What Is The MyStart Incredibar Virus (Incredibar Virus)?

MyStart, often refereed to as Search Incredibar (Search.Incredibar.com), Mystart, Mystart search bar, Incredibar, Incredibar Search Tool, Mystart Incredimail, Incredimail., or MyStart Search Tool, is a very dangerous internet browser hijacker which uses browser helper objects (BHOs) and configures host settings in order to redirect infected victims using the internet to their websites. In particular: Mystart.incredibar.com. (not a malicious website)
Many internet users suspect this Mystart as being a mild, common, or realistic search tool. It is not, but user’s infected by MyStart can experience symptoms which range from simple CPU usage drains (unnoticed) to complete system crashes. The MyStart search tool is definitely a virus. Mystart is utilized by the use of backdoor processes or Trojans.

• Similar browser hijackers include Babylon search, Media Finder, and adware Text Enhance.

McAfee detects Incredibar installer as Heuristic.LooksLike.Win32.Suspicious.B., TrendMicro detects it as TROJ_ENCPK_0000009.TOMA and ESET also sees it as a threat Win32/ImInstaller potentially unwanted application.

If MyStart is not removed from your computer:

• Your computer can become malformed and operate improperly.
• Your browser settings become corrupted and internet usage is taken hostage by a constant redirection setting to drive-by-download websites which can open the door for more infections, and over-all cause a wide range of operating system related issues associated with Trojans (Privacy threat).
• Computer accesses may become blocked or locked if not MyStart is not addressed, similar to ransomware.

What Are Symptoms Of The MyStart Virus?

Symptoms for the MyStart virus range. Some infected users may notice only a few symptoms, some may have severe issues, and some infected computer users may never detect any symptoms. All symptoms listed below occur without consent of the computer user.

• MyStart uses browser helper objects (in this case search tools) and infects some users by installing Mystart.incredibar search toolbar into their internet browser (most vulnerable: Mozilla FireFox) which redirects internet users to MyStart’s websites. Some internet users are redirected for every search or webpage they visit.

• User initiated browsing and search is redirected to Mystart.incredibar.com while using the internet.

• High levels of CPU usage is used due to MyStart processes, which can cause systems to crash or become malformed.

How To Remove The MyStart Browser Search Virus

There are many ways to remove the MyStart for different victims. After removal it is recommended to change the preference settings in each internet browser installed on your system which have been altered by MyStart (such as home page settings).

1. Malware Removal Sofware
2. Disable Add-ons And Extensions
3. Manually Kill Processes, Delete Files, And Delete Values
4. Restore Computer To Date And Time Before Infection

1. Malware Removal Software

The easiest way to remove MyStart.Incredibar is by utilizing the free version of Malwarebytes. Malwarebytes is proven to remove the MyStart Virus.

Try Malwarebytes, the Leader in Malware Removal

2. Disable Malicious Add-ons And Extensions

If MyStart is infecting your search tools by use of Browser Helper Objects, there is most likely an add-on or extension in your internet browser which must be disabled and removed. We will detail instructions for Mozilla Firefox first since FireFox is the most common browser infected by MyStart, then we will proceed to Google Chrome, Microsoft Internet Explorer, and Apple Safari.

Mozilla Firefox

Step 1: Open Firefox and navigate to Tools > Add-ons (or Ctrl+Shift+A)

Step 2: Select Extensions, find the MyStart extension (MyStart, MyStart.Incredibar, or any other suspicious plugin) and click disable, then remove.

Step 3: Click on the magnifying glass search icon as shown in the image below and select Manage Search Engines…

Step 4: Choose the MyStart Search from the list of search engine, click Remove to succesfully remove it. Proceed to click OK to save changes.

Step 5: Navigate to Tools > Options. Under the General tab reset the startup homepage or change it to your preferred search engine (ie: google.com, etc).

Step 6: In the URL address bar on Firefox, type: about:config and hit Enter.

Step 7: Finally click I’ll be careful, I promise! to continue.

Step 8: In the search filter at the top of Firefox, type: mystart

Step 9: You should see all the preferences that were changed by IncrediBar toolbar. To complete the Mystart removal, right-click on the preference and select Reset to restore default value and continue to reset all found preferences!

Optional: Block MyStart Cookie (Firefox)

1. From the Tools menu, select Options
2. In the upper section of the Options window, click Privacy
3. In the Cookies tab, click Exceptions
4. In the new Exceptions – Cookies window, enter mystart.incredibar.com

Google Chrome

Step 1: Open Chrome, click on the Settings Icon (wrench), and navigate to Tools > Extensions.

Step 2: Select the MyStart plugin from the list (MyStart, MyStart.Incredibar, or any other suspicious plugin) and click disable, then remove.

Step 3: Click on the wrench icon once again and select Settings.

Step 4: Click the Manage search engines… button.

Step 5: Select your preferred search engine from the list and make it your default search engine (ie: Google).

Step 6: Select MyStart Search from the list and remove it by clicking the “X” mark as shown in the image below to finish the removal process.

• Please note: To search which extensions are currently running on Chrome navigate to Tools > Task Manager

Microsoft Internet Explorer

Step 1: Open IE, click the Tools button and then select Manage Add-ons.

Step 2: Select Search Providers. Choose Bing or Live Search search engine and make it your default web search provider (Set as default).

Step 3: Remove MyStart Search and Incredibar Customized Web Search engine providers and close the window.

Step 4: Finally navigate to Tools > Internet Options. Select the General tab and click the “use default” button or enter your preferred homepage, such as google.com instead of http://mystart.incredibar.com. Click OK to save the final changes.

Optional: Block MyStart Cookie (IE)

1. From the Tools menu of Internet Explorer, select Internet Options
2. Select the Privacy tab, and then click Sites. The Per site privacy actions window will be displayed
3. In the Per site privacy actions window, enter mystart.incredibar.com in the Address of Web site field.
4. Click Block

Optional: Restricted site option (IE)

1. Access: Tools(Alt-x) > Internet Options> Security > Restricted sites
2. Click the “Sites” button and enter:  mystart.incredibar.com

Apple Safari

Step 1: Open Safari, go to Preferences and click Extensions.

Step 2: Remove/Disable the MyStart extension.

3. Manual Removal Instructions To Remove Mystart.incredibar.com

There are separate ways to manually remove MyStart. First of all, check your Window’s uninstaller and uninstall any MyStart programs:

• Navigate to Control Panel > Add or Remove Programs ( or Uninstall a program)
• Uninstall MyStart associated programs

1. Kill the Mystart.incredibar.com processes

• Open Window’s task manager (Ctrl+Alt+Delete > Task Manager)
• Click the “Processes” tab, browse for the MyStart virus processes (below), right-click each and select “End Process”. (random characters: unknown letter and or number sequences)

(random characters).exe of Mystart.incredibar.com
Fake svchost.exe system process

2. Delete the associated Mystart.incredibar.com files

%Windows%\system32\DRIVERS\[random].sys
%Windows%\system32\fake consrv.dll
%Windows%\system32\fake svchost.exe
%AppData%\(random).exe
%Temp%\(random).class

3. Remove related MyStart registry values

• Click the “Start” menu and  type “regedit” in the search field, then press Enter to access Window’s registry editor.
• While the Registry Editor is open, search and delete the following registry entries listed below by right clicking them and selecting delete.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(random).exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch=(site address)
HKEY_CLASSES_ROOT\Interface\[random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\(random)

4. Restore Computer To Date And Time Before Infection

Restoring your Window’s computer to a date and time before you computer was infected by the MyStart viruses will ensure the safety of your internet browser if orchestrated correctly. We have provided instructions for a simple restore for victims who are able to access their desktops correctly, as well as instructions to restore for victims who can not access their operating systems.

Start Menu Restore

Standard directions to quickly access Window’s System Restore Wizard.
1. Access windows Start menu and click All Programs.
2. Click and open Accessories, click System Tools, and then click System Restore.‌
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Restore your computer to a date and time before infection.

Safe Mode With Command Prompt Restore

If you can not access your operating system, this is the suggested step.
1. Restart/reboot your computer system. Unplug if necessary.
2. Enter your computer in “safe mode with command prompt”. To properly enter safe mode,repeatedly pressF8 upon the opening of the boot menu.

3. Once the Command Prompt appears type “explorer” .

4. Once Windows Explorer shows up browse to:

• Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
• Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter

5. Follow all steps to restore or recover your computer system to an earlier time and date, before infection to complete.

More information on Window’s system restore: http://windows.microsoft.com/en-US/windows-vista/System-Restore-frequently-asked-questions