Solved

How to stop bogus "Critical System Error!"

Posted on 2006-07-02
17
42,632 Views
Last Modified: 2012-05-05
Hi!
Since I downloaded (later removed) freeware online, I begn to get a bogus "critical system error!", saying
"Please read this message carefully. Your PC is infected with spyware. . . Click 'OK' to get software and special offers on
antivirus software. Once I clicked 'OK', I am directed to a website (http://www.pesttrap.com/?advid=177).

The "critical system error" pops up constantly and frequently, which is very annoying to me.

I will truly appreciate if you may kindly show me how to stop it.

Thanks a lot!

duta

0
Comment
Question by:duta
  • 5
  • 3
  • 3
  • +2
17 Comments
 
LVL 27

Assisted Solution

by:Dabas
Dabas earned 200 total points
Comment Utility
Try http:\\www.hijackthis.de

ON the website there is a link to download Hijacthis.exe

Run it and paste the contents of the log on the above website.

Follow the recommendations

Dabas
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 150 total points
Comment Utility
Greetings, duta !

When you downloaded the freeware, you downloaded the ad for installing the mailware remover, which in itself becomes mailware.

Download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.

Best wishes!
0
 
LVL 30

Accepted Solution

by:
callrs earned 150 total points
Comment Utility
The Hijack This site advises you to NOT to run their tool until you run an anti-malware program.
So try these steps first. If you want you can try the ***marked one first.
- Antivirus with updated defs (use free AVG from www.grisoft.com if you don't have antivirus)
- Anti-Spyware etc.: http://www.lavasoft.de/software/adaware/  http://forums.majorgeeks.com/showthread.php?t=35407  
- *** http://windowsxp.mvps.org/IEFIX.htm     IEFix - General purpose fix for Internet Explorer for Windows 98/ME/2000/XP
- http://noahdfear.geekstogo.com/         Dave's World - Desktop Hijackers - Trojan-Spy.HTML.Smitfraud.c malware
0
 
LVL 5

Expert Comment

by:CyberneticsConnoisseur
Comment Utility
Duta,
you have residues of possible malware/spyware on your system. As suggested by others here, Hijackthis is a good tool to identify infections in IE like unwanted BHO etc, registry errors and general system setting changes. http://www.hijackthis.de will help you download the tool, post the log online and check against their automatic recommendations how to correct. Remove all "nasties" reported online. Once cleaned through hijackthis, I also recommend using a spyware removal tool like spyware doctor or ad-aware and running a full scan of system. clean all reported problems through these tools. The registered versions of both these tools provide an active background protection against such spyware attacks. get one for yourself, its worth the money.

Carpe Diem.
0
 
LVL 27

Expert Comment

by:Dabas
Comment Utility
Alternatively, you can try to restore your XP to a previous restore point.

I do recall that last week I had to deal with a computer with exactly the same symptoms as you describe, and there were two malware nasties that were defending each other (ending one of the processes just caused the other one to recreate it).

Restoring to a restore point  a week earlier took care of the problem

Dabas
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
>>Once cleaned through hijackthis, I also recommend using a spyware removal tool
You have it reversed...run anti-spy first, then Hijack This. Read what the web site says...
0
 
LVL 97

Expert Comment

by:war1
Comment Utility
callrs,

Different security experts have different ways of removing spyware.  Just because the website say to do it one way does not mean the other way does not work.  If a Security expert knows such mailware are not removed by an antispyware, then HijackThis goes first.
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
Who better to ask then the tool's authors? Besides, malware often disappears just through the anti-spy progs. Anti-virus Anit-spy FIRST is the ideal way to go about removing malware, and this is not just me talking, but higher experts as well. And even direct from the greater experts who made the tool:

"You should have scanned your machine with anti-spyware, virus and trojan tools before using Hijack This. We have written a tutorial that helps remove
most known spyware, trojans or viruses, so please, take a minute to read the Basic Spyware, Trojan And Virus Removal tutorial."   (ref: www.majorgeeks.com/download3155.html)

>>such mailware
We do not know which. And if there's one, there may be more. So run the anti-vir anti-spy first, then we have less to analyze & worry about.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 97

Expert Comment

by:war1
Comment Utility
callrs,

That HijackThis author has to post general fixes, not specific fixes.  There is no problem for you to search the internet and post a stardard fix.  There is no problem for another expert to use a different way to fix the problem.

Duta,

You like have a variant of SmitFraud infection.  So SmtFradFix will remove the problem for you.
http://www.geekstogo.com/forum/index.php?showtopic=109268
OR
http://siri.geekstogo.com/SmitfraudFix.zip  
0
 
LVL 5

Expert Comment

by:CyberneticsConnoisseur
Comment Utility
callrs,
I would agree with war1 here. I believe you need to read through the page you have provided yourself again. FYI, the first line of that same page says :

EditorsNote: Hijack This is for advanced users.
This is the reason why he recommends that "You should have scanned your machine with anti-spyware, virus and trojan tools before using Hijack This"

second thing for you to know is that the author of the tool is Merijn.
His own site is http://www.merijn.org/
mirrors of this site are :
http://www.spywareinfo.com/~merijn/
http://merijn.richardthelionhearted.com/
http://216.180.233.162/~merijn/index.html

Nowhere does he say that there are any pre-requisites before using this tool. That answers your point, "Who better to ask then the tool's authors?"

majorgeek.com or hijackthis.de are just sites that help you get the tool.

Lastly, if you are an expert in the registry, you do not need any anti-spyware tool for removing any spyware. these tools are designed for novice users who do not know what and where to change in the registry to correct things. these tools just automate the process.
Yes, I agree that it is adviced that we use these tools first, coz its the safest bet when the expertise of the end-user is unknown. You can recommend direct registry edits only to a person with advanced level expertise in system trouble-shooting.

Anyways, we are all here to help each other. Sharing your knowledge is always the best way to learn new things.

End objective here is that duta's problem gets resolved.

Carpe Diem.
0
 
LVL 5

Expert Comment

by:CyberneticsConnoisseur
Comment Utility
duta,

"SmitRem" is a tool created by an MVP (Microsoft Most Valuable Professional) to remove the Trojan-Spy.HTML.Smitfraud.c malware infection and it’s variants, AntivirusGold, PSGuard Spyware Remover, SpySheriff, Spy Trooper, SpyAxe, Security Toolbar, WinHound and SpywareStrike. Its very good and effective.

Its currently at version 2.9 and can be downloaded here :

http://noahdfear.geekstogo.com/

Hope this works for you!
Do let me know the results or if you need further assistance...

Carpe Diem!
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
>>There is no problem for another expert to use a different way
Actually, there is a problem when a certain way can work faster and/or better and/or with greater results...Good service comes from analysis toward the best methods, even if it means shattering our ingrained beliefs.


Hmm. Initially you say to do HijachThis first.

Now in a turn around you seem to have agreed with the makers of HT....to the point of recommending one of the same tools I've already advised on.

Well at least  you've agreed in practice    :)

0
 

Author Comment

by:duta
Comment Utility
TO: all:

Thank you so much for your very kind, prompt response.

I downloaded and tried hijcthis.exe. It detected several unnecessary files, which I removed.

Before that, I ran Acronis True Image to restore image.

I would like to accept the first three tips to my question as acceptable tip, if you do not mind.

Thanks again!

duta
July 2, 2006
0
 

Author Comment

by:duta
Comment Utility
TO: all:

I intended to accept Dabas' as accepted answer because he/she responded ahead of others. But for some reason, it was chosen (against my will) as assisted answer. I clicked split points and checked Dabas first, then war1 and callrs. I guess that the person who was checked last became the provider of accepted answer (am I right?).

Hope that Dabas may kindly understand.

Thanks all!

duta
0
 
LVL 27

Expert Comment

by:Dabas
Comment Utility
duta:

No worries!
Anyhow I only beat war1 by a few seconds, and maybe their answers were a little better than mine

Dabas
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
Duta. Do you have anti-virus (e.g. AVG) & anti-malware (e.g. Ewido or Adaware) running? That can prevent future problems...
Look on Google for these.
0
 

Author Comment

by:duta
Comment Utility
TO: callrs:

Thank you so much for your kind advice.

Yes, I am running Symantec anti-virus, and I make sure to update virus definition to the most current and to run virus-scan daily.  On malware, I use ad-aware.

Thanks again!

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now