Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Systemerrorfixer...//adnetserver.com/...

  • Please log in to reply
No replies to this topic

#1 bummed_in_southGA


  • Members
  • 19 posts
  • Gender:Male
  • Local time:03:26 PM

Posted 21 April 2008 - 07:35 AM

I'm infected with this thing, I believe called: "SystemErrorFixer"

Red desktop background with "YOUR PRIVACY IS IN DANGER!"

One "feature" of the infection is that it won't let me Ctrl-Alt-Delete. Says "Task manager has been disabled by your administrator"

Clicking on the background sends me off to a page trying to download software called "SystemErrorFixer".

Right clicking->Properties on the red desktop background shows


When left click on red screen, firefox starts up to an address shown by selecting "View Page Info" on that page...


Viewing the source of the web page shows:


var main_url = "http://adfarm.mediaplex.com";
var type = "";
var dest_place = "";
var new_querys = "";

now = new Date();
offset = now.getTimezoneOffset()/60;
z = -(offset);

mpt = new Date();
mpts = mpt.getTimezoneOffset() + mpt.getTime();

var vars = window.location.search.substring(1).split("&");
for (var i=0;i<vars.length;i++) {
var pair = vars[i].split("=");
if (pair[0] == "dest") {
var parce = pair[1].split("-");
type = parce[0];
dest_place = parce[1];
for (var j=2;j<parce.length;j++) {
dest_place += "-"+ parce[j];
new_querys += "&" + vars[i];

if (dest_place){

Edited by Orange Blossom, 21 April 2008 - 09:53 PM.
Deactivate hot-link. Move to more appropriate forum. ~ OB

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users