Jump to content

EXPERT HELP REQUIRED! :-(


Recommended Posts

Hi Folks - please bare with me if you can, it's long winded but I'm new to this and urgently need some help!! :)

Having tapped this 'intervalhehehe' into google it appears to be a fairly common and recent virus sweeping around. Like most other 'victims' I googled winrar and downloaded it from the first site it returned, I was in a bit of a hurry and didn't really pay attention to where I was downloading from however the site appeared to me to be masquerading as download.com which is why I didn't think anything of it.

Upon extracting a file my mate emailed to me I started getting this annoying intervalhehehe popup message. I also found that I couldn't access google or facebook, being re-directed to a 'Microsoft Security Center' asking me to download antispy software. I actually almost did as well.

My antivirus software is avast and I also have Ad-aware although had not used the latter for some time as the scan takes ages. I had a bit of a scout round and installed Spyware Doctor. When I ran the program it did a scan and reported back about a dozen infections however to remove them required registration. Loathe to pay the

Link to post
Share on other sites

Further to this, I have in the last half hour downloaded ComboFix and ran that as per instructions on another forum, and that too has not resolved the problem.

Any help would be much appreciated, I am anxious to do a lot of online transactions however feel very nervous about doing this while this problem persists. :)

Link to post
Share on other sites

Sorry to hear you got Infected. This Link should have the Steps to removing the Bugger.

First of all. Uninstall Winrar, then follow the Instructions of Poster #7 using Spybot Search & Destroy in Safe Mode.

http://answers.yahoo.com/question/index?qi...28095501AAo2iun

Spybot Search & Destroy

http://www.safer-networking.org/en/spybotsd/index.html

Good luck.

Ken:

Link to post
Share on other sites

Sorry to hear you got Infected. This Link should have the Steps to removing the Bugger.

First of all. Uninstall Winrar, then follow the Instructions of Poster #7 using Spybot Search & Destroy in Safe Mode.

http://answers.yahoo.com/question/index?qi...28095501AAo2iun

Spybot Search & Destroy

http://www.safer-networking.org/en/spybotsd/index.html

Good luck.

Ken:

Thanks Ken - I've actually manually altered that 'host' file which Poster #7 refers to, however I have downloaded HijackThis. Initially I will reboot my computer in safe mode with networking (as another poster suggests in the yahoo link you gave above) and run Spybot from there to see if it detects anything else it doesn't pick up in normal mode. If that doesn't work I'll try the HijackThis method. And if that doesn't work I'll pick the tower up and launch it out of the window. :):)

Link to post
Share on other sites

Thanks Ken - I've actually manually altered that 'host' file which Poster #7 refers to, however I have downloaded HijackThis. Initially I will reboot my computer in safe mode with networking (as another poster suggests in the yahoo link you gave above) and run Spybot from there to see if it detects anything else it doesn't pick up in normal mode. If that doesn't work I'll try the HijackThis method. And if that doesn't work I'll pick the tower up and launch it out of the window. :):)

No need, in fact if you're not comfortable with the above method, or if you just want the certainty that the machine is cleaned properly, have an expert do it. To get you fixed up please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Quick update - I think I've managed to completely remove the infection - I ran HijackThis however I think that was futile as as mentioned earlier I'd already manually amended the C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOST file. So from there I reset the machine to safe mode and ran Spybot S&D, deleting three or four 'negligible' files I think - just tracking cookies. Anyhow, on rebooting in normal mode I tried to access facebook and this time it came up, I was not re-directed to the site asking me to download antispy. So I think, touch wood, this is a result.

My guess is the host file is the crux of this virus, reset that to the original content deleting any additions the spyware adds and it seems to do the trick, once the spyware progs have deleted any trojans etc.

If I encounter any further problems no doubt I'll be back asking for more help - but to those of you who responded - thanks a million - very grateful for your guidance :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.