Spyware Detected?

Discussion in 'SpywareBlaster & Other Forum' started by Chuck B., Jan 20, 2004.

Thread Status:
Not open for further replies.
  1. Chuck B.

    Chuck B. Guest

    I was wondering if Spybot, Spyware Blaster, or Spyguard catchets this progream: IncrediSearch I don't know where it comes from, maybe Incredimail...but its royally screwing up a computer that I am working on. You can't load any webpage because it wants to load Incredisearch, and you can't check mail...its not a winsock error, its a spyware I believe.
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Hi Chuck B.,

    I have heard of Incredimail, IncrediBar and Incredifind.
    The last one is not related and a stealth-installed hijacker.
    If you have that one or something new and unpleasant, please follow the instructions posted here:
    and we'll assist you as best as we can in getting rid of it.
    Which is a piece of cake if it is IncrediFind.


  3. Peaches4U

    Peaches4U Registered Member

    Nov 22, 2002
    At my computer
    Hi Chuck ... if you have Incredimail, you might want to read the following which I plucked off of Fred Langa's website & then decide if it is worth keeping it.

    ) IncrediMail Problems (Part One)
    Hi Fred, I'm a network administrator for a large Reservation in Minnesota.
    One of my users asked me if it would be all right to install a new E-mail client package called Incredimail, I checked out the http://www.incredimail.com website and noticed stellar recommendations from Cnet, ZDnet, and Tucows so I downloaded the demo to check it out. What I found in the user agreement for the software was pretty unbelievable, obviously the people who recommended this software didn't read it. The agreement itself is extremely long... but the attached excerpt from the agreement almost knocked me out of my chair:

    Any confidential, secret or proprietary information or other material submitted or sent to IncrediMail, including without limitation via any Message sent by You through the Service, Site, or IncrediMail's physical mail and e-mail addresses, or in any other way, will be deemed to be not
    confidential or secret. By submitting or sending information or other material to IncrediMail or by posting information on any portion of the Service you (a) Warrant that you have all rights of any kind to the material and that to the best of your knowledge no other party has any rights to the material; and (b) Grant IncrediMail an unrestricted, perpetual, irrevocable license to use, reproduce, display, perform, modify, transmit and distribute the material, and you further agree that IncrediMail is free to use any
    ideas, know-how, concepts or techniques you send us or post on the Service for any purpose, without any compensation to you or any other person."

    I'm not a reactionary person by nature but the implication of that paragraph for the average user is staggering. I always tell my users to read every agreement carefully but of course many don't, this agreement is especially long and loaded with legalspeak to further guarantee that the
    average person won't read it all. People are ultimately responsible for their own actions but I believe that this particular company goes way too far in misleading people about their ultimate goal and someone needs to
    shine a light on them and make people aware of what's really going on, at least then they can make an informed choice about using the service. I'm a subscriber to several technical newsletters and I'm writing to all of them.
    Thank you for your time, love your newsletter. --- Ed McPhail

    Some of that language is similar to that used by other mail services and ISPs to get around copyright issues that can innocently arise when proprietary information is sent through a third party--- for example, it's not uncommon for an ISP to want to ensure they're not violating a copyright
    if they merely store a copy of your mail on their servers while it's being processed.

    But I can't think of any innocent reason for the phrasing that states "... IncrediMail is free to use any ideas, know-how, concepts or techniques you... post on the Service for any purpose, without any compensation to you or any other person." Maybe there is a perfectly inoffensive reason for including that, but it eludes me.

    There's also another reason not to like IncrediMail, too: See next item.

    Click to email this item to a friend

    return to top of page

    7) IncrediMail Problems (Part Two)
    There's another reason not to like IncrediMail, too: It's HTML-based, which not only opens the door to all manner of web-borne security threats that are absent from text-based email, but also adds tons of baggage to outbound
    IncrediMail email. This extra baggage can clog the inboxes of recipients of these mails, even if the recipients aren't IncrediMail users.

    For example, the headers of email sent by Outlook Express might take this simple form:

    From: [user name and address]
    To: {recipient's name and address}
    MIME-Version 1.0 Content-Type multipart/mixed;
    X-Priority 3
    X-MSMail-Priority Normal
    X-Mailer Microsoft Outlook Express 6.00.2600.0000

    But here's an actual IncrediMail header, snipped from a reader's note to me:

    From: [user name and address]
    To: {recipient's name and address}
    Content-Type Multipart/related;type="multipart/alternative";boundary=
    X-Mailer IncrediMail 2001 (1750710)
    X-FID 9FF122EE-7F22-11D4-AE37-00010216CD0D
    X-FVER 2.0
    X-FIT Letter
    X-FCOL Autumn
    X-FCAT Nature
    X-FDIS Vine Fall
    X-Extensions SU1CTDEsNDEsgUmBScU4OIWRkSwsTZ04kZFNhYUoiU0k
    X-BG <AC3B86DB-D55F-11D6-88F7-444553540000>
    X-BGT repeat
    X-BGC #f5e0c3
    X-BGPX 0px
    X-BGPY 0px
    X-ASN A5BE2A00-37CC-11D4-BA36-0050DAC68030
    X-ASNF 0
    X-ASH A5BE2A00-37CC-11D4-BA36-0050DAC68030
    X-ASHF 1
    X-AN 6486DDE0-3EFD-11D4-BA3D-0050DAC68030
    X-ANF 0
    X-AP 6486DDE0-3EFD-11D4-BA3D-0050DAC68030
    X-APF 1
    X-AD C3C52140-4147-11D4-BA3D-0050DAC68030
    X-ADF 0
    X-CNT ;
    X-Priority 3

    Note that none of that is the actual email message--- it's just the typical extra baggage IncrediMail adds to the email header before you even get to the message itself: An extra 600 characters or so (call it roughly 5
    kilobits) of code that must be sent by the mailer, processed by the ISPs of both the mailer and the recipient, and then downloaded and processed by the recipient for each and every IncrediMail message sent. Yikes! HTML email is bloated anyway, but man, IncrediMail pushes it to new extremes.

    Yes, IncrediMail provides amusing, all-singing, all dancing, animated, colored, formatted, flashing, bleeping, blurping emails--- but with the certainty of tons of excess baggage riding along with the email; with the possibility of opening the door to malicious HTML-borne worms, viruses, and
    such; and with serious questions about who owns the content of the messages you send using their system.

    No, thanks.

    Click to email this item to a friend
    Here is a tad more ....

    Incredimail Xe
    Adware - 98 NT 2k Me XP
    This is a graphical e-mail program that allows you to
    personalize your e-mails according...
    Instinct Mailer
    Shareware - 98 NT 2k Me XP
    This e-mail client scans your accounts and reports
    subjects, senders and sizes, and allows...
    Intelligent MailBook
    Freeware - 98 NT 2k Me XP
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.