2 Replies Latest reply on Jun 24, 2013 8:48 PM by Hayton

    Start Now Question

      I am getting the following message:     "Your browser's search setting hav been changed away from StartNow.  This is usually done by malicious software.  Uncheck below if you want to disable protection of your search settings."           Is this a valid message or coming from malware?   it popped  up after we got hit with what looked like something that has been called the "FBI Firus". 

        • 1. Re: Start Now Question
          exbrit

          Moved to Top Threats for better attention.  If you saw anything indicating FBI or any other kind of ransomware I suggest immediate power off of that machine.  Then reboot into Safe Mode if it will let you, and try to initiate System Restore to go back to before it happened.   If successful, temporarily disable System Restore to get rid of the infected restore point.

           

          The procedure is outlined along with many othet tips in the last link in my signature below.

           

          If it is simply the StarNow toolbar, it probably arrived because someone failed to notice it as an additional and optional download with something else.

           

          There's a fairly good removal guide here:  http://malwaretips.com/blogs/remove-startnow-toolbar/

           

           

          .

           

          Message was edited by: Ex_Brit on 24/06/13 10:52:17 EDT AM
          • 2. Re: Start Now Question
            Hayton

            The same message was seen by someone cleaning their system of a (relatively minor) infection under the direction of 'Gringo' on BleepingComputer. I don't say that the circumstances will be the same, nor that the same range of unwanted adware and other PUPs will be found here, but it is likely that the same browsing history that introduced StartNow will also have provided some other things that should be removed.

             

            One program might not pick everything up - BleepingComputer have a range of different programs for different sorts of troubleshooting - but perhaps Malwarebytes would be a good one to start with. RogueKiller I haven't tried so I can't recommend it (yet).

             

            For a view of the removal process see http://www.bleepingcomputer.com/forums/t/475255/cannot-run-dds/.

             

            I definitely do not advise running ComboFix unless someone who knows it well is directing you to do so. And AdwCleaner has some undocumented side-effects so I don't advise that either.