Spyware, Viruses, & Security forum

General discussion

Error! Your system is infected with dangerous Virus!

by oscar2219 / April 17, 2008 1:05 PM PDT

Please help, I keep getting pop-ups stating "Error! Your system is infected with dangerous Virus!" Then requesting to click the pop up to download a virus removal tool. I wasn't foolish enough to click on it, but it continues to pop up. On top of this, I now noticed that when I search something on Google, another error message, along with an adult photo appear in the results section.

How can I get rid of this, I've tried everything.

Here are my HijackThis Results...

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:13 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PENTAX\DSmobile600\DSmobileSCAN.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PCTools - {F9C6EC65-2988-4896-976F-6EA66FAD9844} - C:\WINDOWS\kodo99n.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Xerox_WorkCenter_C2424] C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Startup: DSmobileSCAN.lnk = C:\Program Files\PENTAX\DSmobile600\DSmobileSCAN.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} (BravaClientXView Class) - https://brava.expesite.com/IGC/BravaClientX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} (BravaClientXView 5.3 Class) - https://brava.expesite.com/IGC/BravaClientX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.expesite.com/common/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C12A4AB0-34A5-4E20-8CE9-6F4B00D6EDC5}: NameServer =
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: WLANKEEPER - Intel

Discussion is locked
You are posting a reply to: Error! Your system is infected with dangerous Virus!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Error! Your system is infected with dangerous Virus!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sorry but directly above where you
by roddy32 / April 17, 2008 1:25 PM PDT
Collapse -
Is your computer set to get network messages?
by R. Proffitt Forum moderator / April 17, 2008 10:09 PM PDT

A common scam is to use NET MESSENGER to send such. The machine is not infected but it upsets many. Also since you have NORTON you'll also want to look for spyware (Norton is weak on that.) Try http://www.ewido.net/en/onlinescan/

Collapse -
Hi, oscar2219
by Bugbatter / April 18, 2008 12:10 AM PDT

You are infected with IEDefender/Trojan:Win32/Delflob.I
Please follow Roddy's instructions to post your HJT log at one of the forums that handles them.

Collapse -
Solution to your problem
by kimk69 / April 20, 2008 7:49 AM PDT

I too had the same problem that just started about three days ago. I downloaded and tried Avast!, CCleaner, Spyware Doctor, and Windows Defender. I even ran free scans from McAfee. My system has been running Symantec, which did not find this virus either.

What DID work was going to Microsoft's (if you are running Windows, do this) Live OneCare Safety Scanner. You can run the scan free from the web and then download it for a free 90 day trial if you'd like. It did determine that I had the Trojan Win32/Delflob.I in my system and when I continued the program, it said it deleted it. As I clicked to continue to download the 90 day trial, I still received a couple of pop-ups. So, I rebooted my computer. I crossed my fingers, said a prayer, and when it came back up - NO MORE ANNOYING POP UPS WITH THIS MESSAGE!!!

go to http://onecare.live.com - you'll be glad you did

Collapse -
Super Anti Spyware
by kevinjackie / April 21, 2008 8:52 AM PDT

I too have come across this problem a number of times as a tech. I too tried all the other programs then I found this one and it worked so easy and its free. Click on the link you won't be dissapointed.

Collapse -
not impressed
by skinman2000 / May 20, 2008 10:32 AM PDT

i suppose this would be a great solution if you don't mind uninstalling nortorn av first.

Collapse -
Error! System infected.
by randarac / April 21, 2008 9:13 AM PDT

1. Download the "PANDA"AV, TRIAL VERSION.
2. Create a CD for a "CLEAN CHECK OF YOUR PC".
3. The CD is AUTORUN.
4. Get into the Bios setup and make your PC start via CD unit.
5. The CD start and it will check your System.

Good Luck.

PD. I eliminated a spyware *phising" in my PC. It work.

Collapse -
Windows Live One care safety scanner
by amypr77 / April 21, 2008 10:08 AM PDT

I too had this exact problem and in researching a fix, I came across your post and I followed the Kim69 post about Live OneCare Safety scanner...ran the free scan, it deleted something and now no more pop ups and no more adult pictures on google...
try it if you haven't already...we tried a bunch of other stuff before this...thank goodness it has worked so far Happy

Collapse -
by hogndog / April 21, 2008 5:02 PM PDT

To uninstall once downloaded, you might want to try this its free
and you don't have to download the entire suite. Its Kaspersky and
they are as close to the best you can get, or the Super Anti-Spy Ware
is excellent as well. Here is that link...


Collapse -
by drunna21 / April 21, 2008 5:36 PM PDT

Hello,have you try spyware docter,by me it work

Collapse -
Error! Your system is infected with dangerous Virus!
by Luigi Blaaser / April 21, 2008 10:29 PM PDT
Collapse -
My system is infected with dangerous Virus!
by benkino20 / April 23, 2008 12:29 AM PDT

What to do if I can not even start my computer?
I install the new windows and I can not format my computer I meen to delete all components in my hard disk and start a neuw copy of windows.
Please help.
Kind regard

Collapse -
System Alert virus infection From a Fake Virus scanner
by ASF_Nutt / April 30, 2008 6:24 PM PDT

I'm not sure if you fixed your problem but I'm assuming there isn't one...The main problem is no matter what scanner you use, none of them work. Scanners remove only part of the Trojan and when you click to close the popup alert, it reinstalls itself.


Unzip to desktop and click it, it looks like a cheap Dos program but don't let that fool you. Good Luck

Collapse -
Fake and annoying System Error (Spyware)
by JLWarner687 / May 20, 2008 1:01 PM PDT

Message Stating- Your system is infected with a dangerous Virus!
Note: Strongly recommend to install antispyware program
to clean your system and avoid total crash of your

Click OK to download the AntiSpyware (Recommended)

Ok....I currently have this problem and it is driving me up the damn wall. At this moment I am downloading my trial of Windows Live OneCare.
If it doesn't work I don't know what I will do next. If anyone Else has this problem for the life of your computer dont fall for it, you will mess your computer up more by installing anything that it says. If anyone has had this problem and has fixed it please give me good ideas. Some people post links on here to site with programs that dont look trusted and could be more spyware. Im looking for somthing permanent, thorough, and FREE! I am currently running Windows XP Pro SP2, Avast AV Home, and windows firewall with the help of my modem's built in firewall on a lower setting. I use Firefox for my browser.

Thank you for any help, Josh

Collapse -
RE: Fake and annoying System Error (Spyware)
by kimk69 / May 20, 2008 10:06 PM PDT


I really did have this problem and I really did use Windows OneCare and it was really the only thing that worked for me. I haven't had a problem since using it. And, it didn't make me have to uninstall my McAfee or any other antivirus program I was using. I hope it works for you too. I am a Network Engineer and it was driving me nuts trying to figure it out (this happened on my home computer - I had to use my work computer to Google anything since the porn sites came up on mine).


Collapse -
RE: Fake and annoying System Error (Spyware)
by JLWarner687 / May 21, 2008 2:06 AM PDT

Thanks, I installed care one and it took away all of my problems. It did make me uninstall AVAST but its ok, ill just reinstall it when im done with care one. Thanks for the info, Josh

Collapse -
RE: Fake and annoying System Error (Spyware
by jurgw / August 3, 2008 1:54 AM PDT

Thanks Kim.....This drove me nuts as well. I tried unfortunately some other fixes that messed things up in other areas and did NOT fix the problem. I finally came to this site. The OneCare download did fix this annoying pop up and some other areas as well. It uninstalled my Norton Internet Security (that let this through in the first place) with its own uninstall tool and than installed itself and fixed the problem on its first run.

As much I did not want to deal with Microsoft, I have to give them some credit for this and thank you to make me aware about it!

What a relieve to be finally rid of this pop up.


Collapse -
My little way of fixing
by Meatball.[oni] / May 27, 2008 7:52 AM PDT

As a tech, I have lost count of the number of times I have seen this message. As such, I have had the chance to "refine" my own way of removing the nuisance.

1. Run SmitfraudFix. Somebody on here already posted the link.
2. Run MSCONFIG and disable any processes and startup options that shouldn't be there. If you aren't sure, google the file in question. more often than not, there's a detailed explanation on what the file is and what it does.

This method works for me 19 times in 20 (The other 1 time I am just to tired and compensate by throwing the computer across the room - just kidding)

My 2 cents!

Collapse -
System Alert Virus Infection from a fake virus scanner
by rmmreddy / May 25, 2008 8:44 PM PDT

The link that you provided did help me out to fix my laptop!
Those who want to use it here again:

1.Download on to your desk top.
2.Unzip to a temp folder.
3. Click on Smitfraudfix.exe which opens a dos window.
4. option 1 provides the scan list and you may go thru the report to identify the problem
5.Once you understood the problem,then go for the option 2
6.Verify the log that provided after it is corrected.
7.Restart your computer to make sure that the IE browser issue resolved.

Unzip to desktop and click it, it looks like a cheap Dos program but don't let that fool you. Good Luck

Collapse -
me too :(
by satish_997 / May 21, 2008 2:30 AM PDT

This seems like almost exactly what a friend of mine has. His virus though even managed to change his desktop background to red with a symbol in the middle and the words Your system is infected with a dangerous Virus or something like that in addition to the 4 or 5 pop-ups as well. I've tried downloading Avast and that picked up a lot of stuff, but the majority of problems, the background and pop-ups, are still there. Hopefully, with trying the Microsoft download others suggested, we can get rid of it. After that though, I think he might just go out and get a new box.

Collapse -
by JLWarner687 / May 21, 2008 2:43 AM PDT
In reply to: me too :(

I had that one about a moth ago changed my background, my icons, and i had a million envelopes popping up everywhere and the computer would totally freeze and i couldn't do a damn thing. I had to reinstall windows and loose everything, hate when that happens. Good Luck, Josh

Collapse -
What do I do?
by elena437 / June 20, 2008 3:24 AM PDT
In reply to: OMG

I have the same problem and I do not know what to do. Does the microsoft thing really work? Because the virus has changed my background to some red thing with a symbol in the middle and the words your privacy is at risk or something under it and every now and then a pop up comes up saying you computer has a dangerous virus! Click here for a free scan etc. Does that onecare live thing work?

Collapse -
what do i do cont
by elena437 / June 20, 2008 3:29 AM PDT
In reply to: What do I do?

Oh and also only the icons in the left of the start menu are there and the programs and log off buttons are all gone. I also can't open the run thing to start a command prompt and it won't let me go through a system restore.

Collapse -
See My Response In Your Other Post..
by Grif Thomas Forum moderator / June 20, 2008 4:19 AM PDT
In reply to: what do i do cont
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?