Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Browser launching at startup, virus with a sense of humor?

01 Aug 2011   #1
The111

Windows 7 Ultimate x64
 
 
Browser launching at startup, virus with a sense of humor?

I am at my wit's end here. Earlier today I was unable to accomplish something which has never been a problem for me in the past. Simple file transfers over a local network between two Win7 PC's. I still haven't got to the bottom of it, but a newer problem has sprung up which would be pretty damn funny if it wasn't so frustrating.

So, in the middle of all my earlier networking problems, several people mentioned I should be using homegroups (which I still disagree with), and at some point after that, I rebooted my computer, and upon windows startup, a browser launched on its own and connected to homegroup.com (a bogus site). Hilarious... after an hour discussing homegroups, I get a strange never before seen bug (virus???) where my PC connects to homegroup.com on startup. Truly hilarious.

I've run full system scans with:
MBAM
MSE
Ad-Aware

The browser is Firefox (my default) if it matters. I've checked my startup folder, and msconfig. Also, note that homegroup.com is NOT my browser's homepage (it is still google.com as it's always been). I've checked running services... they are all accounted for.

This is hardly a catastrophic problem, the easy solution is to just close the browser. However it bothers me in general to have any unexpected behavior on my PC, and this one is extra special because of the whole homegroup ordeal. I am not sure how I could have a virus already... I just formatted this PC yesterday and have only installed trusted software (and MSE was one of my first installs as always).

Truly going crazy here. Is it possible while mucking around in all the advanced networking settings, I somehow typed the word homegroup in somewhere and caused this to happen? I doubt it... but I really have no other ideas. Help!

Thanks!


My System SpecsSystem Spec
.
01 Aug 2011   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

The IP for that site is 69.43.160.149 ... do you recognize it?
My System SpecsSystem Spec
01 Aug 2011   #3
Ztruker

Windows 10 Pro X64
 
 

>nslookup homegroup.com
Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
Name: www.homegroup.com.router
Address: 67.215.65.132

When I click on the link given I get failed to connect.

Were I you I would dump Homegroup and move back to good old WORKGROUP.
My System SpecsSystem Spec
.

02 Aug 2011   #4
The111

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
The IP for that site is 69.43.160.149 ... do you recognize it?
No, I'm not on a first name basis with any IP's.
My System SpecsSystem Spec
02 Aug 2011   #5
The111

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Ztruker View Post
Were I you I would dump Homegroup and move back to good old WORKGROUP.
That's the thing... I'm NOT using Homegroup... I think it's a silly idea and I never needed it. And just when I got into an argument about that on a different forum over a different topic, is when this whole thing started happening. Which is what makes it so (painfully) hilarious.
My System SpecsSystem Spec
02 Aug 2011   #6
The111

Windows 7 Ultimate x64
 
 

Well... here is something interesting! I removed FF for grins.

With FF gone, IE was my default again. Sure enough, it did launch... but it only tried to connect to http://homegroup/

Which means FF was adding in the www and com... which makes me even more suspicious this is not a virus but something I did in my network mucking. But I am pretty damn sure I never typed the word homegroup in anywhere... the only thing I did regarding homegroups was disable them everywhere I saw them!
My System SpecsSystem Spec
02 Aug 2011   #7
jgold98

Windows 7 Professional 64 bit
 
 

Last time my homepage was hijacked, I deleted all the cookies, and I think I didn't allow them, either. I'm not very experienced, but I think that will help with a problem like this.
My System SpecsSystem Spec
02 Aug 2011   #8
gregrocker

 

Homegroup saves a lot of time configuring Network. I wouldn't use anything else. I set up a network after install in about 2 minutes.

I'd boot and run Microsoft Standalone System Sweeper to check for infection hiding in System files. Run another Malwarebytes full scan.
My System SpecsSystem Spec
05 Aug 2011   #9
The111

Windows 7 Ultimate x64
 
 

I just created a new user to see if it happened with him, and sure enough it doesn't happen with the new user. So, I got out Wingrep and searched the old user folder (which was small enough that it didn't crash Wingrep like an entire C: search did), and I found one entry that made me suspicious:

Code:
C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
00007: fldr.dll,-11411SPSXFL8C&mFLF U^GU^GSj (KPO :i+00/C:\R1>EWindows<:>E*WindowsV1>8System32>:>8*System32t2(: GettingStarted.exeR::*EEGettingStarted.exe"U-TJC:\Windows\System32\GettingStarted.exe)@%systemroot%\system32\oobefldr.dll,-1162b{D36AFB67-9043-4714-B4A3-E9E9481750A1} %systemroot%\system32\control.exe /name Microsoft.HomeGroup"%systemroot%\system32\imageres.dll%SystemRoot%\system32\GettingStarted.exe
I deleted that file, and it solved the problem! No more http://homegroup/ browser launches!

Now, anybody have a good explanation for what that file is and how it got there?

Furthermore... I still am not able to get network shares working properly with my main account, and as an insult I noticed that my new dummy account I made for testing does network shares perfect right out of the box, with what appear to be the same exact settings I have on my main account. Grr. I guess if it bothers me enough I'll migrate the account somehow.
My System SpecsSystem Spec
05 Aug 2011   #10
gregrocker

 

Found this:

Quote:
GettingStarted.exe is a key process in operation system, which is responsible for system services that run from dynamic link libraries (files with extension .dll). Because it is used as a common system process, some spyware often uses a process name of "GettingStarted.exe" to disguise itself. By hiding under the fake name - “GettingStarted.exe”, spyware can damage more files and ruin your system gradually. Some spyware inject a .dll file into the authentic GettingStarted.exe process.

You may follow the methods below and see if it helps.
Method 1
a) Press Ctrl+Shft+Esc to invoke Task manager.
b) Go to Processes tab and Locate GettingStarted.exe
c) Right click it and select End process.
Method 2
You may perform clean boot to see if any third party service is causing this issue.
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7 How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
Note : After troubleshooting follow Step 7: Reset the computer to start as usual
Method 3
If the issue still persists, you may perform System File Checker to repair missing or corrupted system files.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
Method 4
You may run the virus scan from the link below to scan for viruses on your computer.
Microsoft Safety Scanner
Microsoft Safety Scanner - Free online tool for PC health and safety
Check if the issue is resolved.
Source: what is 'C;\ystem32\GettingStarted.exe'. and why -
My System SpecsSystem Spec
Reply

 Browser launching at startup, virus with a sense of humor?




Thread Tools




Similar help and support threads
Thread Forum
windows 7 - programs not launching fully after launched, virus?
Hi all Recently got a fresh installation of windows and HD from HP after my HD went bad about 2 weeks ago. They replaced a few other things. PC was fine but over the last 2 days things have seemed to have gone downhill. I noticed that occasionally I would click on a program icon to launch, the...
System Security
Windows keeps launching browser have re-imaged hard drive 6 times.
I am trying to fix a hp 2000-299wm laptop. I am encountering opening the browser and it keeps refreshing either on a separate window or redirecting to the browser home page. I have tried using google chrome, IE explorer, and mozilla firefox. None seem to work. I retested it after each re-image...
General Discussion
If Google Search Results Had a Sense of Humor
If Google Search Results Had a Sense of Humor | Cracked.com
Chillout Room
Anti-virus is a Poor Substitute for Common Sense
Source - Anti-virus is a Poor Substitute for Common Sense &mdash; Krebs on Security
News
How to block application from launching web-browser
Is there any simple utility or method to block an application from launching my browser without my consent? There are a few applications that will launch its company website through my web browser with no option turn it off. I used to use Kasperky Internet Security 7's proactive defense feature...
System Security
Why is firefox launching 2 instances on startup?
So did any one have to deal with this previously? I put firefox shortcut into the startup folder, and when windows start, firefox runs 2 separate windows. What's up with that? My google-fu didn't really help in this. Help me Sevenforums you're my only hope. Also, taskmanager is Not running...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:55.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App