Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Startgo123.com can't remove!

In Progress 
1K views 2 replies 2 participants last post by  kevinf80 
#1 ·
Hey! Since yesterday I've been having trouble with my browser. I use Mozilla Firefox and Windows 10 and whenever I open a tab, "Startgo123.com" pops up. I know its not safe and I've feel like I've done everything, manually and nothing is working. I have tried disabling extensions and uninstalling anything I do not recognize and restarting/rebooting firefox. I couldn't find any plugins or extentions that seemed out of the ordinary but I still disabled them and ran firefox without them and it still pops up. I've tried going into regedit, and tried some software to help me, but only one showed the startgo123 "virus(?)" and to remove it would require me to buy their program, which I cannot afford. I did try looking for the path of the virus and tried deleting it that way, resulting in making a new firefox profile and all. I really don't know where else to go or how to delete this. All the tutorials seem so easy but I've pretty much tried all the ways. It doesn't show up in opera or google chrome (I did delete google chrome though)
 
#2 ·
Hello Luann19 and welcome to TSG,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Run the following and post the produced logs....

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

Next,

Tweaking.com Registry Backup

  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on [IMG=[URL]https://i.imgur.com/hPxdDvj.png][/URL] and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.
    (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:


  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.

Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"



In the new window Select 1. Updates, when complete Select 2. Real Time Protection.



In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.



In the new window select "Scan"



When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab

The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)



On that screen select and highlite the scan details line, then select "Open Report"



Copy and paste that log to your reply...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin...
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top