I was recently infected by the MyStart by IncrediBar.com virus or trojan or whatever it is.
The only problems I have on this computer: 1. An additional tab opens with my browsers, 2. I have noticed that my computer will "freeze" momentarily and that Pandora freezes, so the music is constantly interrupted.I do not know if these are related or if they are all separate issues.
When I start Google Chrome or IE, a tab comes up labelled "MyStart by IncrediBar.com"..
I uninstalled them, but they did not go away. I have Googled a solution and I have never heard of the sites that come up (with a couple of exceptions).
Some sites asked me to download their remover and some gave me the registry items to remove.
I ran MS Essentials, and Malwarebytes and neither picked it up or removed it.
From what I have read, this may be a new virus or trojan.
I read through the sticky threads to look for a solution, but am not sure if this is a hijack, trojan, virus or what.
Other than what I have done, I am not sure what my next step should be. I am hoping that someone can point me in the right direction.
Users like you can add images, links and other relevant information about this topic.
posted: Jun. 18, 2012 @ 9:40p
Member Summary
Most Recent Posts
Thank you
chocula (Jun. 22, 2012 @ 10:00p)
|
Thanks again everyone. Once again the FW community shines.
My computer is back running again and better than ever.
In case... (more)
chocula (Jun. 23, 2012 @ 7:46p)
|
Thanks chocula for the update. Glad you are working
Question for you - would we have been better off just advising you to... (more)
ellory (Jun. 24, 2012 @ 7:48a)
|
Preview
Click to copy code and go to .
Thanks for visiting FatWallet.com. Join for free to remove this ad.
lordoffire
Senior Member - 4K
posted: Jun. 18, 2012 @ 10:18p
if MBAM, MSE, and or another known program fails....the last ditch would be Combofix
(it can make possibly bad changes, but I've used it time after time with no ill effects)
chocula
Handsome Member
posted: Jun. 18, 2012 @ 10:23p
I am downloading it now. Thanks
skh12
Senior Member - 2K
posted: Jun. 19, 2012 @ 5:23a
kaspersky and AVG have some great rescue disks, i would get both, they both are boot disks that can negotiate the network to update the virus pattern.
minidrag
Senior Member - 4K
posted: Jun. 19, 2012 @ 5:59a
skh12 said: kaspersky and AVG have some great rescue disks, i would get both, they both are boot disks that can negotiate the network to update the virus pattern.I use the Kaspersky Rescue CD all the time. Very good at getting rid of rootkits because it removes them outside of Windows.
chocula
Handsome Member
posted: Jun. 19, 2012 @ 9:12p
Another issue has arisen with my laptop. For some reason, my wireless on my laptop has stopped working. I have also tried an ethernet cable and it does not work either.
I am not sure if the incredibar caused it or not. You would think that the way the virus works, it would allow the computer to access the Internet.
My Internet works as my desktop is fine and my wireless works because my iPhone was working using it.
I am going to get one of those rescue discs and try it.
Of course when I went online for the rescue disc, I noticed that my desktop had the virus.
Thanks for the help.
kenmoreland
Soggies Suck!
posted: Jun. 19, 2012 @ 10:16p
Did you check and see if you could do a system restore from before you were infected? Sometimes this is the easiest way to deal with an infection.
lordoffire
Senior Member - 4K
posted: Jun. 19, 2012 @ 10:36p
try uninstalling and reinstalling the drivers?
(I had a serious virus eff up my laptop before...only after reinstalling did it fix it.)
skh12
Senior Member - 2K
posted: Jun. 20, 2012 @ 5:06a
google winsock fix.
the malware removal attempt hosed your networking
or you could backup all your important stuff run the factory restore and be done with it, i had this one and once it has it's hooks in, it lets in a lot of other nasties
minidrag
Senior Member - 4K
posted: Jun. 20, 2012 @ 6:17a
chocula said: You would think that the way the virus works, it would allow the computer to access the Internet.Actually, it's pretty common for an infection to break the Internet connection. I agree that it doesn't make a lot of sense, but it does happen.
marsilies
Senior Member - 2K
posted: Jun. 20, 2012 @ 10:58a
minidrag said: Actually, it's pretty common for an infection to break the Internet connection. I agree that it doesn't make a lot of sense, but it does happen. Actually, malware infections themselves don't typically break the internet connection; it's typically the malware removal that ends up breaking it. This is because the malware will modify the network settings for its needs, and removing the malware makes these settings unusable.
An example I've seen is a malware setting itself up as the proxy server for the OS, meaning all network traffic went through it (probably to help place its own adds on sites the user browses, and also to monitor browsing behavior and history). An AV program deleted the malware, but the OS was still pointed to the now non-existent malware proxy. Removing the proxy settings got the network working again.
minidrag
Senior Member - 4K
posted: Jun. 20, 2012 @ 11:22a
marsilies said: minidrag said: Actually, it's pretty common for an infection to break the Internet connection. I agree that it doesn't make a lot of sense, but it does happen. Actually, malware infections themselves don't typically break the internet connection; it's typically the malware removal that ends up breaking it.I disagree. While removal certainly can break it for all the reasons you mentioned, I deal with infected machines that have broken internet all the time. I get infected machines at least twice a week, usually more often than that. I would say somewhere around 40 or 50 percent of them show up because the Internet stopped working. The owner often doesn't even know there is an infection.
marsilies
Senior Member - 2K
posted: Jun. 20, 2012 @ 11:50a
minidrag said: I disagree. While removal certainly can break it for all the reasons you mentioned, I deal with infected machines that have broken internet all the time. I get infected machines at least twice a week, usually more often than that. I would say somewhere around 40 or 50 percent of them show up because the Internet stopped working. The owner often doesn't even know there is an infection. I'll defer to your expertise, since it sounds like you deal with infected machines more than I do. I will say though that when malware does break the internet, I bet in the majority of those cases it's not deliberate.
I would guess malware breaks the internet because it's poorly coded and messed with something in a way the malware author didn't intend. There's also the chance of multiple malware infecting the same machine, each making a change that on their own is functional, but combined breaks the internet. Finally, there's always AV programs that only partially remove malware, breaking the internet in the process but still leaving enough of the malware to appear in scans, or even be still somewhat functional (or possibly rebuild itself).
minidrag
Senior Member - 4K
posted: Jun. 20, 2012 @ 11:54a
marsilies said: I will say though that when malware does break the internet, I bet in the majority of those cases it's not deliberate.
I would guess malware breaks the internet because it's poorly coded and messed with something in a way the malware author didn't intend. There's also the chance of multiple malware infecting the same machine, each making a change that on their own is functional, but combined breaks the internet. Finally, there's always AV programs that only partially remove malware, breaking the internet in the process but still leaving enough of the malware to appear in scans, or even be still somewhat functional (or possibly rebuild itself).I agree with all of this. The intent of the infection is always to get something from the user, whether it is money, personal info (to get money), causing them to go to unwanted sites, etc... but all of that requires an Internet connection. So breaking it makes no sense at all.
chocula
Handsome Member
posted: Jun. 20, 2012 @ 9:26p
Thanks again everyone.
I am currently running the Kapersky Rescue Disk as I type this and it is scanning for viruses and such.
I am a bit confused on the restore feature. Will doing a restore to a previous date remove this virus (or whatever it is)? I always assumed that the virus stayed there in the HD so a restore would not get rid of it.
I also googled Winsock and most sites say to use command to reset it instead of a utility if you have a Windows 7 machine (I will try that next if Kapersky does not work).
When you say to reinstall the drivers, do you mean all of them? Or do you just mean drivers for my network?
Two last things: For my network, I have a modem/wireless router all in one from Windstream (DSL provider) and a Linksys router using tomato along with it. I normally connect through the Linksys and rarely have issues. For this issue, I noticed today that when I connect directly to the wireless router provided by Windstream, it says "Limited access" on the connection (and of course, no access to the Internet). I am assuming that the limited access goes along with this issue.
The last thing is that when my wireless quit working, I plugged my the ethernet wire in and something called "Virtual Box" ethernet connection or something like that came up. I disabled it since nothing was working thinking it was part of the virus. Not really sure if it was the right thing to do or not, but decided to try it.
I am going to get my laptop working before I start work on the desktop.
Anyway... Thanks again everyone. I appreciate this.
minidrag
Senior Member - 4K
posted: Jun. 20, 2012 @ 9:40p
A System Restore probably won't delete an infected file, but it reverts your registry to before and if pointers in there were causing the infection to run, it no longer will. If a system file was replaced a System Restore should put the original back in. But there are many infections that will disable System Restore and quite a few that System Restore won't fix.
Yes, to fix Winsock issue in Windows 7 you use built in features not an add on utility like you did in XP.
chocula
Handsome Member
posted: Jun. 20, 2012 @ 10:20p
OK> Kapersky is still going and is only at 19%. I did not change my energy savings, so I hope the HD does not shut down like it normally does. I need it to run all the way through.
marsilies
Senior Member - 2K
posted: Jun. 20, 2012 @ 11:15p
The Kaspersky boot disc should use its own power settings, which is probably to be always on.
"Virtual Box" is a virtual machine program for running another OS (guest OS) from within your main OS (host OS). The ethernet connection adapter is so that the guest OS can have internet access as well. I haven't heard of any malware installing it before, so is it possible you installed it at some point? Disabling the adapter shouldn't affect your main OS.
If system restore does not solve your problem, I am going to suggest that you go to a site like bleepingcomputer. There are people who can visually detect rogue processes from all the logs they ask you to create. Just using one or two anti-malware programs may not be enough to detect everything.
ellory
Be vewy vewy quiet
posted: Jun. 21, 2012 @ 5:32a
You know,for the time you are spending on this, it will be faster to back up your data, wipe and restore
skh12
Senior Member - 2K
posted: Jun. 21, 2012 @ 7:39a
if i remember correctly, i think that's what i wound up doing when i got this one last year, by the time you realize your infected with this one, it has disabled your AV and let in several others, it's a huge PITA, go buy a new hard drive and set it up fresh, after it's all updated and protected, slave in the old one and disinfect it, leave it in for storage and migrate your old files as needed
ellory said: You know,for the time you are spending on this, it will be faster to back up your data, wipe and restore
minidrag
Senior Member - 4K
posted: Jun. 21, 2012 @ 7:44a
I guess, when you're new at AV removal this can make sense. It seems like major overkill to me, but I'm so used to cleaning infected machines that I guess my view is skewed. But there is no doubt there is a point at which you have to cut your losses.
Where is that point? That's the big question and it's going to vary, a lot, depending on the user, available time, skill level, programs installed, etc...
ellory
Be vewy vewy quiet
posted: Jun. 21, 2012 @ 8:32a
minidrag - you are right, especially as someone who is familiar with all of how to do this. For the novice though, these days Windows reinstall is very easy, fairly fast, and reliable
I quickly move to recommending people who are not experts just do a reinstall. (Look at this case. Its nearly 3 days, and we it could go a number of more days. A reinstall would have been done in a few hours)
chocula
Handsome Member
posted: Jun. 21, 2012 @ 8:44p
Everything is backed up, except ironically, the virus. Since it shut down my internet access, my backup would not work. LOL
I actually use two online backups (Carnbonite and Crashplan) and once in a bllue moon, use my Maxtor HD.
The Incredibar is still there, neither AVG nor Kapersky worked (I could not get AVG to work from a disc) and I still cannot get online (used Winsock to reset).
I have no problem wiping the HD and starting over.
Is it better to get a new HD and start over or just wipe my existing drive and load windows back on it? The laptop is fairly new, so the HD is not that old.
System restore is not working either.
When I plug in an ethernet wire to my laptop set for wireless, should it automatically change to wired access instead of wireless? I have Googled this before and cannot get it to work on this computer (may be part of this virus).
chocula
Handsome Member
posted: Jun. 21, 2012 @ 9:08p
To make matters even stranger.... I planned on reinstalling windows depending on which of the options is best.
I decided to give AVG one final shot to fix the computer. I deleted Kapersky from the thumb drive so that AVG would lod at startup. The computer booted and loaded Kapersky. I have no idea how Kapersky ran when it is deleted from the drive.
I tried it again and the same thing happened.
The weird part is that with kapersky running, I can get online with the computer.
Am I in the twilight zone or what?
ellory
Be vewy vewy quiet
posted: Jun. 21, 2012 @ 10:00p
1. Its fine to wipe and restore with the current drive 2. Internet on cable should automatically be detected and connect 3. Next Stop Willoughby
skh12
Senior Member - 2K
posted: Jun. 22, 2012 @ 5:21a
you can wipe/reload the old drive, getting a new drive i suggested only if you weren't backed up, both kaspersky and AVG rescue have their own browsers network negotiations,
when you restore your machine, take the extra step to delete the partition, if your using factory restore disks it may not give the option, but a windows disk would, and it will create a new one, nasties can hide in the partition table, just best to make a new one if your going this far anyway
minidrag
Senior Member - 4K
posted: Jun. 22, 2012 @ 5:30a
Lenovo machines usually come with a recovery program. It would have prompted you to create DVDs. But even if you didn't make them you can probably just run it from within Windows. Or, if that isn't available, when you first power up (before Windows loads) press the F8 key to get the Windows startup menu and choose Repair. Once that starts up choose Advanced and you should have an option for something like Factory Restore. Whichever of those three ways of getting there works, you will end up at the same place. A program that will wipe the machine out and put it back to the way it was when you first turned it on.
chocula
Handsome Member
posted: Jun. 22, 2012 @ 9:46p
Thanks again everyone, I really appreciate all of this help.
I have one last question: Will my backups have the virus? I am worried that when my system backed up, wouldn't it backup the virus as well? I would like to do one more backup to my external HD, but do not want to do thi sjust to get the virus again.
Thanks
minidrag
Senior Member - 4K
posted: Jun. 22, 2012 @ 9:50p
That all depends on what you backup. Data files rarely get infected, so if you are backing up music, pictures, etc... it isn't likely. If you are backing up the entire drive though, sure, you'll also have the infection. However, an infected file in and of itself won't do anything. It has to be started somehow. As long as you don't run the infected file it will just sit there and do nothing.
chocula
Handsome Member
posted: Jun. 22, 2012 @ 10:00p
Thank you
chocula
Handsome Member
posted: Jun. 23, 2012 @ 7:46p
Thanks again everyone. Once again the FW community shines.
My computer is back running again and better than ever.
In case you are wondering, I simply used the software that Lenovo has on a hidden partition via the One Key and restored the computer back to its original state.
Thank you for all of the help and for the suggestion of restoring it. That worked like a charm and took about 5 minutes to complete.
ellory
Be vewy vewy quiet
posted: Jun. 24, 2012 @ 7:48a
Thanks chocula for the update. Glad you are working
Question for you - would we have been better off just advising you to wipe and reinstall?
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
One-time set up
Avoid the hassle of entering your information every time you buy.
•
Instant Cash Back tracking
Since we complete the purchase, we can credit your Cash Back immediately.
•
Buy with just two clicks
One click begins checkout and another confirms your purchase.
Once set up, making a purchase with FW checkout is a breeze. FatWallet Checkout confirms the after-tax
price plus shipping and, after you confirm, completes your purchase for you.
Shopping
Earn Cash Back while you shop - just 3 simple steps.
1. Sign Up so we know who to pay! (It's FREE.)
2. Shop through FatWallet for deals from your favorite stores. Your online purchases earn Cash Back that builds in your FatWallet account.
3. Get Paid by requesting a payment via check or PayPal.
FatWallet coupons help you save more when shopping online. Use our Coupons Search to browse coupons and offers from thousands of stores, gathered into one convenient location.
Forums
As part of our FatWallet Community, you can share deals with almost a million shoppers in our forums. Forum content is generated by consumers for consumers. Share deals, money-saving tips, and more. It's FREE, fun, and addicting.
Support
Our customer experience team is here around the clock - real people ready to assist.
Click to copy code and go to .
