Author Topic: Incredifind Virus (Read 454 times)

United · « **on:** March 14, 2004, 06:33:53 PM »

This has nothing to do with Aces High, but it seemed best suited for this Topic.

I dont know how old this is, but someone I know got the "Incredifind" Virus. I believe it is fairly new, and the user who has it is unaware of it being there until it successfully takes over your web-browser.

I do not know how it comes up, but I believe it comes in a download window in Internet Explorer saying something to the effect of "Download this to speed up your browser pages." It is disguised as a type of search engine called "Incredifind". It works slowly on your machine and at its final processes, disables all web-browsing and internet capabilities. When it is finished disabling your machine, every time you enter a URL it comes up as a "Server cannot be found" page. To confirm you have the virus, look at your status bar as you open the page. If it says something such as, http://www.incredifind.com/../..../..... with other characters replacing the .'s, then you do have the virus.

To remove the "Incredifind Virus":

Uninstall procedure
Uninstall IncrediFind from "Add/Remove Programs" in the Windows® Control Panel.

Manual removal
Please follow the instructions below if you would like to remove IncrediFind manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Bazooka still detects IncrediFind after stepping through the removal instructions, please double-check by stepping through them again.

1. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

2. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {5D60FF48-95BE-4956-B4C6-6BB168A70310}', if it exists.

3. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {5D60FF48-95BE-4956-B4C6-6BB168A70310}', if it exists.

4. Exit the registry editor.

5. Restart your computer.

6. Start Windows Explorer and delete:
%ProgramsDir%\IncrediFind\BHO\incfindbho.dll
Note: %ProgramsDir% is a variable. By default, this is C:\Program Files.

7. Start Microsoft Internet Explorer.

8. In Internet Explorer, click Tools -> Internet Options.

9. Click the Programs tab -> Reset Web Settings.

The removal information taken off of http://www.kephyr.com/spywarescanner/library/incredifind/index.phtml

I hope this comes useful to some of you, and if you do have the virus, good luck.

MaddogJoe · « **Reply #1 on:** March 15, 2004, 06:25:41 AM »

and if they have the virus, how would they get to this link with a browser that is disabled?

Use Virus protection software... any kind is better than none.... Never download anything you yourself have not totally researched and have gone looking for yourself.

Be smart, be safe

United · « **Reply #2 on:** March 15, 2004, 03:09:04 PM »

I was just giving a heads up. To help my friend the only way I could get any info was to link up on my PC, not his. This is for people who have more than one PC or have access to another like I did.

(My friend now uses a virus protection system

)

airbumba · « **Reply #3 on:** March 25, 2004, 01:41:23 PM »

Here's a good one....

I discovered I had that incredifind thingy, so I thought I'd check out the info on my isp site. After reading about how to get rid of it, the next day I get an email from my ISP. The email said , due to improper use of email server, my email account would be closed and to please read the attached message for more info. I opened the attachment, but nothin was there, so i thought. Turns out email was a fraud and was carrying Bagle32 virus, haha.

Didn't cause no real harm, i hope, but was still quite a wake up call.

Thanks for info united