Download had Incredibar folded into install-now taking over my system

AnvilForge · Oct 31, 2012

Hi all,

In downloading a program from softonic, we found it downloaded incredibar automatically. Within less than 5 minutes it hijacked browsers and basically took over system.

Lesson: stay away from softonic

Can you please advise how to eradicate this thing completely? All logs attached. Many thanks in advance.

AnvilForge

Kestrel13! · Nov 1, 2012

Please disable Spybot's TeaTimer.

How to disable Spybot's TeaTimer

Have HitmanPro delete all it finds.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (file missing)
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (file missing)

After clicking Fix exit HJT.

What's inside these folders?

C:\ProgramData\vista32

C:\ProgramData\vista64

C:\ProgramData\win7_32

C:\ProgramData\win7_64

C:\ProgramData\xp

C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}

C:\ProgramData\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}

AnvilForge · Nov 1, 2012

TeaTimer disabled.

I just had HitmanPro delete everything it found. HitmanPro prompted me to reboot the computer to finish deleting the bugs. It's taking forever to shut down...

Used HJT to delete the 2 objects you described below.

Contents of your folders per your question:

C:\ProgramData\vista32
1. folder that says Microsoft.VC80.MFC
2. file that says EBlib.dll
3. file that says lpcfilter.cat
4. LPCfilter.inf
5. LPCfilter.sys

C:\ProgramData\vista64
1. folder that says Microsoft.VC80.MFC
2. file that says EBlib.dll
3. file that says lpcfilter.cat
4. LPCfilter.inf
5. LPCfilter.sys

C:\ProgramData\win7_32
1. folder that says Microsoft.VC80.MFC
2. lpcfilter.cat
3. LPCfilter.inf
4. LPCfilter.sys

C:\ProgramData\win7_64
1. folder that says Microsoft.VC80.MFC
2. lpcfilter.cat
3. LPCfilter.inf

C:\ProgramData\xp
1. EBlib.dll
2. TPwSav.sys

C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
1. instance.dat
2. mia.lib
3. Service Center Setup.dat
4. Service Center Setup.exe
5. Service Center Setup.msi
6. Service Center Setup.par
7. Service Center Setup.res

C:\ProgramData\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
1. Guitar Rig 3 Setup.dat
2. Guitar Rig 3 Setup.exe
3. Guitar Rig 3 Setup.msi
4. Guitar Rig 3 Setup.par
5. Guitar Rig 3 Setup.res
6. instance.dat
7. mia.lib

I just updated from Win 7 Home Premium to Win 7 Ultimate 2 days ago.

Also the above 2 may be remnants of the program we tried to install and then uninstalled once we saw it come bundled with incredibar

By the way, desktop.ini files are appearing on my desktop out of nowhere.
Is that another effect of incredibar?

What's next?

Many thanks again
AnvilForge

Kestrel13! · Nov 2, 2012

I would say that's all. I wanted to know what was in those folders but all ok. You having any more problems?

Log in or Sign up

Download had Incredibar folded into install-now taking over my system

AnvilForge Private E-2

Attached Files:

HitmanPro_20121031_1147.log

mbam-log-2012-10-30 (18-47-59).txt

MGlogs.zip

RKreport[1].txt

TDSSKiller.2.8.13.0_31.10.2012_11.37.41_log.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

AnvilForge Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member