PDA

View Full Version : "Critical System Error!" Popup



RichS
2006-10-12, 07:57
This is my first posting here. I'm not sure what information I need to give in order that I can receive suggestions from the experts. But here goes...

Yesterday I appeared to have been infected with a form of the Zlob trojan. I have a icon in my system tray that alternates between a yellow question mark and a blue circle with a yellow X in it. Every minute or so this generates a popup that claims I have a "Critical System Error!" and that virus activities have been detected and that I should click on the icon and get software to remove the malware.

S&D identified two problems: Vcocec.Intcodec and PestTrap. AdAware found something called Win32.Trojandownloader.Zlob. Both programs claimed to fix these problems, but the popups continued and re-running S&D and AdAware repeatedly found the same problems.

I booted to safe mode and ran S&D and AdAware repeatedly. The problems were indeed fixed in safe mode but returned as soon as I booted normally.

I found references to "SoftCodec" and removed the program files. After backing up the registry I removed all references to the SoftCodec executables in the registry- about 9 keys.

A strange thing I noticed in the Add/Remove program listing for SoftCodec 9.0 was that it said I needed to reboot my computer BEFORE removal. I did not do this.

Well, at this point, I seem to just have this Critical Error popup but I don't know how to get rid of it.

Can anyone point me in the right direction?

TIA, Rich

RichS
2006-10-13, 07:23
I should really be cautious about this, but it looks like it is gone. Another day or two will tell....

What I did is DL a copy of HijackThis and run it. I looked at the printout and tried to identify the processes that were running. I used a program called WinTasks because it translates into english what a lot of processes are and who they belong to.

I came across a process that I could not identify and went to C:\Windows\System32 (it's location) and right clicked and looked at properties. Turned out that it was something for my Epson printer. No problem.

Then it occurred to me to see if there were any other files in this directory that were created near the time that I got clobbered. Sure enough, there were two. One turned out to be innocent (I googled it) and the other was BAD NEWS.

It was dpfwu.dll. When I googled this filename, I came across a forum (I think in Germany) that when translated appeared to have the exact same symptoms as me. The solution was to get a copy of SmitFraudFix and use it to scan and clean.

I did, and my problem seems to be gone.

This was a tough problem for me. I'm posting all this so that maybe someone else can benefit from my experience.

If I'm wrong and the malware is still with me, I'll be back.

pskelley
2006-10-14, 14:17
Welcome to the forum, please be advised that most forums Pin the information you need at the top of the page. These two links are a must before you can proceed, but I suggest you review all Pinned (Sticky) information.
http://forums.spybot.info/showthread.php?t=425
http://forums.spybot.info/showthread.php?t=288

I will also add that these are the instructions for removing Smitfraud:
http://forums.spybot.info/showthread.php?t=4015

It is rare that Smitfraud is the only infection and you may well have removed all problems, but if you wish us to take a look to make sure you are clean, you need to review the information in the first two links and post the logs required.

If there is no response in a few days...tashi:) will close the topic.

Thanks...pskelley
Safer Networking Forums

tashi
2006-10-18, 19:45
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.