Guernica Posted December 11, 2008 Share Posted December 11, 2008 I went to download some tactis for FM08 from a website. Said I need to install some kind of archive file first via google. I did that and now I've got a virus. I keep getting pop up boxes saying 'intervaltehehe!!!' I have Norton Security which I try and download. It tells me I have a problem but it wont let me download it properly so it looks as though I'm stuck with the thing. Every time I go to google to try and find an antivirus it just keeps asking me for money (under the guise of Microsoft) which I'm sure is a scam. Any ideas? Quote Link to comment Share on other sites More sharing options...
Matt Posted December 11, 2008 Share Posted December 11, 2008 You do have a working anti-virus program on you system fully installed don't you? When "Norton says there is a problem" what does it actually say? Is intervaltehehe the correct spelling? It is important that you report everything as it actually is, otherwise we'll never get it. Quote Link to comment Share on other sites More sharing options...
Matt Posted December 11, 2008 Share Posted December 11, 2008 Don't restart your PC yet! There may be a very quick solution to this.... Quote Link to comment Share on other sites More sharing options...
Stitch_KTF Posted December 11, 2008 Share Posted December 11, 2008 My Norton free trial ended this week.....I don't really understand these things. Do I need to subscribe to it? I never seems to have done anything. Quote Link to comment Share on other sites More sharing options...
Guest oa_exile Posted December 11, 2008 Share Posted December 11, 2008 My Norton free trial ended this week.....I don't really understand these things. Do I need to subscribe to it? I never seems to have done anything. Sounds to me like it's been doing it's job then Now see what happens when you are not protected Quote Link to comment Share on other sites More sharing options...
Guernica Posted December 11, 2008 Author Share Posted December 11, 2008 (edited) Sounds to me like it's been doing it's job then Now see what happens when you are not protected Right. The message is 'intervaltehehehe!!!'. I've checked a few forums and identified it to C:\Windows\System32\explore but when I right click and try and send it to the recycle bin it wont let me. Says it can't delete: Access denied. And it was Winrar that I downloaded.. Edited December 11, 2008 by Guernica Quote Link to comment Share on other sites More sharing options...
Guest oa_exile Posted December 11, 2008 Share Posted December 11, 2008 Right. The message is 'intervaltehehehe!!!'. I've checked a few forums and identified it to C:\Windows\System32\explore but when I right click and try and send it to the recycle bin it wont let me. Says it can't delete: Access denied. And it was Winrar that I downloaded.. Dont know if Rummy is online now but you can try this to clear it : http://www.ccleaner.com/ Quote Link to comment Share on other sites More sharing options...
Stitch_KTF Posted December 11, 2008 Share Posted December 11, 2008 Sounds to me like it's been doing it's job then Now see what happens when you are not protected So I pay the £55? I imagined this kind of thing was free... Quote Link to comment Share on other sites More sharing options...
Guest oa_exile Posted December 11, 2008 Share Posted December 11, 2008 So I pay the £55? I imagined this kind of thing was free... http://www.owtb.co.uk/index.php?showtopic=16779 Quote Link to comment Share on other sites More sharing options...
Stitch_KTF Posted December 11, 2008 Share Posted December 11, 2008 http://www.owtb.co.uk/index.php?showtopic=16779 Cheers exile. Quote Link to comment Share on other sites More sharing options...
Matt Posted December 11, 2008 Share Posted December 11, 2008 Right. The message is 'intervaltehehehe!!!'. I've checked a few forums and identified it to C:\Windows\System32\explore but when I right click and try and send it to the recycle bin it wont let me. Says it can't delete: Access denied. And it was Winrar that I downloaded.. I still don't know what Norton is doing. Is it installed and telling you what the virus is, or is it not installed on your system? Do not use CCleaner, or anything else at this stage, we might make it worse... Go here and start the process... http://housecall65.trendmicro.com/ Quote Link to comment Share on other sites More sharing options...
Guernica Posted December 11, 2008 Author Share Posted December 11, 2008 I still don't know what Norton is doing. Is it installed and telling you what the virus is, or is it not installed on your system? Do not use CCleaner, or anything else at this stage, we might make it worse... Go here and start the process... http://housecall65.trendmicro.com/ When I scan it with Norton it's telling me there is nothing wrong with it. I've tracked the file down and dragged it to my desktop - is there a simple way of binning it? Quote Link to comment Share on other sites More sharing options...
Guernica Posted December 11, 2008 Author Share Posted December 11, 2008 (edited) When I scan it with Norton it's telling me there is nothing wrong with it. I've tracked the file down and dragged it to my desktop - is there a simple way of binning it? Managed to delete it and am still getting popups. Feck's sake. EDIT: Sorted. That wasn't nice. Thanks for the help. Edited December 11, 2008 by Guernica Quote Link to comment Share on other sites More sharing options...
Matt Posted December 11, 2008 Share Posted December 11, 2008 Managed to delete it and am still getting popups. Feck's sake. EDIT: Sorted. That wasn't nice. Thanks for the help. have you restared your PC yet? That's the final allclear really. You might want to do a Hijackthis report so I can have a look at it.... http://majorgeeks.com/download3155.html Quote Link to comment Share on other sites More sharing options...
Guernica Posted December 12, 2008 Author Share Posted December 12, 2008 have you restared your PC yet? That's the final allclear really. You might want to do a Hijackthis report so I can have a look at it.... http://majorgeeks.com/download3155.html Yes mate. Did the hijackthis report too. Surprisingly straightforward in the end for someone with no techie brain whatsoever. Quote Link to comment Share on other sites More sharing options...
Stitch_KTF Posted December 12, 2008 Share Posted December 12, 2008 I got the upgrade to Norton360 which seems really good. It cost me £55 - suspect there are cheaper alternatives but this has proved straightforward to somebody with little knowledge of computers. Apologies if you had no interest in that - it may help some others make a similar decision that's all. Quote Link to comment Share on other sites More sharing options...
Guest oa_exile Posted December 12, 2008 Share Posted December 12, 2008 Do not use CCleaner Just out of interest, why would using CCleaner potentially make it worse ? Quote Link to comment Share on other sites More sharing options...
beag_teeets Posted December 12, 2008 Share Posted December 12, 2008 CCleaner isn't an anti-virus, the first c stands from crap as it just deletes temporary files like cookies, install files, logs and other non-essential bits and pieces like that. Sometimes these are handy for recovering machines from virus attacks as they contain info that maybe useful. Quote Link to comment Share on other sites More sharing options...
Guest oa_exile Posted December 12, 2008 Share Posted December 12, 2008 CCleaner isn't an anti-virus, the first c stands from crap as it just deletes temporary files like cookies, install files, logs and other non-essential bits and pieces like that. Sometimes these are handy for recovering machines from virus attacks as they contain info that maybe useful. I understand that Tony,what I thought the CCleaner would have done was to get rid of the Temp File that Guernica had "created" with his download. Quote Link to comment Share on other sites More sharing options...
beag_teeets Posted December 12, 2008 Share Posted December 12, 2008 There will be more to the virus than just a single file, if it is anything like the one that has been going through our place at the mo that spoofs an anti-virus programme it embeds itself pretty deep on the machine, has led to having to re-image most machines that it has got hold of as it has knocked out alot of functionality. Quote Link to comment Share on other sites More sharing options...
Matt Posted December 12, 2008 Share Posted December 12, 2008 Let's have a look at some common issues and their definitions: A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically. Worms are a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Adware is software that generates advertisements such as pop-up windows or hotlinks on Web pages that are not part of a page's code. Adware may add links to your favourites and your desktop. It will often change your home page and your search engine to sites that earn income from various advertisers. This income is dependent on, for example, how many people visit the adware site, or how many people click on the links or advertisements at the site. Ads are not bad by themselves but they become a problem when they are unauthorized. Unfortunately, many adware programs do not give users enough notice or control. Spyware is software that collects and transmits user specific behaviour and information, with or without permission. Sometimes, permission to collect and transmit is assumed to have been given simply by the act of installing software or loading a Web page. In reality, few people read EULAs (End User License Agreement) or Terms of Use/Service/Installation that are displayed during installation. Like ads, data collection can be okay if done with consent or for a reasonable purpose. For example, software that transmits user specific information for the legitimate purpose of confirming eligibility for updates or upgrades should not be classed as spyware. Programmers are entitled to ensure that their software is not being pirated, and that the users of pirated software are not receiving the same benefits as legitimate users. Malware is software that damages your system, causes instability, or exhibits antisocial behaviour such as changing settings or interfering with a computer's registry and security settings. Typical examples include computer viruses or worms. What Guernica had was Adware. He could not control the browser popups from executing, sometimes these are hidden in the system files and are run-blocked (in use) - meaning you can't delete them because the OS has it as a running process. It will generate .dll files which are randomly named like dvwxllx.dll, and registry entries calling these pop ups. Deleting without quarantine is not an option. There are a couple of ways to deal with this, one could simply roll the system back to the last known good backup - system restore. This works sometimes. Another option, is the hijackthis method of highlighting which registry entries are the problem ones and removing them on a safe reboot. Different problems require different approaches, and understanding the hijackthis logs is an art - but is worth learning how to read them in the long run... I told him not to delete anything in case he deleted some important files. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.