virus incodec

[jagguy]

i downloaded a media player intcodec (dumb) and now my home page goes to http://www.safetyhomepage.com/

and I can't delete incodec dir as it says access denied from my home pc

I get a icon saying my pc is infected with spyware but I have some spyware remove program already.

I am getting popups with antivirus stuff and the odd advertisement,.

I really need help here as it looks like adaware/spybot/avast is not going to fix this.

[polonus]

Hi jagguy,

1.  Download SmitfraudFix (from here http://siri.urz.free.fr/Fix/SmitfraudFix.zip   S!Ri-latest version). Put it on the desktop and unzip the files.

2. Start up your comp in safe mode.

3. Open the file smitfraudfix, and doubleclick smitfraudfix.cmd.

     Choose option 2 - Clean by giving in 2, then click Enter to delete the infected files.
      The next question will be:  Registry cleaning - Do you want to clean the registry ?
      Give in Yes by giving in y ,then click  Enter.

      The tool will now check of  wininet.dll has been infected.You can expect a question like you want to replace the infected file.
      *Answer  yes by giving in y ,then cl;ick Enter.

      It is possible the tool asks you to restart to finish its job.
      * If not you have retart your pc manually  in normale mode.

      A textfile will appear with the results of this fix.
      * Post the contents of this log txt in your next  reply together with a HJT log.
      (You can also find this txt in c:\rapport.txt)


4. * Clean up the Cache and Cookies in IE: Using ATF Cleaner from here:
http://www.atribune.org/ccount/click.php?id=1

    * Clean de Cache and Cookies in Firefox (In when Firefox is installed: also with
ATF Cleaner, tick Firefox.

   
* Clean other  Temporary files + Bin

    * Go to  Start > Command prompt and give in cleanmgr and click ok.
    * Let your system scan for files that should be deleted
    * Take care to only delete "Temporary Files, and "Recycle Bin", by ticking  these.
    * Then click OK.


5. Restart your computer in normal mode.

All's fine that ends fine,

polonus

[DavidR]

Is there an add remove programs entry for incodec ?
- Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.

I get a icon saying my pc is infected with spyware but I have some spyware remove program already.

This is an attempt to get you to buy this suspect product.

I am getting pop-ups with antivirus stuff and the odd advertisement

This is a also a part of the rogue program. Is there a name of the program it is trying to get you to purchase, there are rather a lot, variants on the same theme, see http://www.spywarewarrior.com/rogue_anti-spyware.htm.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

[jagguy]

i still get a problem with IE as it gets an error with yahoo or something

thanks for the help so far

[polonus]

Hi jagguy,

To solve that hick-up run Winsock fix from here:
http://www.snapfiles.com/php/download.php?id=107303&a=7120710&tag=1445888&loc=2

polonus

[DavidR]

i still get a problem with IE as it gets an error with yahoo or something

What is the exact error text, it may help us rather than guess the cause.

What is your firewall ?
Does it have a privacy function or do you have a privacy program ?

[jagguy]

ok this is now the output for smitfraud, after i have ran the program in safe mode so it should be clean and the error i get in IE, a JIT debugging unhandled win32 exception, unable to JIT debug.

SmitFraudFix v2.52

Scan done at 16:15:22.92, Thu 03/08/2006
Run from C:\install\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\andrew\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\andrew\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

----------------
q) Also I use IE and sygate FW for home winxp pc, avast,adaware,spybot. Now unlock stopped the pop-up but how can I be sure all is well?.

q) I get NT Kernel message box pop-up every 20mins to do with winxp and it is annoying.