This is a do-it-yourself tutorial to remove iStartSurf virus from an infected computer, also encompassing a detailed description of this adware program.
iStartSurf is the name of a brand-new adware which is growing into a major concern for both the infected users and the security community overall. The things that are particularly troubling about it include the rapid global distribution and nontrivial obtrusiveness being exhibited. In the meantime, iStartSurf’s goals are fairly typical: it aims at attracting web traffic to its landing page in an unethical way. This entry is going to dwell on all of these features of the malicious program under consideration.
The spreading of this infection involves so-called “bundling,” which is a technique where an application is downloaded and its terms are automatically agreed to without actually consent on the user’s end. This method is powered by third-party apps being loaded with iStartSurf installer which is presented on an opt-out basis. This is why the default setup option isn’t always a good idea to stick to; one should instead choose the custom install in order to at least see what’s under the hood. Such risk is most likely to emanate from freeware, the authors of which get paid for including additional items into their setup packages. Be particularly careful when installing browser plugins, add-ons, media players, file format converters, codecs, and file downloaders. In any case, be sure to inspect these for extras before proceeding with the setup.
As unauthorized as it is, the infiltration of iStartSurf into a PC is followed by unapproved addition of a browser extension to Internet Explorer, Chrome and Firefox if used on the target machine, which most likely is the case. This browser helper object makes a mess of your custom settings such as the new tab page, the homepage and the default search engine. Whatever URLs these resolved to before the contamination, they now get replaced with iStartSurf.com whose snapshot is provided above. This page is a hub for the adware’s activity because it’s got what the cybercriminals are primarily after – the sponsored links, banners and other sorts of advertising-oriented information. In fact, you don’t even get the normal search services on there, although the site looks like a search provider. It redirects any keyword lookup to another provider. So, ads are what this campaign is all about.
It takes quite a bit of playing around with browser settings to resolve this issue: you’ve got add-ons to uninstall, and settings to modify. Furthermore, the use of an automatic cleanup tool will get the rest of the remediation job done.
iStartSurf virus automatic removal
All the other adware uninstall methods being worth a try, the cleanup using automatic security software guarantees a proven fix involving little user effort and a trouble-free procedure.
- Download and install the featured security tool and launch an in-depth malware checkup by clicking Start Computer Scan buttonDownload iStartSurf.com remover
- When the software returns a list of malicious and potentially unsafe items found on the PC, select Fix Threats in order to have the iStartSurf app uninstalled from your machine. An additional virtue of this process is the elimination of other threats that may be active in the background.
Use Control Panel to uninstall iStartSurf adware
- Go to Control Panel from Windows Start menu. If you are using Windows XP or Windows 8, proceed to Add or Remove Programs. If it’s Windows Vista or Windows 7, Uninstall a program is the right option to click
- Carefully examine the list for iStartSurf program or other app which you think might be the affiliated troublemaker, most likely some freeware that was lately installed. Once the corrupt object is found, click on it and select the Uninstall/Change option to complete the uninstall
Remove iStartSurf hijacker from browsers affected
The procedure covered in this section presupposes the elimination of web browser components installed by this adware as well as restoring the right values for the modified preferences.
iStartSurf removal in Firefox
- Open Firefox and type about:config in the address bar. Click the button that says “I’ll be careful, I promise!” on the warranty warning screen that appears
- Firefox will come up with a page designed for preferences lookup. Type istartsurf in the Search field and hit Enter. You will now see the list of all preferences that were modified by iStartSurf adware without being so authorized. Go ahead and right-click every item on the list, selecting the Reset option for each
- Now that the key settings have been restored to the state where they were unaffected by iStartSurf, you need to take care of the Firefox shortcut and make it point to the correct URL. So, right-click on the shortcut, pick Properties in the context menu and hit the tab named Shortcut. Find the field that called Target and delete the string that begins with http://www.istartsurf.com. Save the changes
iStartSurf removal in Internet Explorer
- Launch Internet Explorer and proceed to Tools – Manage add-ons
- Select Toolbars and Extensions in the left-hand pane, highlight iStartSurf and click Remove
- Proceed to Search Providers on the same interface, spot iStartSurf on there and remove it via the same procedure as the one described in previous step
- In order to restore your preferred start page, go back to Tools and select Internet Options. Hit the tab called General and enter the right address in the Home page field
- Internet Explorer shortcut settings can be corrected in the following way: right-click it, select Properties, hit the tab that says Shortcut, and delete the http://www.istartsurf.com part from the Target field
iStartSurf removal in Chrome
- Open your Chrome browser, click the Chrome menu icon to the upper right and select Settings on the list. Alternatively, type in ‘chrome://settings’ (without quotes) in the URL field
- Under the On startup sub-section, hit the radio button for Open a specific page or set of pages option and click Set pages
- Locate iStartSurf entry and click the X button that corresponds to it
- Under the Appearance sub-section of Chrome settings, check the Show Home button box and click Change
- On the screen that opened up, select Use the New Tab page and save the modifications made
- Under the settings sub-section called Search, click the Manage search engines button
- Locate iStartSurf entry and remove it by hitting the X button to its right
- Similarly to the other browsers, Chrome shortcut settings are to be debugged in the following manner: right-click on the shortcut, select Properties and click the Shortcut Now be sure to delete the string starting with http://www.istartsurf.com from the Target settings. Save the changes and exit
Complete the iStartSurf removal process
Given the likely persistence of this adware sample, it’s recommended to repeatedly check for its components after the cleanup procedure has been performed. Rescan your system with trusted security suite to make sure iStartSurf extermination has been successful.