Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Twitpic links to incredibar....


  • Please log in to reply
23 replies to this topic

#1 astropaz

astropaz

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 16 August 2012 - 02:38 AM

Hey all,

Recently I had a run in with MyStart incredibar and I thought I had managed to get rid of it but it's now showing up again when I click on a twitpic link. It redirects me to the MyStart page instead of actually seeing whatever the pic is. This only happens when using IE though. It was FF that had the main problem to begin with but FF seems clear now.

So I'm not sure if I just patched everything up instead of removing it, it kind of looks that way.
Also I'm not really sure if this thing is annoying malware or just plain annoying, can it be easily removed or do I have to post some logs in the other section?
I'm not sure but I want it out anyway.
I am running Win7.

Thanks in advance.

Paz.

edit:
I have just checked chrome and it is in there too, it automatically starts up as the home page but because I never use chrome I hadn't noticed it before.

Edited by astropaz, 17 August 2012 - 02:26 AM.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:08 AM

Posted 16 August 2012 - 03:10 PM

Hi,

Download and install Malwarebytes Anti-Malware but choose not to active the Trial you only need the Free version.

Let the program update and do a quick scan, remove all threats detected and see if it solves your problem.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 astropaz

astropaz
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 17 August 2012 - 02:06 AM

Hi,

I have repeatedly tried Malware Bytes, Avast and SAS and they don't pick this up at all.
From what I understand it's not typical malware as such just a really annoying tool bar extension that messes with DNS extensions.
Either way it's really hard to get rid of.

Paz

Edited by astropaz, 17 August 2012 - 03:13 AM.


#4 bibra

bibra

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 17 August 2012 - 03:07 AM

Damn....I'm looking for a way to get rid of incredibar.....could someone help..

#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:08 AM

Posted 17 August 2012 - 09:53 AM

Hi,

Check if this guide can help, the instructions seems to make sense.
http://www.im-infected.com/hijacker/mystart-by-incredibar-mystart-incredibar-com.html

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 astropaz

astropaz
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 17 August 2012 - 11:56 AM

Hi,

I have tried this before and it still didn't work. I didn't try with chrome before so I tried that just now as well as IE again and with chrome it removes it from the search engine settings but it doesn't fix the problem. Same with IE, there was no trace of it in the settings.
However I do know that when I had it real bad a few weeks back it was uploading things like Babylon search and that is listed in the search settings of both IE and chrome but does not give any option to remove babylon.

When I fire up chrome it starts up now by wanting to open Babylon and then it redirects it back to Mystart incredibar.
With IE as far as I can tell it only redirects when I click on twitpic links.

Thanks again.

Paz

Edited by astropaz, 17 August 2012 - 11:57 AM.


#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:08 AM

Posted 17 August 2012 - 12:44 PM

Hi,

Try a scan with adwcleaner and see if it catch it.

Edited by Rui Paz, 17 August 2012 - 12:45 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 astropaz

astropaz
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 17 August 2012 - 01:02 PM

Hey,

I will try that in a moment as I had a minor breakthrough but something is still not right.
In the install/uninstall programs list there was a program called ''Web Assistant" which had Incredibar as the publisher, I either missed that first time round or it popped up later and after uninstalling it and a restart it seems to have cleared up th redirects but I am still left with Babylon search in Chrome that I can't get rid of.

Should I post the log of adwcleaner, I can see things like incredibar, babylon, conduit and a heap of other suspicious names?

I'm going to post it anywaqy as I don't like any of whats turned up.


# AdwCleaner v1.801 - Logfile created 08/17/2012 at 20:03:00
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bennett - BENNETT-PC
# Boot Mode : Normal
# Running from : C:\Users\Bennett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O532N5HZ\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Bennett\AppData\Local\Conduit
Folder Found : C:\Users\Bennett\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Folder Found : C:\Users\Bennett\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\Bennett\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Bennett\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Bennett\AppData\LocalLow\Conduit
Folder Found : C:\Users\Bennett\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
File Found : C:\Program Files (x86)\Uninstall.exe
File Found : C:\user.js

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2549263
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849852
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Applian Technologies\OpenCandy
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Ask&Record
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdate
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=965388aa000000000000701a048f9d55&tlver=1.4.19.19&affID=17160

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\ce9upsya.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Bennett\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "homepage": "hxxp://search.babylon.com/?affID=111304&tt=2912_8&babsrc=HP_ss&mntrId=965388aa000[...]
Found : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=111304&tt=2912_8&babsrc=H[...]
Found : "icon_url": "hxxp://facemoods.com/favicon.ico",
Found : "keyword": "babylontoolbar",
Found : "name": "Search the web (Babylon)",
Found : "search_url": "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=965388aa00000000[...]
Found : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Found : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Found : "path": "plugins/ConduitChromeApiPlugin.dll",
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT284985[...]
Found : "homepage": "hxxp://search.babylon.com/?affID=111304&tt=2912_8&babsrc=HP_ss&mntrId=965388aa000000[...]
Found : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=111304&tt=2912_8&babsrc=HP_s[...]

-\\ Opera v [Unable to get version]

File : C:\Users\Bennett\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : Home URL=hxxp://mystart.incredibar.com/mb128?a=6R8z0tSo1E&i=26

*************************

AdwCleaner[R1].txt - [13142 octets] - [17/08/2012 20:03:00]

########## EOF - C:\AdwCleaner[R1].txt - [13271 octets] ##########


Edited by astropaz, 17 August 2012 - 01:10 PM.


#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:08 AM

Posted 17 August 2012 - 02:37 PM

Yes let the adwcleaner do the Delete task.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#10 astropaz

astropaz
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 18 August 2012 - 05:07 AM

OK I have done that, it seems to have cleared babylon and the other rubbish from the browser settings in IE but it's still present in Chrome and now It's back to when I open Chrome it goes straight to the MyStart Incredibar page.

#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:08 AM

Posted 18 August 2012 - 10:23 AM

OK I have done that, it seems to have cleared babylon and the other rubbish from the browser settings in IE but it's still present in Chrome and now It's back to when I open Chrome it goes straight to the MyStart Incredibar page.


After the cleaning did you try to set a new Home Page on Chrome?

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 astropaz

astropaz
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 18 August 2012 - 10:53 AM

The home page opens fine as the "new tab" page when I start up chrome now, however when I click to open a new seperate tab it automatically redirects back to the MyStart incredibar page.
Babylon search is also in the settings and it wont let me delete that.

#13 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:08 AM

Posted 18 August 2012 - 11:40 AM

The home page opens fine as the "new tab" page when I start up chrome now, however when I click to open a new seperate tab it automatically redirects back to the MyStart incredibar page.
Babylon search is also in the settings and it wont let me delete that.


Uninstall Google Chrome and Reinstall, see if that fixes the problem.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#14 astropaz

astropaz
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 18 August 2012 - 01:42 PM

Just tried that and it still is redirecting me to the Mystart incredibar page.
It did give me the option though to remove Babylon from the settings so that's gone but I'm still getting the redirects when I open a new tab.

From some various things I have been reading is once this is in it messes with your registry keys and changes other settings, but it's hard to tell as there is lots of poor info about it in amongst the good info.

Edited by astropaz, 18 August 2012 - 02:34 PM.


#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:08 AM

Posted 18 August 2012 - 03:05 PM

Hi,

Those type of junk some times its very hard to clean...
Did you try with SuperAntiSpyware?

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users