TechSpot

Critical Error! Some dangerous virus detected in your system Windows Vista

By catchanthony
Jul 27, 2008
  1. Hello Friends,

    My systems seems to be infected with a virus, and I am hoping someone could help me here.

    On launching Internet Explorer, I get the below error:

    ---------------------------
    Critical Error!
    ---------------------------
    Attention, admin! Some dangerous viruses detected in your system. Windows Vista (TM) Home Premium files corrupted.
    This may lead to the destruction of important files in C:\Windows. Download protection software now!

    Click OK to download the antispyware. (Recommended)
    ---------------------------
    Yes No
    ---------------------------

    This message itself indicates that this is perhaps a virus which is prompting me this message and then try to redirect me to the below site:

    free-viruscan . com

    Some steps I have taken are:

    1. Tried performing an online scan with Trend Micro, Bit Defender etc.. but all scan seems to fail, as I am unable to launch them.

    2. Tried disabling the BHO.ext2 add on in internet explorer which seems to stop those popups. But as soon as I enable them it starts prompting with the above message/redirecting. It looks like the virus is related to the BHO.ext2, but i am not sure.

    3. Run Hijack this and I have attached the logs.

    Please could someone advise how can I get rid of this virus.
    I have a McAfee scanner installed.

    Thanks for any assistance you can offer.

    Regards,
     

    Attached Files:

  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Your log is very large with many IE addons.
    Please do the following first, to remove all this not required stuff.

    How to use Reset Internet Explorer Settings (RIES)

    To use RIES in Internet Explorer 7, follow these steps:

    1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

    Then run Startup Control Panel and turn off any not required startups
    Then download CCleaner, and remove all the other temporary files
    Restart
    Then run MalwareBytes updated scan
    Remove anything found!

    Restart
    Then post a new HiJackThis log
    Doing this will help you (and us) to read your log a lot easier
     
  3. catchanthony

    catchanthony TS Rookie Topic Starter

    Thanks Kimsland,

    I tried something further till I saw this reply.

    I installed Norton Security Scan and the infection was detected:

    Infection:
    c:\windows\system32\bhoextn.dll
    Browser Cache
    Registry:
    HKEY_CLASSES_ROOT\CLSID\{FBE58CC0-D14B-45FE-A717-57BB8247F652}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBE58CC0-D14B-45FE-A717-57BB8247F652}

    The offending file was marked for deletion on reboot.

    Malwarebytes detected this as well.

    Additionally I reset IE settings and have re-run Hijack this. I have attached the latest logs. Please could you advise if all looks ok in it.

    THanks again for your response.

    Cheers,
     

    Attached Files:

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Is the "critical error" message now gone?

    I am not an expert at reading the HJT log, so do not wish to respond, except by saying I do not see anything critical in there
     
  5. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    This line looks bad to me

    O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - C:\Windows\system32\bhoextn.dll

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    -------------------------------------

    ComboFix

    • Download ComboFix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    post a fresh hijackthis log after running both tools make sure to delete everything MBAM finds
     
  6. catchanthony

    catchanthony TS Rookie Topic Starter

    Thanks Kimsland and Daniel.

    Daniel, the bhoextn.dll doesnt appear in the latest logs that I had attached.
    But you are correct that was the offending file that created problems.

    Thanks very much for all the help. The Critical Error messages no longer appear. I believe my system is all clean now after Norton/Malwarebytes have removed this file.

    JUst in case anyone else encounters the similar issues, follow all the steps in the whole thread - all good.

    Cheers,
     
  7. Comie23

    Comie23 TS Rookie

    Hi Guys

    I'm just a new member who has also encountered the same virus.

    I had run Avast 4.8 home edition, and on updating of the version and running the scan on my computer, it detected the trojans and worms that were on it.

    I'm a bit of a novice when it comes to all these file name and so forth, so I just deleted each trojan etc that it detected.

    Now that critical error msg does not come up anymore, but what I want to know is how can I be certain that the virus has been eradicated from my system? Is there any other checks I can do other than running Avast again?

    Any info would be greatly appreciated
     
  8. catchanthony

    catchanthony TS Rookie Topic Starter

    Hi,

    Download Hijack this

    http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

    In the log, check if you see any bhoextn.dll references.
    If you see it, you might need to delete this file. This worked for me atleast.

    Additionally if you really want to be sure, you can try other antivirus online scans like in BitDefender or Trend Micro etc...

    I additionally installed norton free version (from pack.google.com) which did a good scan and cleaned the virus.


    Run Hijack this and paste the log in this forum for analysis by some experts.

    Cheers.
     
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    catchanthony,

    Your Java is out of date - malware like to exploit this

    [​IMG]Update your Java Runtime Environment

    • First try going to Start -> Control Panel -> double click Java
    • Select the Update Tab at the top of the Java console
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
    • After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
    • Uninstall any older versions of Java
     
  10. kibwe76

    kibwe76 TS Rookie

    I'm having the same problem

    I downloaded the Hijackthis and will include the logfile at the end. Can someone help me fix this Critical Error virus.
     
  11. uzzi

    uzzi TS Rookie

    i did all the instructions and, it worked. my pc is malware free. thank you for helping us. =)
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I would encourage each of you to start your own thread here in the security and the web section and attach the logs from the scan that you ran
     
  13. ksgandharva

    ksgandharva TS Rookie

    Even i have the SAME problem... but from the day I've been affected by it, I'm very cautious to run ANY exe file. So someone please confirm me that this HJT Install is not a virus or something of the kind... I really am fed up with what its doing because every time i open a folder or browse through the folders i get the alert!!!

    Well on reading other's comments I've decided to run it, and yeah done it too... Here's my log file... i can't understand what to do on seeing it... can anyone please help!... Any help would be appreciated! Im a newbie in this stuff and Is this really dangerous to be affected by such viruses???
     
  14. munchu

    munchu TS Rookie

    Thanks guys the instsuctions were clear and got rid of the virus for me.
    Thanks again for the great help. :)
     
  15. hughesyNZ

    hughesyNZ TS Rookie

    RE:

    hi there. I recently had this problem. To fix it just delete the dll "cfov32i.dll" found by C:\WINDOWS\system32\cfov32i.dll as this is the virus.

    my troubles are over!
     
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Original user did not have this file
    Virus can rename itself to anything sometimes
     
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    figured this thread would be closed by now forcing people to make their own threads - which should be done anyways as you don't know what all is on your system - why not have it checked over
     
  18. spidersheep

    spidersheep TS Rookie

    Thank you very much for your help!
    I had the same problem, and following your advices with the help of Malwarebytes I managed to get rid of it. :)
     
  19. neliter

    neliter TS Rookie

    Thank you very much Kimsland! I had the same problem like catchanthony. Before finding this site I have downloaded a really big number of anti-spywares and antivirus programs... with no result Thank god I found you! Now, after I followed all the steps you advise, everything is ok.
    Thank you one thousand times!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...