Incredimail install - installed itself

[WillyW]

OS is Win98SE
Computer in question is used by more than one person.


I have heard of Incredimail, but only from a friend that uses it for email.  It sounded like just another email client.    True?


A couple of days ago,  an icon appeared on the desktop, 
"Complete Incredimail Installation".

Deleted it.   Crossed fingers.

It reappeared the next day.   

One of the users of the computer is elderly.    In her email, I found a forwarded email from another elderly friend,   with mention of Incredimail,  and a big ol'  "Click here"  button.
She uses a web interface for accessing email.    Using IE v.6
No need to press and ask.      I can make a reasonable assumption that it was clicked, and somehow it downloaded and installed an installation program.     

I started looking around.

Found it in   C:\Windows\Temp\ImInstaller\IncrediMail
An executable,  a .cab file and a text file or two.

I have not deleted that stuff yet.

Because it reappears, I looked some more.
Rebooted, and there it was.... again.

Using the Search function in   regedit,   I found it a few times.


HKEY_LOCAL_MACHINE\Software\ImInstaller
name=IncrediMail_iver       data={a hex number here}


HKEY_LOCAL_MACHINE\Software\ImInstaller\IncrediMail
name=Root           
data=www5l.incredimail.com/contents/setup/2007032901/downloader_nu
                               
name=ScriptUrl
data=www5l.incredimail.com/contents/setup/2007032901/downloader_nu/setupscript.xml



HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
zzz_ImInstaller_IncrediMail
C:\WINDOWS\TEMP\ImInstaller\IncrediMail\INCREDIMAIL_INSTALL[1].EXE -startup -product IncrediMail -cluster 2



Questions:

1.) What do you think happened?


2.)  What would you do? 
       This is the bottom line, main question.   
        I am curious about some things while we are at it though.


3.)   At first I thought it would be ok to delete the files in the   temp   dir .
        Wouldn't that cause some sort of burp at boot time though?   ... since
         apparently the registry entries are looking for them.

4.)   Would it be ok to delete those registry entries with regedit?
           In other words,  would the combination of deleting the files in the
           temp   dir      and deleting those keys,  be the proper fix?

5.)  Other than politely advising not to click on things found in emails,  is   
      there  any other preventative action I can take?



Any and all comments/thought/ideas greatly appreciated.

Need more info regarding the system,  ask and I'll get it.


Thanks

[Saviour]

This may not answer every question you may have, but I hope you find it useful...I Googled it and found the following for complete removal.  IncrediMail does not provide this info in their Support section:

http://www.oeupdates.com/Uninstall-remove-IncrediMail.html


The above link also refers to a Microsoft KnowledgeBase document:

http://support.microsoft.com/default.aspx?scid=kb;en-us;297069


Good luck...

[WillyW]

This may not answer every question you may have, but I hope you find it useful...I Googled it and found the following for complete removal. 

You Googled Incredimail?

IncrediMail does not provide this info in their Support section:

http://www.oeupdates.com/Uninstall-remove-IncrediMail.html

You misunderstand.    The link you provided is about uninstalling Incredimail.
Incredimail is not installed.

The above link also refers to a Microsoft KnowledgeBase document:

http://support.microsoft.com/default.aspx?scid=kb;en-us;297069

This page looks to be the same.    The keys there are not the same as the ones I mentioned.


Thanks anyway.

[Saviour]

You Googled Incredimail?

Nope...I Googled "Completely Remove IncrediMail", because I've run across this sort of problem before on someone else's computer.

I know you stated IncrediMail is not installed, but it seems the Installer wants to run every time you boot.

IncrediMail's support page will only tell you how to uninstall it using Control Panel, but doesn't assist with the issue you seem to be experiencing.


Sorry I couldn't help.  Good luck!

[2k_dummy]

I suggest you follow your 4) above. Also check msconfig for the starup entry.

[patio]

1)  Delete the install files you found.

2) Delete the reg entries you listed.

3) Restart regedit (not the machine) and type incredimail in the search field...F3 takes you to the next listing until you reach the end of the registry.Delete any other incredimail keys that are found.

Re-boot and run CCleaner and you should be good to go...

[WillyW]

You Googled Incredimail?

Nope...I Googled "Completely Remove IncrediMail",

This is not Incredimail.   It is an installer for Incredimail.

because I've run across this sort of problem before on someone else's computer.

You have?   Great!
But....  you forgot to describe what you did to fix it.   ....or, you couldn't fix it?
.... or....  what?

I know you stated IncrediMail is not installed,

Right.

but it seems the Installer wants to run every time you boot.

Right.

IncrediMail's support page will only tell you how to uninstall it using Control Panel, but doesn't assist with the issue you seem to be experiencing.

Right.

Sorry I couldn't help.  Good luck!

Ok.
   Thanks for wishing me luck.

[WillyW]

I suggest you follow your 4) above.

I see another post that says the same thing.    That's two positive votes for that method.
I needed some reassurance that I was on the right track, before I did any deleting in the registry.
Thanks.

Also check msconfig for the starup entry.

Did that first.   Forgot to mention it.   Sorry.

[Saviour]

You Googled Incredimail?

Nope...I Googled "Completely Remove IncrediMail",

This is not Incredimail.   It is an installer for Incredimail.

because I've run across this sort of problem before on someone else's computer.

You have?   Great!
But....  you forgot to describe what you did to fix it.   ....or, you couldn't fix it?
.... or....  what?

I know you stated IncrediMail is not installed,

Right.

but it seems the Installer wants to run every time you boot.

Right.

IncrediMail's support page will only tell you how to uninstall it using Control Panel, but doesn't assist with the issue you seem to be experiencing.

Right.

Sorry I couldn't help.  Good luck!

Ok.
   Thanks for wishing me luck.

WillyW,

To be perfectly honest...it was a while ago, when I happened upon this problem so, I can't remember in detail what it was I did (at that time) to remove it.  One thing I am sure of is that you will need to edit the registry in order to fix this problem and you have received a couple of replies recommending this relative to your initial post.

I realize IncrediMail is not installed and that it is the "Installer" that continually wants to run.

One thing I will recommend, though...it is called Process Scanner and you can use it to scan your PC for processes that should or should not be running on your PC.  I find it to be a very useful tool and you can obtain more information about it at the following URL:

http://www.processlibrary.com/

Additional links:

About Process Library
Process Scanner

I hope you find the above information helpful and find a solution to removing the IncrediMail Installer from this computer.

[WillyW]

1)  Delete the install files you found.

Done.

2) Delete the reg entries you listed.

Done

3) Restart regedit (not the machine) and type incredimail in the search field...F3 takes you to the next listing until you reach the end of the registry.Delete any other incredimail keys that are found.

 [That's how I found them the first time.  Therefore, at that time, what I posted was all of them.  ]

Exited Regedit.
Ran Rededit,  searched,  found none.

Done.

Re-boot and run CCleaner and you should be good to go...

Machine rebooted fine.
CCleaner  -   'issues' search,  right?  -    found a few things.   Some had nothing to do with this topic.
Found one that did.
"obsolete software key"               "ImInstaller"
Found it with Regedit and deleted it too.

Rebooted.
Ran CCleaner again,   and searched with Regedit again.   Found nothing that looked like it had to do with this.

For now,  I think it is good.      You think?

Patio and 2k_dummy:   Thanks for your on target instructions on solving this   issue.       

[WillyW]

To be perfectly honest...it was a while ago, when I happened upon this problem so, I can't remember in detail what it was I did (at that time) to remove it.

Ok.   Makes sense.   

I realize IncrediMail is not installed and that it is the "Installer" that continually wants to run.

?  You did?       Naturally, I had concluded that you were confused.   
Why you would direct me to things that are not the problem that I described then,  if it was not in error ....  I don't know now.      It is a tad bit obfuscating.     
No matter now though.

Thanks for trying, I guess.

I hope you find the above information helpful and find a solution to removing the IncrediMail Installer from this computer.

Yep -  I think I got some good advice.