I just reformatted my Vista to clean the 400 Gigs of built up trash off of my harddrive. I completely deleted the partition. I reinstalled all my drivers as well as my Anti-Virus (symmantec) fully updated all virus definitions. Then I downloaded a file. At first I was sure this file was clean. I would put a link to it so someone can scan it but I don't want to get banned. Anyway it is a modded driver to use a certian controller with my PC (For emulation purposes). I had this file before and my PC worked fine. But after I downloaded it this time all went to hell. After I installed the drivers and restarted I got a prompt that said:

"Intervals hehehehhehehe intervalheheeheheh"

I didn't know what that ment so I just clicked okay and went on my way. Afterwards I opened up firefox and it took me to an "Page can not be displayed" page. However, it looked like a IE "Page can not be displayed" error and it was written in CHINESE. So I decided it may just be a homepage problem. I typed in google and it took me to a "Microsoft Certified" site. Well it at least looked like a microsoft site but I'm a bit smarter than that. It was an obvious phising attempt trying to get me to download another file in the form of "Anti-Spyware". Now 90% of the websites I go to take me to that damn Phishing site. Anyone have this problem before and know how to fix it. Its a really weird annyoing torjan/virus.

I know the microsoft website I am being directed to is fake for 2 reasons.

1. The URL isn't a microsoft URL.

2. "Our services may include the display of personalized content and advertising." This is in small print at the bottom of the page.

Any help would be great. I haven't been able to find any information on this type of trojan/virus but then again the only search engine I can get to work is ask.com. and it sucks.

EDIT:

I investigated a little further at it seems the virus came from a Winrar download that I used to unzip the driver I downloaded. I still do not know the name or how to remove this virus (Tried scanning with Spybot S&D and Symmantec all updated. Nothing worked.)

Also when I deleted the winrar downloaded file it created a desktop.ini file on in the same folder i deleted it from.

Post has been edited 2 time(s), last time on Dec 3 2008, 2:47 am by KilaByte.

Could you simply just reformat again? It seems like that would be the best solution, rather than manually removing it and possibly leaving leftovers. Especially since you barely got it back up, it wouldn't hurt too much to do it again.

I just got done getting rid of a wonderful virus my Dad sent me called, VirusRemover2008. Here is simply what I did on my Windows XP. I am not 100% percent sure this is going to work, but it might be worth a try or something if you're still having the problem. Make sure you have an anti-virus and a spyware program installed and ready to be used. Restart your computer and put it into Safe Mode, using F8 for many Vista's I have noticed and try to go without networking. If you can't go without networking then that is alright I am told. Once in on the system administrator, run your anti-virus followed by your spyware program. Viruses stand no chance while a computer is in safe mode due to the lack of running programs that the virus attached itself to. AVG Free Edition v8.0 removed 2 Trojans while in safe mode and all I had to do was run Spybot - Search & Destroy and go into my Program Files and delete the "VirusRemover2008" file... That's it! My new best friend, Safe Mode!

My mom was an idiot and caught AntiVirusPro2009 (a fake antivirus like yours) on my computer and CAUGHT IT AGAIN on her laptop.
It basically has the same hijacked browser and trying to false-advertise the program.
What was the fake anti-virus called?

Did you try the link in the stickied topic?

I got rid of it eventually. I had to go into the registry and delete a few values but everything works good now.

(And yes I know what I'm doing in the registry, I didn't just jump in and start deleting stuff.)