Do you know what you downloaded to cause this? If you do go to your control panel, find add or remove programs and remove the program you downloaded. If this is not an option try to run a virus scan and see if your virus ware can capture it. Usually this type of virus comes from a free virus program and now they want you to buy it. Don't buy it!

I've searched the net and I can't find any reference to this virus. Which particular anti-spyware is it telling you to download? I may be able to find out something from that. DON'T download it, by the way. Re-boot into Safe Mode (press F8 as Windows is about to start loading) and run your anti-virus program.

Yes, pirating software is one sure way to get Windows infected. Rather than trying to avoid buying WinRAR by getting it from a dodgy site, just use real free software! 7-Zip, for example, is totally free. It can unpack .rar files and .7z compression is better than .rar in a lot of cases. The site is right here: http://www.7-zip.org You won't need to use Limewire, Vuze, SuperDuperSahre1000 or any other funny client to get it. Just a web browser :) As for getting rid of this nasty, one sure-fire way is a simple format and re-install of Windows. On modern computers this rarely takes longer than 3 hours for Windows, and then the rest depends on your programs. Or, if you want to have a go at maybe getting rid of the infection, and if you're too scared to boot up your infected windows system - try booting from this Linux CD instead: http://trinityhome.org/Home/index.php?wpid=1&front_id=12 The latest version has multiple anti-virus engines, and with heuristics one of them may be able to detect & clean your Microsoft Windows infection. And yes, its totally free :) And when you do get a working Windows system, also try running Firefox with the Web Of Trust plugin - http://www.mywot.com/ - it helps you see if websites are dodgy.

Use Firefox to download avg anti virus free edition. Also download spybot and adaware. Run those and it should clear whatever you have.

I dunno but it sure does sound like the virus has a good sense of humor

Got this in the same way as everyone else. I am an IT professional but that doesn't mean this will be perfect since it isn't quite my domain! Anyway, I'll try explain in as simple terms as I know how. Good news is that I think I am all fixed now. Most importantly, you should fix this asap. Don't go to your banking sites or use Outlook or anything like that until you are fixed. If you are paranoid then re-install Windows. If like me you want to do a DIY fix then here's how I did it. First I uninstalled WinRar and deleted the folders. You still get the annoying messages. Then I downloaded a bunch of anti-malware, making sure that in every instance it came from a pukka site. This means ignoring the "megafilesharezone" type sites offered by Google and going to the vendors site and following only their instructions to valid "mirrors" or download servers. If you are having trouble getting Google to work then this takes you direct to SpyBot S&D: http://www.safer-networking.org/en/downl... you can trust me and go straight there (!); use another PC and use a a USB key to transfer them to the infected machine (safe to do in this case as far as I can tell) or if you know another language then my guess is a foreign google such as www.google.fr should bypass the problem (the malware only affects the UK and US Google addresses I think). Rule 1 is to run these in Safe Mode (reboot, press F8 and then boot windows in "Safe Mode with Networking"). Can't be sure, but the socially inept, friendless, tiny mahood person who designed intervalhehehe seems to have got it to avoid detection in normal Windows mode. This will take up to an hour or so depending on your machine and the amount of files you have. For reference, the anti-malware that actually got the stuff was Spybot S&D updated with the latest files. I also ran CCleaner, MV RegClean and Malwarebytes - all of them spotted some things but not necessarily this. I had Trend anti-virus installed but this didn't spot anything. Run these until the scans come back clean, then reboot into normal mode. You should have no annoying messages now. If you do, then my answer hasn't worked for you. Once that was done, some smart cookie on the net suggested that if you are still getting Chinese Google/ fake Microsoft site syndrome then your hosts file has been tampered with. If your interested, (which you certainly don't have to be to solve this!) the host file tells your machine that certain requests for URLS by any your browsers should ignore the real site (to do with a service called DNS) and go to wherever the file tells it to - in this case, requests for google and a few other sites are being sent to a malware site or Chinese Google. For me, this was absolutely the case. For those not familiar with this it is perfectly safe and easy to repair: Go to C:/Windows/system32/drivers/etc/hosts Open this in notepad (ignoring system messages telling you that you ought not to play with these files) and delete everything. Then to return to the windows original add this single line and then save: 127.0.0.1 localhost If you don't trust my reply here check on the web for "windows host file" example and you should find that's OK! If you see another version of this with lots of text in it don't worry that the descriptive text above the line above isn't there; windows will ignore that since it was for your benefit only. Or add it in, it really doesn't matter. Note: If you are using a PC which has IIS or Apache or some other reason to have a special hosts file then you may need to reconstruct your host file a little more carefully but then if you are doing that, refer to the documentation for that! That should return you back to normal. I'll post again if I still have problems.

same as sarah.. I've downloaded winrar from some website... and I got the same virus... could you please email me if you find out how to delete this spyware .. porkskater@hotmail.com... thanks

i have the same problem and i got following solution from a forum in afterdawn.com I haven't tried it yet has any one any views on it or are they aware of seeing this solution on any other sites

Here are the instructions: Go to C:Windowssystem32driversetc, and find a file called hosts. Open this file in notepad, and delete everything under "127.0.0.1 localhost". Save this file, and restart your computer.