Kill Sidesearch & Kill Incredifind & Kill Topotun

Kill Topotun  Kill regsvrac32.dll  

Kill Incredifind  Kill LycosSidesearch

Stop your Explorer home page from being changed to Porn


Home
What's New
AI Products
Alzheimer's, beat it
Android Eyes
Android Fingers
Android Hands
Animatronic Products
Animatronic Sites
Asimov's Laws
Baby Androids
Bipedal Projects
Books
Business Plan
Competitions
Conferences
Digital Gyro Board
Domestic robots
Education
Engineers Recommended
Entertainment robots
Future of Androids
Global Warming Fix
Globes of planets
Greatest Android Projects
Gyro/Accelerometer board
Haptic Sensor
Head Projects
Historical Projects
In the Movies
Kill Viruses/Trojans
Live to 100
Mecha Projects
NASA Projects
Planetary Globes
Personal projects
Philosophy of Androids
PRODUCTS
Robo-prize $5M
Robotics Sites
Secret Projects
Smaller projects
Sub-assembly projects
Superintelligence
Suppliers Recommended
Tactile Sensor
Touch Sensor
Valerie Android
Video cameras (smallest)
What's New
Home

       Kill Topotun  (very difficult)

  • 1. Use your firewall program to block IP Address:  69.50.184.50
    •  These are the offending URLs
      • www.topotun.com
      • www.web-cams-chat.com
      • www.free-spy-cam.net
      • www.hcworld.com
      • free.hcworld.com
      • terra.hcworld.com
  • 2. Use Regedit to remove all references to Topotun
    • The most important entries are in HKEY_CURRENT_USER
    • HKEY_CURRENT_USER
      • Software
        • Microsoft
          • Internet Explorer
            • Main
              • Default_Search_URL
              • Local Page
              • Search Bar
              • Search Page
              • SearchAssistant
              • Start Page          <=  especially this one
    • There are also entries in Search & SearchURL which will be found with a "find"
  • 3. Delete the unwanted bookmarks from your favorites directory (in C:\"Documents and Settings"\your username\favorites).
  • 4. You must turn off your system restore option in the "control panel".
    • Open Control Panel
    • Open "system"
    • Select the "system restore" tab
    • Check the box which says "turn off system restore on all drives"
    • Click "apply"
    • Click "OK"
    • Close Control Panel
    • You can uncheck the box later after the parasite is gone.
    • Obviously, you must reboot & make sure this thing is gone.
  • 5. The persistence is due to a program running in the following directory:
    •  C:\"Documents and Settings"
      •  your username
        •  "Local Settings"
          •  Temp
  • 6. This program will very likely have a random string of letters for its name.  On my machine it was called  "zYpBGti.exe"  and will be found in the above Temp directory.  Use Regedit to navigate to the following location:
    • HKEY_LOCAL_MACHINE
      • Software
        • Microsoft
          • Windows
            • Current Version
              • Run
  • 7. You will see a long list of programs listed under the "Run" key.  You want to search for ANY program which is running out of "Documents and Settings" -  AND DELETE IT (THEM). Record the names for later use.
  • 8. Now search the registry for ALL occurrences of those names AND DELETE THEM.  I found an occurrence in the following location (which you may want to check):
    • HKEY_LOCAL_MACHINE
      • Software
        • Microsoft
          • Shared Tools
            • MSConfig
              • Startupreg
  • 9.  You must reboot to verify that it is gone - which can be done by checking your favorites to see that the garbage is absent.  
  • 10. It has taken me a full week to kill this damn thing.  A further suggestion is to remove cookies and all local content before you shut down your machine each day.

       Kill regsvrac32.dll (very difficult) 

  • 1. The persistence is due to an entry in the Registry under Windows/Current Version/Runonce
  • 2. Use your firewall program to block IP Addresses:  81.211.105.0 - 81.211.105.255
    •  These are the offending URLs
      • bjvvhk.t.muxa.cc
      • margo.cafreedom.com
  • 3. This parasite seems to be a problem on Internet Explorer 5 not Internet Explorer 6.  Try to install IE 6 and see if that makes it go away.
  • 4. This parasite may not be a problem on XP but it is on Windows ME.  Here is what is does:
    •  It inserts an entry into the the Registry under Windows/Current Version/Runonce
    • This entry is a random string of letters & numbers + ".exe"
    • This program is loaded into C:\Windows\system32\
    • The program starts on machine startup and runs always.
    • The problem for me was that it HUNG my machine and I had to kill it to get out of startup.
  • 5. Use Regedit to remove all entries under Runonce (find "Runonce", fix, repeat) which consist of a random sequence of letters & digits followed by ".exe"
  • 6.  First solution -  Install Windows XP if you can (I couldn't due to HP software) and IE 6.
  • 7.  Second solution
    • Download and install Mozilla (its FREE)  from   http://www.mozilla.org/   or Netscape 
    • Remove Internet Explorer from your system.
    • Use Regedit to remove all entries under Microsoft/Internet Explorer/
    • Use Windows Explorer to search for and delete any file or directory called Internet Explorer.
    • Run with Mozilla or Netscape instead of Internet Explorer.

      Kill Lycos Sidesearch: 

  • 1. Use your firewall program to block IP Addresses:  216.74.27.20 - 216.74.27.24
  • 2. Delete the Lycos Sidesearch icon from your desktop
  • 3. Go to C:\program files\Lycos\Sidesearch\   and run the Uninstall program.
  • 4. Go to C:\Windows\System32\   and delete the following files:
    • biN.exe
    • im64.dll
    • in10b6s.dll
    • Lycos.dll
    • msbb321.dll
    • msbb.exe
    • ncase.ini
    • sahagent1019.exe
    • setup_incred_1.exe
    • ss_msi1_setup.exe
  • 5. Use Regedit to remove all references to Lycos or Sidesearch or ncase 
  • 6. Use Windows Explorer to search for and delete any file or directory which is called Lycos or Sidesearch.

      Kill Incredifind - nasty annoying search program

  • 1. Use your firewall program to block IP Address:  12.129.205.105
  • 2. Go to C:\program files\Incredifind\ and delete it.
  • 3. Use Regedit to remove all references to  Incredifind
  • 4. Use Windows Explorer to search for and delete any file or directory which is called Incredifind.

    Stop your Explorer home page from being changed to Porn

        How is this done to you?   Somebody has changed some settings in your Internet Explorer registry.  How do I fix this?    Obviously you must delete the trash from your registry.   Here is how to do it:

1.  Click Start button (bottom left corner of screen)

2.  Select "Run"

3.  Type in "Regedit" and OK.

4.  Select the following levels:

  • HKEY_CURRENT_USER
    • Software
      • Microsoft
        • Internet Explorer
          • Main
            • Default_Search_URL
            • Local Page
            • Search Bar
            • Search Page
            • SearchAssistant
            • Start Page          <=  especially this one

5.  Make sure all of the 6 labels have "good" values such as http://www.google.com/ or about:blank but NO garbage links - especially ones filled with % signs.   The % signs are simply a way to HIDE what the hijacker has put in place of your good stuff.   The % is an escape character which says that the next two hex characters after the % are the ASCII character. For example:   %2E = "."   %5C = "\"   %41 = "A"  %61 = "a"

 6. Repeat for HKEY_LOCAL_MACHINE

  • HKEY_LOCAL_MACHINE
    • Software
      • Microsoft
        • Internet Explorer
          • Main
            • Default_Search_URL
            • Local Page
            • Search Bar
            • Search Page
            • SearchAssistant
            • Start Page           <=  especially this one

7. Fix these values - which is done by right-clicking, select Modify and entering the new desired value.    I suggest that you find a good string and do a "copy" then go to the bad one and "paste" over it.  Save your changes.


               What I do to protect my computer

1. Anti-Virus program -  McAfee VirusScan   This is obviously a must for everybody or your machine will be destroyed someday.

2. Firewall - Very Important -  McAfee Firewall   This program protects against unauthorized entry from the outside.   You would be stunned if you knew how many program are running around just trying to find unprotected machines.   This is the only way I have found to block the Lycos Sidesearch program and the Incredifind program which are extremely hard to stop.  Here is how to do it:

      Attack them on two fronts:

     First:  Block the key programs from accessing the internet by adding them to the list of programs blocked by your Firewall.   Block all .exe & .dll programs in the list above (#4 in Lycos Sidesearch section).  They are usually found in C:\windows\system32\

     Second:  Block the IP addresses from which the parasites are being downloaded. To wit - add the following IP addresses to your list of IP addresses to block:

  • www.f1organizer.com       at IP address:   207.182.241.228
  • www.lycos.com                 at IP address:   209.202.216.27
  • www.incredifind.com        at IP address:     12.129.205.105
  • www.180solutions.com     at IP address:   216.74.27.20      
  •                                                IP address:   216.74.27.21
  •                                                IP address:   216.74.27.22
  •                                                IP address:   216.74.27.23
  • bis.180solutions.com         at IP address:   216.74.27.24
  • www.topotun.com              at IP address:   69.50.184.50
  • bjvvhk.t.muxa.cc               at IP address:  81.211.105.0  -  81.211.105.255

       You can lookup any URL using this FREE service.

3. Anti-Spam - Very Important - McAfee SpamKiller   Scans incoming email and kills most of the spam.  Allows you to define your own filters - I have about 1000.  Only problem is that it doesn't automatically throw away the killed messages.  You still have to remove them, but it only takes a few minutes a day to delete 1000 killed messages.

4. Popup Blocker - I now use AdsGone 2004 - very nice Popup blocker.  Their website is

          http://www.adsgone.com/

5. Task monitor -  WinTask Pro  Gives you documentation on most of the processes running on your machine so you can decide which ones to kill.  Allows you to block automatic startup of those programs which are eating up your CPU time and memory space.  The worst one is "wsbb.exe".   It gets put into your auto-start list and runs actively ALL THE TIME.   If you delete it with WinTask, it will re-insert itself in your auto-start list (until it is blocked by #2 above).

         http://www.liutilities.com/products/wintaskspro/

6. Anti - Adware program    NoAdware  Scans your machine for Adware and then removes it for you. You will be amazed at how much adware gets on your machine.  It found 150 items the first time it  scanned.  And that was on my machine which is pretty well protected!  After #2 above, I have NO adware.

         http://www.noadware.net/

7. Anti - Adware program    SpySweeper  Scans your machine for Spyware and then removes it for you. You will be amazed at how much spyware gets on your machine.  This program even finds "traces" of stuff.  When I ran it, it found like 20 files & 2000 traces.

        http://www.spysweeper.com/

8. Internet Explorer  - This is the source of MOST of the trouble.

  • Open Internet Explorer
    • Select Tools
      • Select Internet Options
        • Select Security tab
          • Select Custom level
          • Disable nearly everything especially scripts
            • You may leave Java at high security level.
            • You may allow file download (enable)

 General Information: crwillis@androidworld.com