Bugger, I got a virus from downloading winrar it's called intervalhehehe. I have tried the following to try and get rid of it..........

Avg full version
spybot
super anti spyware
rougefix
Adaware

None of the above can pick the virus up. It redirects you to some site asking for money for it to be removed, been told its Russian or something like that, got any ideas dudes? I can NOT get google at all any any search comes back chineese.

I have tried a system restore in normal mode and safe mode but to no avail.

C:\Windows\System32\Explore.exe

HKLM\Software\Microsoft\Windows\Curren...

I have found info that the above files need to be deleted but i cant find them.

Any ideas guys n gals???



Paul

moved to correct section.......

have you tried a decent antivirus like nod32 or kaspersky?

have you attempted a system recovery?...go back a few weeks or days and see if it rids it of it!!!

:deal::deal:got this bloody thing today , found the best way to erase it . go to my computer / computer for vista , go to windows folder , find system32 and open , then click on the top bar where date is , find specific date ( the date you downloaded it ) it will be a rar or zip style folder usually called explore . firstly rename the folder to whatever u like , right click on the folder and go to properties click advanced bottom right and change file attributes ( unclick both ) then delete . now do a system restore and the bloody thing will bug u kno more. if you dont erase this folder then it reappears about an hour after the system restore and u will subsequently smash ur fist thru the screen while intervalhehehe will just be mockin u , it took ages to figure this fekin fing out . be careful what u download

Can anyone help me get shot of intervalhehehe I have read the thread above and followed it step by step but I cant sem to find the part with the date line or the file I need to rename thgis is frustraiting
Please ADVISE:banghead:

Hi All

Does anyone have a link to download winrar that doesn't have INTERVALHEHEHE on it as I need to download this
who invented INTERVALHEHEHE There laughing at MEEEEEEEE

I picked this up a few days ago and I've run every scan, and virus detector known to man. I could use some serious help here before I put my foot through my computer!!
Thanks:banghead:

I got the same bstd* thing, and the only way I manage to get some restbite was to clear the host file
c:/system32/windows/drivers/etc/hosts
Delete everything in this hosts file.
Enter the entry below and save and all should be ok
127.0.0.1. localhost

You might still have to download superantispyware and do a complete scan to remove any other traces. All shoulld be ok.

Sorry the above is for XP it's a similar fix for Vista.
But with Vista yo will have to do a bit messing about as it dosn't allow you to change the hosts file.


:ciao::ciao:

had this last week and system restore to a couple of days ago worked fine on xp

Thank you green-Sat for the valuable advise. I had the same bloody Intervalehehe last week when I downloaded WINRAR. I have window XP system. I have deleted the host file you have advised but I do not know how to save entry 127.0.0.1 localhost. Any advise?
Other site defenately to avoid is 7 ZIP.

Hi,
Just enter the line on the first line and save using file>save.

I.e click on the option file and save as you would save a word file.
and hopfully all should be ok.

I tried many different things to get rid of it. As i am not an expert i gave up :giveup: and gave it to the professionals to fix.


Paul

I was able to remove this virus by cleaning out my host file. Below is the link to the instructions for how I did it. Don't worry, n:champions::champions:o virus here!!

http://www.precisesecurity.com/tools-resources/threat-removal-procedure/clean-windows-hosts-file/:champions:

Hi

I had the same virus its a real pain to get rid of. I am running windows vista, within it there is an antispyware package called windows defender. First you need to activate this. if you are runnin on XP then type into google superantispyware. This should take you to a site were you can download for free. Run this software and it should kill the main program it runs from. Then do the system restore. You will find that when you try and go back into the internet it wont be able to find anything, and come up with an error. Please then re run either windows defender or superantispyware, this should kill it once and for all. Restart your system and google etc should come back.

Hope this helps

Thank you green-Sat for the valuable advise. I had the same bloody Intervalehehe last week when I downloaded WINRAR. I have window XP system. I have deleted the host file you have advised but I do not know how to save entry 127.0.0.1 localhost. Any advise?
Other site defenately to avoid is 7 ZIP.

What's wrong with 7-Zip ? I use it all the time, never had a problem.

lebob,
I metioned 7 Zip because I have tried to download files Zip programme from the site and every time I tried I had nasty Taarjon Horse with the package similar to Intervaleheha and it took me a while to get rid of it. You may not notice but it slows your system considerably and by the time you have realised something is wrong and you try to restore it, it will not let you do that. Be careful.

Koter002, Did you download it from sourceforge ? 7 Zip is open source so I'd be surprised
if you got a trojan from it.

I searched it on Google to download winzip when I I read about 7 ZIP and downloaded.
What type of site is sourceforge?

technology community open source software distribution site.
SourceForge.net: Software Map (http://sourceforge.net/softwaremap/)

Got this dam virus today. Tried your method out Bund and seems to have worked ok. I knew joining this site last week was a good idea. :)))

same here did the bund method and sorted it out.would have been goosed without this site.nice one.

I got the same bstd* thing, and the only way I manage to get some restbite was to clear the host file
c:/system32/windows/drivers/etc/hosts
Delete everything in this hosts file.
Enter the entry below and save and all should be ok
127.0.0.1. localhost

You might still have to download superantispyware and do a complete scan to remove any other traces. All shoulld be ok.

Sorry the above is for XP it's a similar fix for Vista.
But with Vista yo will have to do a bit messing about as it dosn't allow you to change the hosts file.


:ciao::ciao:

"hosts" on my computer isn't a folder... it's just an unknown thing... I'm not sure how to delete this intervalhehehe virus because it isn't a folder =/

uhm... can anyone explain to me how to do a system restore?

sophie2406,
I have Window XP. This is what I do to restore from earlier date.
From START, click & go to all programmes, Accessories, system tools and System Restore.
When you click on system restore you will get pop box which will guide you how to restore to earlier date when your computer was working properly.
regular restore point will help in the event of system crash. pop up box will also give you above optiobn.

I picked this up a few days ago and I've run every scan, and virus detector known to man. I could use some serious help here before I put my foot through my computer!!
Thanks:banghead:


There's many different ways posted out there on how to get rid of this thing. First of all...Kaspersky will not do it, Norton will not do it, AVG will not do it, Panda will not do it, etc...etc...

Windows Defender, SpyHunter, etc...will not do it.

Some folks have gotten rid of it by deleting explorer.exe, which is how I finally was able to. However, what the one guy who posted this method failed to mention was that you have to do it in safe mode because it will not allow you to delete it otherwise. (I'm talking about XP here)

Also some folks have posted in other places that you have to delete explorer.exe....DO NOT DELETE EXPLORER.EXE!

It is explore.exe NOT explorer.exe. I made that mistake because of someone's misinformation.

The way I finally did was to download Hijack This....then run a scan. Delete all the redirects...the web addresses that look real but are not. I was not sure which ones were real and which weren't. I deleted all of them. Don't know if you should do that or not, but it seemed to work.

The next step is to boot in safe mode (Windows XP). If like me, you have never done that, it's easy for XP at least. Restart your computer, while it's booting up tap the F8 button until you get a screen that asks you if you want to choose safe mode. Use the arrow keys to move to Safe Mode then hit enter. It will boot up into safe mode.

Then in safe mode, go to My Computer, C drive, Windows folder, then System32 folder. Look carefully for an application named explore.exe. On my system it had a cute little icon that looks like a stack of books. If you see this...that's it.

Delete this file. Again, on my system, XP, it could only be done in safe mode. Once you delete it, make sure you delete it from the recycle bin because that is where it goes.

Once tha't's done, reeboot in normal mode, recheck system32 folder again to make sure it's gone. Run Hijack This again, and delete any redirects again. Empty your recycle bin and uninstall Hijack This.

Note: when you run Hijack This, if you create back up logs you MUST delete them as well. Remember to always empty your recycle bin when you are done!

This finally worked for me. It has been a couple days and several reboots now and so far so good....

It might sound complicated if you haven't done anything like this before but it isn't really. Once you do it, you'll see how easy it is.

Oh yeah, if you have never gone into your C drive files before, you will get a message that says these files are "hidden." Just go ahead and click to display the files...it won't hurt anything. Just remember to be careful when surfing around in there because these are the files that make your computer work. Don't delete anything you shouldn't!

Best of luck.

uhm... can anyone explain to me how to do a system restore?e


If you are running XP (that's all I can speak for), go to Start, All Programs, Accessories, System Tools, System Restore and follow the on screen instructions from there.

hi i had this f****** too. i had to strart my lappy up in safe mode ....instructions 2 post s above had to do a power drain b4 hand tho by takin battery out and pressin power button an d replacin battery.theni pressed power button while repeatinly pressin f8 then i press ed start button on lappy and typed in to search engine just below all programmes c:\windows:\drivers:\etc and when i was doin this i noticed the title intereval hehehe come up on the list ...with the icon of a pile of books next to it...so i left clicked it and deleted it .then i went to control panel deleted winrar....then i went bac to start search and put in winrar and deleted all win rar winace files then i went to recycle bin and emptied it ..then i ran windows defender which found and deleted any other traces of the virus....up to now ..no probs.........etc except i ve tried doin a systems restore several times and it wont do .its says failed due to a unverifed error .wonder if any one knew why i cant do a system restore on lappy. i also have norton 360 on my lappy and its been useless!!!!:evil::thumpdown:

I have found that when most antivirus programmes fail i try Trend Micro - House call, its a free external virus scanner which isn't detected by the virus, if it doesn't get shut it will give you a step by step guide on how to find it and erase if from your system,
hope this helps:)