmm.  This exact url was posted by a newbie in this very thread, and now that newbie can't be found anywhere.

[chrisinth]

10 hours ago, RichCor said:

Hmm.  This exact url was posted by a newbie in this very thread, and now that newbie can't be found anywhere.

I didn't see that url posted on this thread. If it was, the poster probably did the same as me and chose one of the first comprehensive links for removal of startpaging123.com on the Google search page.

[The Deerhunter]

On 5/31/2017 at 4:09 PM, gjoo888 said:

My homepage was hijacked a while ago. I found an excellent (and free) solution on Windows Ten Forum:

https://www.tenforums.com/antivirus-firewalls-system-security/63456-what-logger-js-2.html

 

Here are the instructions from a very trusted expert on Windows Ten:

 

Please do NOT, under any circumstances, download and install Spyhunter!
Here are the steps I would recommend to clear your system:
Run the following programs in this order:
RKILL
TDSSKiller (check all boxes and let it reboot so it can scan properly)
RKILL (again, because everything RKILL does is undone by a reboot)
ADWCleaner (scan, then clean; it will reboot as well)
Malwarebytes Antimalware full custom scan of all drives (be sure to check the box for Rootkits)
JRT
Then, run Ccleaner on your registry, and also all your browsers' cache and temp files.
That should clear your system of this infection properly. 
EDIT: all these programs are free.

 

It takes some time, but cleared my problem completely. Good luck.

As stated, my systems are XP, and WIN-7, NOT Windows 10 so that is not where I feel I should go.

[ThaidDown]

8 minutes ago, The Deerhunter said:

As stated, my systems are XP, and WIN-7, NOT Windows 10 so that is not where I feel I should go.

The software suggested by gjoo888  is just as valid for XP and Win 7. They are the standard set for removing browser hijackers and similar malware.

 

[RichCor]

Did you look at the Bleeping Computer technical support site link I posted?

 

Have you ever FOLLOWED a do-it-yourself guide to ridding your system of issues?

[The Deerhunter]

10 hours ago, RichCor said:

Did you look at the Bleeping Computer technical support site link I posted?

 

Have you ever FOLLOWED a do-it-yourself guide to ridding your system of issues?

No, not yet to either question.  One pc is away with a h/w problem and I will not do this while I only have one working computer.

[RichCor]

Suggest you create a Drive Image then as a backup precaution.

 

Especially if your hard drive is already partitioned, or you have a external USB drive with spare space, you can download Macrium Reflect Free backup software and create a Full Image Backup of your C: Partition or Full Hard Drive -- along with boot recovery software.

 

I suggestion I highly recommend to anyone who will listen.

 

I have my laptop divided into three partitions: OS & Apps, Important Data, and stored Video Files and Backup Images. Before any major Windows Update or software upgrade I run a Full Image (or just the incremental changes) of my OS & Apps and Important Data partitions -- and keep rolling versions of all this on the larger partition reserved for large video files (and backups).

 

If an upgrade or update goes horribly sideways and I don't want to spend any time messing around with it I can choose to recover back to previously imaged version of just the OS and Apps partition without affecting my data or downloaded videos.

[The Deerhunter]

OK.  I have now got this problem sorted.  I followed RichCor's recommendation and went to Bleeping Computer. website.  The directions to clean the startpageing 123 malware were very clear and simple for anyone, even me to follow.  The trade-off was that there wer about six recommended steps  of which 4 were the critical ones.  I think it might have worked just as well missing #4 & #6 but what  the hell?  Who wants tod do the whole thing twice?  Well I did not miss any steps out but I had two computers infected so I did have to do it all twice.  I made sure one was turned off while I dis-infected the other so that cross-nfection was not likely to occur.  Some of the routines I have seen required things of me to do that I am not sufficientleyPC capable to do, so I was very happy with these instructions from Bleeping Computer.  Simple clear and totally complete.  I am now a happy camper and wiser about what to do next time I have a computer problem that is beyond me to handle.   Thanks for the help everyone.  Two clean computers.

[bendejo]

On 6/1/2017 at 11:14 PM, RichCor said:

Bleeping Computer

 

Interesting site, interesting recommendations, most of which I hadn't heard of before, like Zemana.  How long have they been around, what level of trust would you give them?

 

 

[RichCor]

It's been a while since I've last been asked to eradicate issues off someone's system, so I hadn't heard of Zemana before, but some quick research indicates they were well known for anti-keylogger software. They got into the anti-malware market (for profit) about 2 years ago. Now it's one of the big four:  MalwareBytes, Emsisoft, Zemana, and HitmanPro.

 

Even if my first step is a Google Search for an issue, I only use that as confirmation it's a known issue and has possible solutions. Ideally I'm looking out for forum posts on the issue, hopefully hosted on BleepingComputer, Malwarebytes, SpiceWorks, wilderssecurity, and a handful of other forums before I start downloading software.