| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 125307 | 2012-06-19 15:55:00 | Mystart.incredibar - Help, Sir Speedy!!!! | SurferJoe46 (51) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1282797 | 2012-06-19 15:55:00 | I had a HDD failure in my desk unit, and installed a new 500G and in the process of rebuilding all my favorites and files and such I got about a dozen Adobe Update info cards that came up . Somehow I accidentally OKd something that put Mystart . incredibar as a default search engine in Firefox . I only seems to affect Firefox, and Chrome and IE seem to be 'normal' OK . I've run HJT and used their . de/ site to test for baddies . The results were pretty much useless I even Googled for information/aid and did what was found there . Some of the registry entries that they mentioned - didn't even exist . THAT may prove to be a problem when I restart out of Safe Mode after the Spybot scan that is going on right now . Of note is that every anti-Mystart . incredibar site redirects to the same useless site . I got a tool that is supposed to remove it --- SUPER Antispy, but it although it found a lot of crappola, it did nothing to help . That Googling is being done on my Netbook, as it hasn't had any troubles, nor was it infected - just my desktop unit is messed up . Before I burn it down again and reinstall all 3 gazillion updates and programs --- is there any REAL way to get rid of this Trojan? I made the suggested registry changes in Safe Mode, and right now am running Spybot S&D to see if anything's still amiss - but I bet it is . If I can get the machine running again, and back online - with or without the Trojan still intact, if you want I can post a HJT scan . I may just burn it all down and start again . This is my very ancient now, SOYO Ultra Platinum Silver Dragon mobo 1 . 7Athlon XP, 2 . 5G RAM, XP-Pro, SP2,3, Microsoft Security Essentials Spybot Tea Timer 500G HDD (master) 500G HDD (slave) . Netgear Router/WIFI, running Cat5E direct to outlet on router . The WIFI is for the other units in the house . |
SurferJoe46 (51) | ||
| 1282798 | 2012-06-19 17:18:00 | I got HJT logfile for you::: Logfile of Trend Micro HijackThis v2 . 0 . 4 Scan saved at 10:57:25 AM, on 6/19/2012 Platform: Windows XP SP3 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP3 (6 . 00 . 2900 . 5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe c:\Program Files\Microsoft Security Client\MsMpEng . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\spoolsv . exe C:\Program Files\SUPERAntiSpyware\SASCORE . EXE C:\Program Files\Bonjour\mDNSResponder . exe C:\Program Files\Kodak\AiO\Center\ekdiscovery . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Web Assistant\ExtensionUpdaterService . exe C:\WINDOWS\system32\RunDll32 . exe C:\Program Files\Common Files\Java\Java Update\jusched . exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ500 0MUI . exe C:\Program Files\Microsoft Security Client\msseces . exe C:\WINDOWS\system32\wuauclt . exe C:\WINDOWS\system32\wuauclt . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Chrome\Application\chrome . exe C:\Documents and Settings\Big Head\My Documents\Downloads\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate . microsoft . com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32 . dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv . dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O4 - HKLM\ . . \Run: [CmPCIaudio] RunDll32 CMICNFG3 . CPL,CMICtrlWnd O4 - HKLM\ . . \Run: [Conime] %windir%\system32\conime . exe O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched . exe" O4 - HKLM\ . . \Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ500 0MUI . exe O4 - HKLM\ . . \Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces . exe" -hide -runkey O4 - HKCU\ . . \Run: [Google Update] "C:\Documents and Settings\Big Head\Local Settings\Application Data\Google\Update\GoogleUpdate . exe" /c O4 - HKCU\ . . \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe O4 - HKCU\ . . \Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware . exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos . scr/200 O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin . dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO . DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui . dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui . dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware . com - C:\Program Files\SUPERAntiSpyware\SASCORE . EXE O23 - Service: Bonjour Service - Apple Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery . exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice . exe O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService . exe -- End of file - 5735 bytes Plus, here's the Short Analysis:: [?] - C:\Program Files\Web Assistant\ExtensionUpdaterService . exe [?] - O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32 . dll [?] - O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService . exe I have not yet reopened Firefox, and am right now on the SOYO using Chrome . I ran another Spybot S&D and it found nothing after me taking the steps necessary to modify the registry . HOPEFULLY I didn't cripple anything, but I am not going to open Firefox until someone looks at this report . I did a search on these two::: O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui . dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui . dll And I just took the bracketed { } entries and got the following::: Oops! Google Chrome could not connect to mystart . incredibar . com --- both times, so I'm going to delete them via HJT . I'm gonna wait for more info though . |
SurferJoe46 (51) | ||
| 1282799 | 2012-06-19 20:20:00 | I dont think speedy has been here for a while. | stratex5 (16685) | ||
| 1282800 | 2012-06-19 21:05:00 | Speedy is away for 2 weeks visiting his Mum and has no net access. If it's till hanging around see if rkill will stop it | gary67 (56) | ||
| 1282801 | 2012-06-19 21:12:00 | Its not malware as such but can act like it, you actually allowed it to install when you installed some program. There would have been a check box ticked saying to install it. To remove it, run Revouninstaller portable, select it from the list ( should be there), and use advanced mode,once it runs through select all the folders, as well as all the reg keys then open FF, go to a page you want as a home page, From Tools/Options/General Tab - Use Current page. Should it still be there 1. Click on Tools 2. Then click Add-ons. Add-ons Manager will open. 3. Then click on Extensions. 4. Then look for incredibar among the list of the extensions and click remove to get total rid of it from your computer. Note: Please don't click disable, get rid of it by clicking remove. |
wainuitech (129) | ||
| 1282802 | 2012-06-19 21:33:00 | IF its still deciding to hang on - From another forum 1. At Firefox address bar, enter(type) about:config and press ENTER. 2. At Filter: field, type keyword.url 3. You should see a Preference name of keyword.URL in the list. Double click it, a "Enter String Value" input box will appear. 4. Replace the string with: www.google.com.my Click "OK" button Just checked mine and the Value is empty( I Dont use browser toolbars at all they are a PITA) as google is my home page, See below. 3930 |
wainuitech (129) | ||
| 1282803 | 2012-06-19 22:34:00 | open firefox type about:config into the address bar and hit enter scroll through the list, and right click on any entries that have mystart.incredibar in them, and click 'reset' EDIT:when you type about:config in and hit enter, there will be a search option. Type 'mystart.incredibar' in there and hit enter. All the entries that the search brings up, right click on and click reset. This will remove it. |
Nick G (16709) | ||
| 1282804 | 2012-06-19 23:06:00 | Thanks youse guys. We nailed it! It's gone. |
SurferJoe46 (51) | ||
| 1282805 | 2012-06-19 23:25:00 | Thanks youse guys. We nailed it! It's gone. Good to hear. |
Nick G (16709) | ||
| 1282806 | 2012-06-20 03:55:00 | Does anyone know where speedy's gone?? He hasnt had any activity for a while. |
stratex5 (16685) | ||
| 1 2 | |||||