Possible sysvxd.exe virus


We have client that is getting an error when clicking through a link in Google, the web launches a seperate page
'16 Bit MS DOS Subsystem'

Anyone seen this error before? I am gussing that it is some form of virus?

Who is Participating?
Vishnu KiranConnect With a Mentor Principal Support EngineerCommented:
Hi YellowbusTeam,

The error as you mentioned '16 Bit MS DOS Subsystem' 'C:\WINDOWS\Sysvxd.exe' while opening a link in Google is this seen only for a specific link.

Confirm if user is able to open any other link from google or any link.

If the error is for any link then possible some kind of antispyware ...I would suggest you download and run the HijackThis tool from TrendMicro I have given the link below:


Let me know the update.



thebradnetworkConnect With a Mentor Commented:
That is one of those bogus website that tells you that you have a problem and that you need to buy something to remove it. I would recommend a few things. One stop using internet Explorer and use Mozilla Firefox or something similar to that. When people write spyware exploits they write it for the most commonly used thing and that is...INTERNET EXPLORER!!! So by using an alternative browser you cut out a lot of that stuff. Two make sure windows is up to date. Three run an anti virus program such as AVG ( www.grisoft.com ) or Avira ( www.avira.com ). Four go and download and run something like Spybot Search and Destory ( www.spybot.com ) or go and google trendmicro housecall and run it. Five go check out OpenDNS ( www.opendns.com ). Its a free service and it filters your internet.  Its free and my experience is that there DNS is faster than my ISP.  I would highly recommend it and read into it...its a great service and its FREE!
YellowbusTeamAuthor Commented:
Hi Surfer24,

Attached is the report our client obtained from the trend micro program you sent us the link to. It has found quite alot of entries, is this now something we need to go through and clear up.

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

YellowbusTeamAuthor Commented:
Hi thebrandednetwork,

The client is currently running NOD32 antivirus business addition, but has no spywear software at present.
What the next step to take if these pieses of software didint find anythig, would it be case of searching through the system to find irregular files.
I would run spybot search and destroy ( www.spybot.com ) and/or tendmicro housecall. If you are in a business environment I would strongly recommend looking into openDNS. Its a free service and easy to setup and any type of junk you may be getting it will keep it off. I will serve as an anti spyware server in a sense.
YellowbusTeamAuthor Commented:
Hi folks,
Does anyone no anything about the following files and whether these could be the culprits?

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInit
ialSetup1.0.1.1.cab -?????

She installed this but could get rid now:
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRend

As these are two we pulled out of the Trendmicro hijackthis tool.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.