We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Possible sysvxd.exe virus

YellowbusTeam
on
Medium Priority
3,896 Views
Last Modified: 2013-11-22
Hi,

We have client that is getting an error when clicking through a link in Google, the web launches a seperate page
'16 Bit MS DOS Subsystem'
'C:\WINDOWS\Sysvxd.exe'

Anyone seen this error before? I am gussing that it is some form of virus?

sysvxd.exe-error.doc
Comment
Watch Question

Principal Support Engineer
CERTIFIED EXPERT
Commented:
Hi YellowbusTeam,


The error as you mentioned '16 Bit MS DOS Subsystem' 'C:\WINDOWS\Sysvxd.exe' while opening a link in Google is this seen only for a specific link.

Confirm if user is able to open any other link from google or any link.

If the error is for any link then possible some kind of antispyware ...I would suggest you download and run the HijackThis tool from TrendMicro I have given the link below:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Let me know the update.

Regards,

Vishnu.



 

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
That is one of those bogus website that tells you that you have a problem and that you need to buy something to remove it. I would recommend a few things. One stop using internet Explorer and use Mozilla Firefox or something similar to that. When people write spyware exploits they write it for the most commonly used thing and that is...INTERNET EXPLORER!!! So by using an alternative browser you cut out a lot of that stuff. Two make sure windows is up to date. Three run an anti virus program such as AVG ( www.grisoft.com ) or Avira ( www.avira.com ). Four go and download and run something like Spybot Search and Destory ( www.spybot.com ) or go and google trendmicro housecall and run it. Five go check out OpenDNS ( www.opendns.com ). Its a free service and it filters your internet.  Its free and my experience is that there DNS is faster than my ISP.  I would highly recommend it and read into it...its a great service and its FREE!

Author

Commented:
Hi Surfer24,

Attached is the report our client obtained from the trend micro program you sent us the link to. It has found quite alot of entries, is this now something we need to go through and clear up.

Ta
hijackthis.doc

Author

Commented:
Hi thebrandednetwork,

The client is currently running NOD32 antivirus business addition, but has no spywear software at present.
What the next step to take if these pieses of software didint find anythig, would it be case of searching through the system to find irregular files.
I would run spybot search and destroy ( www.spybot.com ) and/or tendmicro housecall. If you are in a business environment I would strongly recommend looking into openDNS. Its a free service and easy to setup and any type of junk you may be getting it will keep it off. I will serve as an anti spyware server in a sense.

Author

Commented:
Hi folks,
Does anyone no anything about the following files and whether these could be the culprits?

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInit
ialSetup1.0.1.1.cab -?????

She installed this but could get rid now:
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRend
er.ocx

As these are two we pulled out of the Trendmicro hijackthis tool.

Ta
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.