General discussion

Locked

Where do I go from here?

By markdavies1 ·
I am a complete virgin to this site and this type of forum so please forgive me if I am in the wrong section and if so any advice to guide me to the correct one will be welcomed.

My problem is that I was following a link through google to locate a patch for a stategy game I have. The link took me to a site www.incredifind.com. I placed my info in their search box and that led me to another site (can't remember name) but that is when all the problems started. I couldn't find what I was looking for so I exited the site. Later when I came back to my PC I booted up IE only to find that it froze when trying to get to my deafult page (Google) and noticed in the bottom left hand corner that it was trying to find www.incredifind.com. I tried to visit other sites and exactly the same happend. I then went to my program files and regedit and deleted anything with incredifind mentioned. I then ran spyhunter and located anything that should not be there and deleted those files. Now when I run IE I get "this page cannot be displayed" with cannot connect to server again in the bottom left hand corner. I know that I had a proper connection for I could still send and receive emails. I have installed Mozilla Firefox to gain internet access again but I would still like to know what is wrong with my IE and is it possible to fix. I have even tried a system restore well before this incident occured but when I tried to connect, www.incredifind.com was still present. My IE had the servicepack 2 up date. Any help would be greatly appreciated.

Regards
Mark Davies

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

This will save you a lot of grief:

by dafe2 In reply to Where do I go from here?

You've likely "aquired" spyware. The tools & explanations to solve spyware problems were compiled and written by one of the Peers here - Apotheon - It was very well done:

http://techrepublic.com.com/5208-6230-0.html?forumID=5&threadID=165555&messageID=1693076

I'd probably start with SpywareBlaster & Ad-Aware tools. In any event, that post is a one stop read for the 'best of breed' spyware & adware killers out there.

Collapse -

Browser Hijacker

by willcomp In reply to This will save you a lot ...

Good reference by dafe2 in his response.

Visiting "pirate" sites will almost surely result in some form of malware on your PC. Surely you will attest to that.

As a minimum, you have the Incredifind browser hijacker and probably several more adware/spyware/hijacker programs.

Start by downloading, installing, updating, and running Ad-Aware SE and Spybot Search & Destroy. Both are available at Download.com.

Next step is a virus scan with an up-to-date anti-virus program. Download and install AVG Free from Grisoft.com if you don't already have an anti-virus program. I suspect a couple of downloader trojans will be lurking about as well.

The rest of the tools referenced by apotheon can be used for further cleaning as needed.

Dalton

Collapse -

Many Thanks, but?

by markdavies1 In reply to This will save you a lot ...

Thankyou for taking the time to reply and pass on your advice. I have to the best of my knowledge and ability done what you have said. I had already on my system Norton Internet Security which I updated regulary so I am still a bit bewildered how whatever it is got on my system. Anyway what I did do is dowm load Spywareblaster and AVG Free and ran a check with those. Spywareblaster found a number of things and I promptly deleted them. I then ran AVG and it located 3 threats which it said it could not heal. When I clicked on the details bar to check on what they were from the virus encyclopedia my Norton system kicks in with a warning (MEDIUM RISK avgwb.dat is attempting to access the internet. What do you want to do? Block recommended from Norton). Now avgwb.dat may as well be cuniform as I don't have a clue what the computer is trying to say to me and therefore I cannot proceed as I don't know whether connecting will create more problems for me. The other thing is that the information received about what the threats are seem to be in files that I need so I don't know if I should delete them or what the next process should be since AVG said they could not be healed.

What follows are the 3 threats that were discovered by AVG:

C:\Documents and Settings\Administrator\Local Settings... Trojan horse PSW.BispyA Infected,Embedded object.

C:\Documents and Settings\Administrator\Local Settings... Trojan horse PSW.BispyB Infected,Embedded object.

C:\WINDOWS\System32\bi6.exe\birep.exe Trojan horse PSW.BispyB Infetced,Embedded object.

Again any advice will be welcomed.

Collapse -

Run Hijackthis as a last resort but try this first

by dafe2 In reply to Many Thanks, but?

I'd try spysubtract next:

http://www.intermute.com/products/spysubtract.html

Others here may be able to offer a better solution before you go onto the next idea...

As a last resort try this (From Apotheon post): (But be careful if you do)

HijackThis - http://www.tomcoyote.com/hjt
If you are not an expert, DO NOT USE THIS without guidance from someone (trustworthy) who is. This tool does nothing but show you raw data from configuration files and the like that commonly show traces of malware. It can be used by diagnosis by someone that knows what he's looking for. If you just delete everything it shows you, though, not realizing that a lot of what it shows has nothing to do with malware, I can guarantee that any Windows system you do this with will cease functioning. This is a last-resort tool, if nothing else works. Much of the same usefulness as this can be gained from Bazooka's logfile output, though.

Collapse -

Once Again Into The Fray

by willcomp In reply to Many Thanks, but?

Allow avgwb.dat to access the Internet. It's connection to AVG malware database.

Install update and run Ad-Aware SE and Spybot S&amp. Both should remove Incredifind and most other adware/spyware. They aren't cure-alls but will, in tandem, remove vast majority of adware and spyware.

Dalton

Collapse -

Good advice and actions - need knowledge

by Deadly Ernest In reply to Many Thanks, but?

The other posters have given you good advice and the actions being taken are all good. However, you need to learn a few things.

1. Norton Internet Security is NOT an anti-virus program it is software that will monitor and control activity between your system and the Internet, level of control dependent upon they way it is set up.

2. Everything you see or do on the Internet is possible because the web sites that you visit automatically download files onto your computer and your system opens them and runs them.

3. Some web sites include malicious files or malicious code in the files that they download to your computer with the web site files.

4. An anti-virus program should be installed and active at all times. When set up properly it will automatically check all files being downloaded from the Internet, and should also check all files that are being opened or run on your computer. This will stop any known virus from running.

5. You need to regularly update the virus defintions for your AV program or it will not beable to recognise and stop any new virus.

6. Most AV software actually get virus details from the manufacturer's website when you ask for them. That is what the AVG was upto when Nortons asked you about letting it do that.

7. With MSIE in the Internet Options the last tab has a bunch of setting on of which is to 'Empty tempory Internet folder when closing IE' tick that box - this will help get keep the system clean and save the folder getting to full.

8. I use and recommend you use a better browser than MSIE, I use a MSIE overlay browser called Avant from www.avantbrowser.com - this uses the core MSIE program but has a different interface with more security settings and options, also it is a tabbed browser and uses less resources than MSIE itself. Plenty of other good fish out there as well, so try using one of them and get better security.

Collapse -

It may be repaired but never trusted again.

by iiiears In reply to This will save you a lot ...

As most adware/spyware is installed without your knowledge and against your wishes. Alsways using little known or documented holes in IE or Windows Usually modyfying or replacing system files and adding others.
Most modern viruses splice system files often have another copy running in parity to replicate, start at boot up with OS system level priviledges after splicing vital OS files.
If part is removed or even tested for it hides and or reinstalls the second encrypted piece of code. Restore partitions are no sanctuary from invasion to be drawn on for a reinstall.

I would suggest that you Download a bootable "Live CD OS" to do a virus scan on your hardrive while it isn't used. Bart's PE, Knoppix, Ubuntu, Etc. Salvage your data and fdisk or dd wipe, format and reinstall.

64bit processors will provide some protection against current and very common buffer overflow exploits used against browsers and applications with the "no execute" bit. 32 bit machines can be confused and compromised by carefully constructed and overly long code strings. We can only hope that the ethically challenged are slow to catch on.

Disk imaging a fresh install can save time on the next install. Compared to searching for the cause of an OS failure it's much faster than loading CDs patching and installing and adjusting applications.

Collapse -

Game Patches

by BFilmFan In reply to Where do I go from here?

From past bad experiences, I would highly advise you to ONLY trust downloads for the manufacturer's site and the following list:

Gamespy
Gamespot
CNet
TuCows *yah there are some there I find from time to time on the HUGE games*
IGN
FilePlanet

If you are doubtful about a site, don't download from it.

Collapse -

this might work

by sablake234 In reply to Game Patches

I had an issue with trojans, and looking at the path, they might be hiding in your temp internet and temp folders. I would do a disk clean-up and if that does clean the files, go through explorer and manually delete them. The path most likely will be C:\Documents and Settings\<yourprofilename>\Local Settings. Also delete your cookies. If you run Netscape clear out your cache. If you cannot do it from your netscape browser, the path in windows explorer should be C:\Documents and Settings\<your profilename>\Application Data\Mozilla\Profiles|<name>\cache. The text that are encased with <> represent your personal information. Spybot searcha nd destroy always worked well for me. Good luck

Collapse -

restore

by ruairi In reply to this might work

Lots of sound advice there, I would also turn off system restore, get the latest definitions for your virus program, and do a full scan again. Turning off system restore deletes all created restore points, a handy dark place for nasties to hide.... Then do an online scan at Panda and/or Trend. This should eliminate any remaining nasties and then you can get after the adware and spyware using those programs already posted by others.

Back to Security Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums