Having been a computer tech for the past 2 decades, I’ve encountered and wrangled with my fair share of viruses on many computers. Some are fairly easy to remove, while others can dig their hooks into the registry and be very tenacious.
I’ve recently been faced with malware called istart123 which posed a bit of a conundrum because it did something I hadn’t seen before. I went through the normal steps of scanning, detecting and removing obvious malware files and references in the registry and thought I’d cleared everything out after the typical procedures. However, no matter what I tried (resetting all browser settings, clearing the cache, making sure the homepage was set to what I wanted, etc.), every time I opened up any browser, that darn istart123 page came up first. I couldn’t get rid of it!
Then I discovered a very sneaky and tricky thing: when I right-clicked on the browser’s icon and looked at the properties, something was added to the “Target” box that contains the exe command. Istart123 had inserted an extra string of text to the command line which caused the browser to open to that page every single time! Very devious! Turns out I had to right-click every single instance of every browser’s shortcut and change the properties individually and manually.
It got the better of me for a while, but now that I’ve seen this sneaky new trick, I’ll be better prepared for the next time the bad guys program their malware. Cat and mouse — game on!