Jump to content

Virus

Guernica

By Guernica
in Techie Help

 Share

Recommended Posts

Guernica Danny Boshell

Guernica

Posted
Posted

I went to download some tactis for FM08 from a website. Said I need to install some kind of archive file first via google. I did that and now I've got a virus. I keep getting pop up boxes saying 'intervaltehehe!!!' I have Norton Security which I try and download. It tells me I have a problem but it wont let me download it properly so it looks as though I'm stuck with the thing. Every time I go to google to try and find an antivirus it just keeps asking me for money (under the guise of Microsoft) which I'm sure is a scam.

 

Any ideas?

Link to comment
Share on other sites
Matt John Sheridan

Matt

Posted
Posted

You do have a working anti-virus program on you system fully installed don't you?

 

When "Norton says there is a problem" what does it actually say?

 

Is intervaltehehe the correct spelling?

 

It is important that you report everything as it actually is, otherwise we'll never get it.

Link to comment
Share on other sites
Guest oa_exile

Guest oa_exile

Posted
Posted
My Norton free trial ended this week.....I don't really understand these things. Do I need to subscribe to it? I never seems to have done anything.

 

Sounds to me like it's been doing it's job then :wink: Now see what happens when you are not protected :lol:

Link to comment
Share on other sites
Guernica Danny Boshell

Guernica

Posted
  • Author
Posted (edited)
Sounds to me like it's been doing it's job then :wink: Now see what happens when you are not protected :lol:

 

Right. The message is 'intervaltehehehe!!!'. I've checked a few forums and identified it to C:\Windows\System32\explore but when I right click and try and send it to the recycle bin it wont let me. Says it can't delete: Access denied. And it was Winrar that I downloaded..

Edited by Guernica
Link to comment
Share on other sites
Guest oa_exile

Guest oa_exile

Posted
Posted
Right. The message is 'intervaltehehehe!!!'. I've checked a few forums and identified it to C:\Windows\System32\explore but when I right click and try and send it to the recycle bin it wont let me. Says it can't delete: Access denied. And it was Winrar that I downloaded..

 

Dont know if Rummy is online now but you can try this to clear it :

 

http://www.ccleaner.com/

Link to comment
Share on other sites
Matt John Sheridan

Matt

Posted
Posted
Right. The message is 'intervaltehehehe!!!'. I've checked a few forums and identified it to C:\Windows\System32\explore but when I right click and try and send it to the recycle bin it wont let me. Says it can't delete: Access denied. And it was Winrar that I downloaded..

I still don't know what Norton is doing. Is it installed and telling you what the virus is, or is it not installed on your system?

 

Do not use CCleaner, or anything else at this stage, we might make it worse...

 

Go here and start the process...

 

http://housecall65.trendmicro.com/

Link to comment
Share on other sites
Guernica Danny Boshell

Guernica

Posted
  • Author
Posted
I still don't know what Norton is doing. Is it installed and telling you what the virus is, or is it not installed on your system?

 

Do not use CCleaner, or anything else at this stage, we might make it worse...

 

Go here and start the process...

 

http://housecall65.trendmicro.com/

 

When I scan it with Norton it's telling me there is nothing wrong with it.

 

I've tracked the file down and dragged it to my desktop - is there a simple way of binning it?

Link to comment
Share on other sites
Guernica Danny Boshell

Guernica

Posted
  • Author
Posted (edited)
When I scan it with Norton it's telling me there is nothing wrong with it.

 

I've tracked the file down and dragged it to my desktop - is there a simple way of binning it?

 

Managed to delete it and am still getting popups. Feck's sake.

 

EDIT: Sorted. That wasn't nice. Thanks for the help.

Edited by Guernica
Link to comment
Share on other sites
Stitch_KTF Rick Holden

Stitch_KTF

Posted
Posted

I got the upgrade to Norton360 which seems really good. It cost me £55 - suspect there are cheaper alternatives but this has proved straightforward to somebody with little knowledge of computers. Apologies if you had no interest in that - it may help some others make a similar decision that's all.

Link to comment
Share on other sites
beag_teeets David Eyres

beag_teeets

Posted
Posted

CCleaner isn't an anti-virus, the first c stands from crap as it just deletes temporary files like cookies, install files, logs and other non-essential bits and pieces like that. Sometimes these are handy for recovering machines from virus attacks as they contain info that maybe useful.

Link to comment
Share on other sites
Guest oa_exile

Guest oa_exile

Posted
Posted
CCleaner isn't an anti-virus, the first c stands from crap as it just deletes temporary files like cookies, install files, logs and other non-essential bits and pieces like that. Sometimes these are handy for recovering machines from virus attacks as they contain info that maybe useful.

 

I understand that Tony,what I thought the CCleaner would have done was to get rid of the Temp File that Guernica had "created" with his download.

Link to comment
Share on other sites
beag_teeets David Eyres

beag_teeets

Posted
Posted

There will be more to the virus than just a single file, if it is anything like the one that has been going through our place at the mo that spoofs an anti-virus programme it embeds itself pretty deep on the machine, has led to having to re-image most machines that it has got hold of as it has knocked out alot of functionality.

Link to comment
Share on other sites
Matt John Sheridan

Matt

Posted
Posted

Let's have a look at some common issues and their definitions:

  • A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
  • A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
  • Worms are a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
  • Adware is software that generates advertisements such as pop-up windows or hotlinks on Web pages that are not part of a page's code. Adware may add links to your favourites and your desktop. It will often change your home page and your search engine to sites that earn income from various advertisers. This income is dependent on, for example, how many people visit the adware site, or how many people click on the links or advertisements at the site. Ads are not bad by themselves but they become a problem when they are unauthorized. Unfortunately, many adware programs do not give users enough notice or control.
  • Spyware is software that collects and transmits user specific behaviour and information, with or without permission. Sometimes, permission to collect and transmit is assumed to have been given simply by the act of installing software or loading a Web page. In reality, few people read EULAs (End User License Agreement) or Terms of Use/Service/Installation that are displayed during installation. Like ads, data collection can be okay if done with consent or for a reasonable purpose. For example, software that transmits user specific information for the legitimate purpose of confirming eligibility for updates or upgrades should not be classed as spyware. Programmers are entitled to ensure that their software is not being pirated, and that the users of pirated software are not receiving the same benefits as legitimate users.
  • Malware is software that damages your system, causes instability, or exhibits antisocial behaviour such as changing settings or interfering with a computer's registry and security settings. Typical examples include computer viruses or worms.

What Guernica had was Adware. He could not control the browser popups from executing, sometimes these are hidden in the system files and are run-blocked (in use) - meaning you can't delete them because the OS has it as a running process. It will generate .dll files which are randomly named like dvwxllx.dll, and registry entries calling these pop ups. Deleting without quarantine is not an option. There are a couple of ways to deal with this, one could simply roll the system back to the last known good backup - system restore. This works sometimes. Another option, is the hijackthis method of highlighting which registry entries are the problem ones and removing them on a safe reboot. Different problems require different approaches, and understanding the hijackthis logs is an art - but is worth learning how to read them in the long run...

 

I told him not to delete anything in case he deleted some important files.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...