Evil Has Touched My COmputer

Factual Questions
1

in the form of something called “sahagent”.

I believe this to be a downloaded piece of spyware. It is not only making my PC run extremely slow, but sending me to sites I do not wish to visit.

All that I can find on the Internet warns me that, if I cannot uninstall it from the Control Panel, I can run regedit from the Run option, but bad things will happen to my browser settings.

I ask the Dope - how can I make this go away and never return?

I am currently taking the coward’s way out, and doing Cntl-Alt-Delete at start up and doing End Task on this Evil Software.

Suggestions? Help? Colorful curses I can apply to whoever is violating the privacy of my PC?

Regards,
Shodan

2

Manual removal instructions here. (Bottom of the page.)

3

Crud. Nice Submit button you got there.

Anyway, it sounds like a real pain in the ass, but not anything that will do irreparable harm.

4

If you still have trouble, I recommend downloading and using a tool like Spybot:

http://beam.to/spybotsd

5

Get yourself a free copy of AdAware and Spybot Search & Destroy, and clean all the spyware off your computer. Before scanning, don’t forget to have each program check for updates. You should scan with both programs, as they complement each other, and find things the other misses. Then use SpywareBlaster to block over 1100 different flavors of spyware.

6

Oh, and just to be safe, you can always back up the contents of your registry.

7

I tried the Uninstall option. It claimed it needed to re-connect to the Internet to complete the uninstall. Then, when I rebooted, the thing re-installed itself - three times.

So I downloaded Spybot-Search and Destroy and AdAware, and ran scans for both. Took several hours. They claimed I needed to reboot to complete the scan. Took another hour and a half to get AdAware to complete the deep scan.

Then, when I finally got started up, my browser (Internet Explorer) has been, I believe, corrupted.

That is, whenever I try to start IE, it says it is going to my home page (at the bottom of the screen). It runs for a bit, the progress bar gets about a fifth of the way, and then it flickers a whole bunch of messages where it is attempting to redirect me to a website named w-w-w-incredifind dot com (I don’t want to parse that URL, as I now consider them to be the spawn of Satan). The trouble is, that the script (?) to redirect my browser is corrupted, and somehow or other, no matter what IE tries to do, it wants to redirect me to the incredifind website with the URL I really want to access as Keyword= my home URL. It seems to be in an infinite loop, so that the browser address bar fills up with endless repetitions of w-w-w dot incredfind dot com Keyword=w-w-w dot incredfind dot com Keyword=w-w-w dot incredfind dot comKeyword=w-w-w dot incredfind dot comKeyword=w-w-w dot incredfind dot comKeyword=w-w-w dot incredfind dot comKeyword=w-w-w dot incredfind dot com (not that syntax, but you get the idea).

So IE cannot access any site. It tells me the site cannot be found.

To make things worse, I use Netscape to work from home. That has also been corrupted, so that when I try to fire up my remote access software, I get a !49 Network Socket Error.
AAAAAAAAAAAAAARRRRRRRRRRRRRGGGGGGGGGGGGHHHHHHHHHHH!
So now,
[ul][li]I cannot use my remote access software to work from home[/li][li]I cannot access my e-mail[/li][li]my wife cannot work from home[/li][li]my wife cannot access her e-mail[/li][li]I cannot access the SDMB, or any other website (I am posting from work)[/ul] [/li]
Is there anything I can do to recover my browser? I can delete the Incredifind stuff in the registry, but then my browser still doesn’t go anywhere or do anything.

Clearly the Incredifind people need to be slowly tortured to death over a period of weeks, but is there anything I can do to recover my browser? The network guy here says I need to reinstall Windows (probably with an upgrade to XP, but I have to pay for it). Just to get rid of the this farging invader of my browser?

Please help.

Regards,
Shodan

8

Have you been through your add/remove programs list?
Uninstall incredifind at the bottom of the page.

9

You may also want to try and repair your winsock .

10

Hi, Daizy.

Thanks for the suggestion.

Incredifind doesn’t appear in the list of Add/Remove programs from the Control Panel, and I cannot get to the Incredifind webpage so that I can uninstall from there, because my browser doesn’t work.

If I can find my CD-Rom of Windows 98, I will try the winsock suggestion. If not, or if it doesn’t work, I have been told by a couple of people (including the network guy here at work, who is used to patting my hand and saying, “There, there”), that I probably should upgrade to XP anyway.

Regards,
Shodan

11

Hi Shodan
If you’re posting from a working computer, both of those links can easily be downloaded to a floppy and used on your home computer. In particular the winsock fix. Which I’d try first, then the other.
I’d hesitate to upgrade on a “messed up” computer, before I got it stable to do so. Unless, you’re doing a clean install of course?

12

Also, while in add/remove… search for such things as Keenvalue and Powersearch. Things that YOU did not install. Make sure to remove from there.

13

Daizy -

I did what you recommend - download the Winsock fix to a diskette and ran it.

It worked. I can again access the Internet, and my wife can get to her mail, and she thinks I am a genius, and I think you are a genius.

Thank you!

I am going to upgrade to Windows XP, probably over the weekend. I thought there was going to be a point at which I can reformat my C: drive, which I will do. I also got a cheap (but legal) copy of Office XP to replace my Office 97.

Then I re-install Spybot and AdAware and off we go.

Thanks again. You have done what two help desks and a network guy could not - get us back online so my wife can teach.

Regards,
Shodan

14

One more thing you should add to your list of things to do to keep the Visigoths out of your computer: download and run SpywareBlaster, a program which configures IE to reject over 1100 spyware companies and their demon spawn before they can ever get a foothold in your computer. Before you run the program, be sure to have it check for the latest updates.

15

Awww Shodan! That’s fabulous news! Congratulations on the fix. Loads of luck with the new install. Come post back again and let us know how it went!