virus incodec

Avast Free Antivirus / Premium Security
1

i downloaded a media player intcodec (dumb) and now my home page goes to http://www.safetyhomepage.com/

and I can’t delete incodec dir as it says access denied from my home pc

I get a icon saying my pc is infected with spyware but I have some spyware remove program already.

I am getting popups with antivirus stuff and the odd advertisement,.

I really need help here as it looks like adaware/spybot/avast is not going to fix this.

2

Hi jagguy,

  1. Download SmitfraudFix (from here http://siri.urz.free.fr/Fix/SmitfraudFix.zip S!Ri-latest version). Put it on the desktop and unzip the files.

  2. Start up your comp in safe mode.

  3. Open the file smitfraudfix, and doubleclick smitfraudfix.cmd.

    Choose option 2 - Clean by giving in 2, then click Enter to delete the infected files.
    The next question will be: Registry cleaning - Do you want to clean the registry ?
    Give in Yes by giving in y ,then click Enter.

    The tool will now check of wininet.dll has been infected.You can expect a question like you want to replace the infected file.
    *Answer yes by giving in y ,then cl;ick Enter.

    It is possible the tool asks you to restart to finish its job.

    • If not you have retart your pc manually in normale mode.

    A textfile will appear with the results of this fix.

    • Post the contents of this log txt in your next reply together with a HJT log.
      (You can also find this txt in c:\rapport.txt)

  • Clean other Temporary files + Bin

    • Go to Start > Command prompt and give in cleanmgr and click ok.
    • Let your system scan for files that should be deleted
    • Take care to only delete "Temporary Files, and “Recycle Bin”, by ticking these.
    • Then click OK.
  1. Restart your computer in normal mode.

All’s fine that ends fine,

polonus

3

Is there an add remove programs entry for incodec ?

  • Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.
I get a icon saying my pc is infected with spyware but I have some spyware remove program already.
This is an attempt to get you to buy this suspect product.
I am getting pop-ups with antivirus stuff and the odd advertisement
This is a also a part of the rogue program. Is there a name of the program it is trying to get you to purchase, there are rather a lot, variants on the same theme, see [url]http://www.spywarewarrior.com/rogue_anti-spyware.htm[/url].

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

4

i still get a problem with IE as it gets an error with yahoo or something

thanks for the help so far

5

Hi jagguy,

To solve that hick-up run Winsock fix from here:
http://www.snapfiles.com/php/download.php?id=107303&a=7120710&tag=1445888&loc=2

polonus

6

What is the exact error text, it may help us rather than guess the cause.

What is your firewall ?
Does it have a privacy function or do you have a privacy program ?

7

ok this is now the output for smitfraud, after i have ran the program in safe mode so it should be clean and the error i get in IE, a JIT debugging unhandled win32 exception, unable to JIT debug.

SmitFraudFix v2.52

Scan done at 16:15:22.92, Thu 03/08/2006
Run from C:\install\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\andrew\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\andrew\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
“bestreak”=“{874443fe-aa33-4ebf-a6ac-73208787e62d}”

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

q) Also I use IE and sygate FW for home winxp pc, avast,adaware,spybot. Now unlock stopped the pop-up but how can I be sure all is well?.

q) I get NT Kernel message box pop-up every 20mins to do with winxp and it is annoying.