PDA

View Full Version : Manual Removal Guide for Interlaced



Friday
2008-11-28, 18:41
The following instructions have been created to help you to get rid of "Interlaced" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).

Threat Details:

Categories:
malware

Description:
Interlaced I does what it is supposed to do, see above.
Interlaced II does what it is supposed to do, files that are to be bound can also be set to executed hidden.
Interlaced II does not do harm to the user itself, but it was obviously created to do harm to other users' computers.

These tools are intended to be used as Trojan makers.
Supposed Functionality:
Interlaced I:
This a file binder; it can combine 2 files, which will then be packed into one executable. once executed both files will be executed and stored in the Windows folder under file names like TEMP$ab.suffix or TEMP#cd.suffix, with abcd being numbers from 0 to 9

Interlaced II:
This is also a file binder; it can combine multiple files , e.g. executables, media and other files into one executable. Once the new file is executed all files in it are executed in the way defined during binding.
Icons can also be changed.
Privacy Statement:
No privacy statement, but the author suggests usage for binding multiple trojans into one file.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

A file with an unknown location named "Interlaced II v1.00.zip".
A file with an unknown location named "stub.dll".
A file with an unknown location named "icons.dll".
A file with an unknown location named "stublite.dll".
A file with an unknown location named "Editor.exe".
A file with an unknown location named "Interlaced.exe".
A file with an unknown location named "STUB.exe".
Make sure you set your file manager to display hidden and system files. If Interlaced uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.