Critical Error! Some dangerous virus detected in your system Windows Vista

Status
Not open for further replies.
C

catchanthony

Posts: 8   +0
Hello Friends,

My systems seems to be infected with a virus, and I am hoping someone could help me here.

On launching Internet Explorer, I get the below error:

---------------------------
Critical Error!
---------------------------
Attention, admin! Some dangerous viruses detected in your system. Windows Vista (TM) Home Premium files corrupted.
This may lead to the destruction of important files in C:\Windows. Download protection software now!

Click OK to download the antispyware. (Recommended)
---------------------------
Yes No
---------------------------

This message itself indicates that this is perhaps a virus which is prompting me this message and then try to redirect me to the below site:

free-viruscan . com

Some steps I have taken are:

1. Tried performing an online scan with Trend Micro, Bit Defender etc.. but all scan seems to fail, as I am unable to launch them.

2. Tried disabling the BHO.ext2 add on in internet explorer which seems to stop those popups. But as soon as I enable them it starts prompting with the above message/redirecting. It looks like the virus is related to the BHO.ext2, but I am not sure.

3. Run Hijack this and I have attached the logs.

Please could someone advise how can I get rid of this virus.
I have a McAfee scanner installed.

Thanks for any assistance you can offer.

Regards,
 

Attachments

  • hijackthis.log
    12.5 KB · Views: 31
Your log is very large with many IE addons.
Please do the following first, to remove all this not required stuff.

How to use Reset Internet Explorer Settings (RIES

To use RIES in Internet Explorer 7, follow these steps:

1. Click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

Then run Startup Control Panel and turn off any not required startups
Then download CCleaner, and remove all the other temporary files
Restart
Then run MalwareBytes updated scan
Remove anything found!

Restart
Then post a new HiJackThis log
Doing this will help you (and us) to read your log a lot easier
 
Thanks Kimsland,

I tried something further till I saw this reply.

I installed Norton Security Scan and the infection was detected:

Infection:
c:\windows\system32\bhoextn.dll
Browser Cache
Registry:
HKEY_CLASSES_ROOT\CLSID\{FBE58CC0-D14B-45FE-A717-57BB8247F652}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBE58CC0-D14B-45FE-A717-57BB8247F652}

The offending file was marked for deletion on reboot.

Malwarebytes detected this as well.

Additionally I reset IE settings and have re-run Hijack this. I have attached the latest logs. Please could you advise if all looks ok in it.

THanks again for your response.

Cheers,
 

Attachments

  • hijackthis1.log
    11.1 KB · Views: 17
Is the "critical error" message now gone?

I am not an expert at reading the HJT log, so do not wish to respond, except by saying I do not see anything critical in there
 
This line looks bad to me

O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - C:\Windows\system32\bhoextn.dll

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-------------------------------------

ComboFix

  • Download ComboFix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

post a fresh hijackthis log after running both tools make sure to delete everything MBAM finds
 
Thanks Kimsland and Daniel.

Daniel, the bhoextn.dll doesnt appear in the latest logs that I had attached.
But you are correct that was the offending file that created problems.

Thanks very much for all the help. The Critical Error messages no longer appear. I believe my system is all clean now after Norton/Malwarebytes have removed this file.

JUst in case anyone else encounters the similar issues, follow all the steps in the whole thread - all good.

Cheers,
 
Hi Guys

I'm just a new member who has also encountered the same virus.

I had run Avast 4.8 home edition, and on updating of the version and running the scan on my computer, it detected the trojans and worms that were on it.

I'm a bit of a novice when it comes to all these file name and so forth, so I just deleted each trojan etc that it detected.

Now that critical error msg does not come up anymore, but what I want to know is how can I be certain that the virus has been eradicated from my system? Is there any other checks I can do other than running Avast again?

Any info would be greatly appreciated
 
Hi,

Download Hijack this

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

In the log, check if you see any bhoextn.dll references.
If you see it, you might need to delete this file. This worked for me atleast.

Additionally if you really want to be sure, you can try other antivirus online scans like in BitDefender or Trend Micro etc...

I additionally installed norton free version (from pack.google.com) which did a good scan and cleaned the virus.


Run Hijack this and paste the log in this forum for analysis by some experts.

Cheers.
 
catchanthony,

Your Java is out of date - malware like to exploit this

jav.png
Update your Java Runtime Environment

  • First try going to Start -> Control Panel -> double click Java
  • Select the Update Tab at the top of the Java console
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
  • After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
  • Uninstall any older versions of Java
 
I'm having the same problem

I downloaded the Hijackthis and will include the logfile at the end. Can someone help me fix this Critical Error virus.
 
I would encourage each of you to start your own thread here in the security and the web section and attach the logs from the scan that you ran
 
Even i have the SAME problem... but from the day I've been affected by it, I'm very cautious to run ANY exe file. So someone please confirm me that this HJT Install is not a virus or something of the kind... I really am fed up with what its doing because every time i open a folder or browse through the folders i get the alert!!!

Well on reading other's comments I've decided to run it, and yeah done it too... Here's my log file... i can't understand what to do on seeing it... can anyone please help!... Any help would be appreciated! Im a newbie in this stuff and Is this really dangerous to be affected by such viruses???
 
RE:

hi there. I recently had this problem. To fix it just delete the dll "cfov32i.dll" found by C:\WINDOWS\system32\cfov32i.dll as this is the virus.

my troubles are over!
 
figured this thread would be closed by now forcing people to make their own threads - which should be done anyways as you don't know what all is on your system - why not have it checked over
 
Thank you very much for your help!
I had the same problem, and following your advices with the help of Malwarebytes I managed to get rid of it. :)
 
Thank you very much Kimsland! I had the same problem like catchanthony. Before finding this site I have downloaded a really big number of anti-spywares and antivirus programs... with no result Thank god I found you! Now, after I followed all the steps you advise, everything is ok.
Thank you one thousand times!
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
544
Mark Fuller
M
Cal Jeffrey
Your outdated version of Windows Media Player 6 will still work after the Y2K38 bug ends...
Replies
6
Views
153
dangh
dangh
A
Another critical, EternalBlue-like vulnerability threatens Windows machines worldwide
Replies
20
Views
840
Rq3EWAq
R

Latest posts

Back