Incredibar & underhand tactics (URGENT!)

 So I installed PDF creator (great tool, thank you) however it seems you have this unfortunate association with "Incredibar", a highly frustrating Malware.

 

Now I've attempted to remove this using the instructions found within your FAQ and various other internet sites but have had little joy.

 

Can you please assist me in the absence of any help on their website: http://www.incredibar.com/essentials/homepage

You are not the first to complain about these underhanded tactics. See also: http://www.pdfforge.org/forum/open-discussion/8973-sweetim-spyware

I was able to remove most of “Incredibar” using Spybot Search & Destroy. However, this infection happened last night, and despite multiple hours trying to clean it, I’m still finding bits and pieces of this software: for example, check all your browser homepages, browser extension settings (FF in about:config), including even the “address bar search” mechanism (in about:config, search for “keyword.url” and reset that key).

Also double check for a “Web Assistant 2.0” in your add-ons. It does not have a “remove” button within, but can be removed in Windows’ Add/Remove program dialog.

If you find anything else, please feel free to post it here.

It’s really sad that the developers are this desperate. As I said in the other thread: by letting this spyware install, they have lost the trust of their users, damaged the reputation of Sourceforge, and, finally, completely stopped me from using the software and certainly ever donating.

While this is certainly morally suspect and unwelcome in FOSS, furthermore I believe Sourceforge may have a policy against this, in which case we should report it: http://sourceforge.net/projects/pdfcreator/report_inappropriate

Oh, I found another place: "WebAssistant" stores keys (in Firefox's about:config) under

"{336D0C35-8A85-403a-B9D2-65C292C39087}". If this is not the same ID that yours uses, try

searching for "ScriptData_WSG" and then right click "copy name" and paste that ID into the

search field.



Supposedly resetting these keys and then restarting Firefox should remove them. However,

if the keys persist after restarting, you then also need to search in your user profile

(in "%APPDATA%\\Application Data\\Mozilla\\Firefox\\Profiles") and find "user.js". Delete any

lines with "incredibar" in them.



Obviously, I'm operating on the assumption that most people who get infected with this are

using Firefox. I hope this thread will help anyone else who needs to remove this mess.

 

Wow, sorry for the formatting nightmare above. Let’s try again:

Oh, I found another place: WebAssistant stores keys (in Firefox’s about:config) under “{336D0C35-8A85-403a-B9D2-65C292C39087}”. If this is not the same ID that yours uses, try searching for “ScriptData_WSG” and then right click “copy name” and paste that in the search field.

Supposedly resetting these keys and then restarting Firefox should remove them. However, if the keys persist after restarting, you then also need to search in your user profile (in “%APPDATA%\Application Data\Mozilla\Firefox\Profiles”) and find “user.js”. Delete any lines with “incredibar” in them.

Obviously, I’m operating on the assumption that most people who get infected with this are using Firefox. I hope this thread will help anyone else who needs to remove this mess.

 It's indeed a freakin HIGHLY frustating software, I mean the incredibar toolbar and all the associated plugins. It took ages to remove this toolbar from all web browsers and restore default settings. A huge thanks goes to whomever posted this removal guide http://deletemalware.blogspot.com/2012/07/remove-mystart-by-incredibar-uninstall.html

Your'e a lifesaver!

But seriously guys, we aint stupid, we know you have a deal with this company. I know it's not my business and normally I wouldn't care so much but I really like you software and I have to agree with a guy who started this tread - incredibar is a very unfortunate association. 

Last night, I downloaded a program from cnet.com: Free RAR Extract Frog.
Upon installing it, I was given the opportunity to install three
additional items that included SweetIM. I didn’t choose any of these
add-ons, and unclicked all three boxes. The installation of the program
took forever; in fact, I had to manually shut the computer down, but
before I did, I saw three new icon shortcuts on my desktop; SweetIM and
two others. I deleted the icons, yet SweetIM “had its way” with my
system.



I have Windows XP; Firefox 15.0.1; Internet Explorer 8.



SweetIM became my preferred homepage whether I used Firefox or Internet Explorer. I went to Add or Remove Programs through my Control panel, but I couldn’t find SweetIM, under any name.



I went to both browsers and changed my homepage back to google, but no
matter how many times I did this, SweetIM always hijacked the homepage.



I went to both browsers in order to disable SweetIM as an add-on. I did this successfully in Firefox (but to no avail; it didn’t seem to help); I couldn’t find SweetIM as an add-on in IE.



When I used Firefox,
and when I clicked on the little “house” icon which normally takes me
to my homepage, seven new tabs tried to open all at once, pages that
were convinced that they were all my homepage.



Luckily, Spybot informed me that SweetIM is a bad program. I did find
SweetIM in my program files, but when I clicked on SweetIM’s uninstall
file, nothing happened. When I clicked on Start and then All Programs,
SweetIM did not appear in my program list.



I wrote to SweetIM, telling them that they ought to be ashamed of
themselves for unleashing this malicious program. I asked them to help
me; SweetIM’s technical support sent me an automatically generated reply
and suggested that I read their FAQ page; I even tried to use SweetIM’s
online uninstall, but to no avail. By the way, that reply did not have
word wrap, and the e-mail was just one really long sentence that bled
off into Outlook’s right margin.



This morning (remember, SweetIM attached itself to my system late last
night), I ran Spybot which detected 118 SweetIM entries (mostly in my
computer’s Registry). Spybot was able to clean 114 of those items, and
suggested that I restart my computer, and allow Spybot to run as it
restarted. When the computer restarted, Spybot ran for about 90
minutes.



When Spybot finished, I found SweetIM still in the Program directory,
yet there were only four files left (perhaps these were the four that
Spybot couldn’t fix of the 118 it found the first time through). I
deleted those items. I opened Firefox and IE where I found SweetIM as my homepage; I changed the homepages on both, restarted both browsers, and SweetIM is gone.



I’ve reported this problem to cnet. SweetIM is nasty; thank goodness for Spybot!

(What’s up with the formatting nightmare?) Last night, I downloaded a program from cnet.com: Free RAR Extract Frog.
Upon installing it, I was given the opportunity to install three
additional items that included SweetIM. I didn’t choose any of these
add-ons, and unclicked all three boxes. The installation of the program
took forever; in fact, I had to manually shut the computer down, but
before I did, I saw three new icon shortcuts on my desktop; SweetIM and
two others. I deleted the icons, yet SweetIM “had its way” with my
system. I have Windows XP; Firefox 15.0.1; Internet Explorer 8. SweetIM became my preferred homepage whether I used Firefox or Internet Explorer. I went to Add or Remove Programs through my Control panel, but I couldn’t find SweetIM, under any name. I went to both browsers and changed my homepage back to google, but no
matter how many times I did this, SweetIM always hijacked the homepage. I went to both browsers in order to disable SweetIM as an add-on. I did this successfully in Firefox (but to no avail; it didn’t seem to help); I couldn’t find SweetIM as an add-on in IE. When I used Firefox,
and when I clicked on the little “house” icon which normally takes me
to my homepage, seven new tabs tried to open all at once, pages that
were convinced that they were all my homepage. Luckily, Spybot informed me that SweetIM is a bad program. I did find
SweetIM in my program files, but when I clicked on SweetIM’s uninstall
file, nothing happened. When I clicked on Start and then All Programs,
SweetIM did not appear in my program list. I wrote to SweetIM, telling them that they ought to be ashamed of
themselves for unleashing this malicious program. I asked them to help
me; SweetIM’s technical support sent me an automatically generated reply
and suggested that I read their FAQ page; I even tried to use SweetIM’s
online uninstall, but to no avail. By the way, that reply did not have
word wrap, and the e-mail was just one really long sentence that bled
off into Outlook’s right margin. This morning (remember, SweetIM attached itself to my system late last
night), I ran Spybot which detected 118 SweetIM entries (mostly in my
computer’s Registry). Spybot was able to clean 114 of those items, and
suggested that I restart my computer, and allow Spybot to run as it
restarted. When the computer restarted, Spybot ran for about 90
minutes. When Spybot finished, I found SweetIM still in the Program directory,
yet there were only four files left (perhaps these were the four that
Spybot couldn’t fix of the 118 it found the first time through). I
deleted those items. I opened Firefox and IE where I found SweetIM as my homepage; I changed the homepages on both, restarted both browsers, and SweetIM is gone. I’ve reported this problem to cnet. SweetIM is nasty; thank goodness for Spybot!