Hotstartsearch.com

It is not easy to destroy, since it is invisible by name, but I got it and killed it.

In both IE and Firefox, I began noticing a redirector on my Google searches that was sending me to pages under the name "hotstartsearch." I've been hijacked! Or, at least both of my browsers were. I began doing research on "hotstartsearch" and found slight misinformation blended with a little knowledge. As of May 31, 2013, this malware is still relatively new and nothing, I really mean nothing, is available to rid it from your computer. The only way is manually at this time and being dissatisfied with the online information, I went on the hunt to rid it from my computer.

Their initial information is correct. You can search your entire system for "hotstartsearch" and you will find nothing. It is virtually invisible on your computer. I know, because I did three system searches, even with a Linux live CD, and I found nothing with that name or any combination of it. This "invisible" hijacker is very present and active. Later, in this article, I will tell you how to delete it.

I searched my registry entries by word-searches and nothing by that name. The blogs, forums, and sites that tell you that you should just look for "hotstartsearch" in your program installations under your Control Panel, but that is useless, since no such name appears. I then ran four virus and malware scanners, none of which found it or any other known malware, yet it has taken over my browsers.

What is "hotstartsearch"? It is a browser hijacker that redirects your search to malware sites. When you search in IE, Firefox, Chrome, or Opera, then you will get a pop up window, but if you aren't on your toes, you may click the link before realizing it is not Google and is hotstartsearch. If you follow through and click it, then you will possibly get additional malware.

I am not sure where I got it, so I conducted a file by file search to look for it. In the meantime, I got a temporary victory over it in IE 9 by setting my Pop-up blocker level to the High level. It stopped temporarily stopped hotstartsearch from redirecting while I figured how to kill it. I could now use my IE without being hijacked.

I searched for any newly installed programs by date. There it was. Four days ago a program was installed that I did not install. It was called "Fast Free Converter." I did a complete search of my system found it in two places. The main file was under Programs x86/FastFreeConverter/extension@FastFreeConverter.com, which now I was satisfied that I found the right bugger, even though the two files hidden do not say "hotstartsearch," they instead were "bowserOverlay.js" and "browserOverlay.xul." There it is—a Java script to take over your browser! I found the redirector under the name FastFreeConveter instead of hotstartsearch.

FastFreeConverter is Java-based Malware and it installs the hijacker "HotStartSearch" and other adware and malware. For example, when you have a mouse moveover on any blue highlighted word in an article, like a Wiki article, you will notice an unrelated 2" x 2" advert pop up. Other people report that it sneaks in through torrents, but more often through bundled shareware or freeware.

These are the steps that I took to destroy both FastFreeConverter and hotstartsearch.
1. First, FastFreeConverter will likely show up in your Program Uninstaller under your Control Panel. You can uninstall it that way. You can also look for it with the "Start up" tool in Crap Cleaner, if you have that program. You will see it as a startup under both IE and Firefox, which serves the same purpose as the browser "add on" functions.
2. FastFreeConverter has installed itself in a folder under Programs x86\FastFreeConverter. It has subfolders with Java files and other files that will be need to be deleted when you destroy it.
3. I found it in Firefox as an Extension, so if you uninstall it, you need to double check that to make sure it was automatically removed. Go to the Firefox tool button on the top left side and click the down arrow. Click "Add Ons." Click "Extensions" and you should see FastFreeConverter. (That is the hidden code name for hotstartsearch). If you have had it a while or if you clicked the hijacked page, then you may have installed a search engine in Firefox for hotstartsearch. To check this, click the down arrow next to the icon in the small search engine bar that has the magnifying glass. A menu drops down with a list of search engines and the bottom is "Manage Search Engine." Click that. See if hotstartsearch exists.
4. In my IE 9, FastFreeConverter was under the "Tools" icon, "Manage add-ons," which opened the window for "Toolbars and Extensions." You will notice that it is hidden. There is nothing for either FastFreeConverter or hotstartsearch. Look for the bar on the left side that says, "Currently Loaded Add ons." Click the down arrow and change it to "All Add Ons." Now you have a new list. Scroll down to the bottom, since they are categorized by corporation. In the listing for "Not Available" you will see one or two blank ones that are "Enabled" with no name. That is probably the one.
5. THIS IS HOW I KILLED IT.
a. First, disconnect your WiFi so that it will not automatically connect and reinstall while you are deleting it. Then go through your Control Panel to your Program Uninstaller to uninstall the FastFreeConverter. If you want to really, really kill it, then you may want to remove it with a uninstaller like Revo Uninstaller (freeware). I did, and even after its regular uninstallation, it still had 5 registry keys and 31 values that were left behind. And, just as I suspected, it tried to connect to the Internet when I uninstalled it, so be sure to follow my first line.
b. I immediately checked my Firefox and the FastFreeConverter add-on was delteted with the uninstalled program.
c. I checked my IE 9 and
d. If you are really paranoid, then once you see the date that it was installed, you can roll back your Windows system to a "restore point" prior to its installation.

You should be done.
Lee