Delta-Homes.com browser high-jack is one of the most annoying things there is. Users seem to get it out of thin air and it is very hard to remove. I have spend about 30 minutes to document what is going on with this high-jack and how to resolve this.
First of you will need to remove any spyware that was installed with this adware. I reset my IE to defaults and put the start page on bing.com. But still it started when opening IE. Thus I set of in regedit to find where this code was coming from and found several places;
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
"Search Page"="http://www.bing.com&q={searchTerms}"
"Default_Page_URL"="http://www.bing.com"
"Default_Search_URL"="http://www.bing.com&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command]
@="\"C:\\Program Files (x86)\\Opera\\Launcher.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Safari.exe\shell\open\command]
@="\"C:\\Program Files (x86)\\Safari\\Safari.exe\""
After running that registry import I assumed all would be well. But still it was showing up. This is because the Windows 8 start menu is comprised of several places on a users harddisk. Namely:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Here you will need to open all the .lnk files for all browsers you have installed and remove the command line arguments contained within these shortcuts.
There are however multiple locations where the shortcut for Internet Explorer (appearantly also Chrome) is located, namely:
C:\Users\UserName\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch C:\Users\UserName\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
After removing all these references it was gone.
EDIT:
I found another place where it shows up now: It not only replaces your default search page but also injects itself into the Search Scopes in the Add-ons menu. Now it’s easy to remove all the fake ones but it also changed both Google and Bings URL. This also needs to be edited in with RegEdit in the following place:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
Here you will find keys containing subkeys. Find the URL key in each of the SearchScopes and replace it with, for instance, http://www.bing.com. A restart of IE will be needed.