Thread Rating:
  • 1 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New Virus/Trojen Throwing up Fake Blue Screens
#1
I have recently had a virus come through my shop that had a virus that did something similar to what the ransomware viruses do except it throws up a fake blue screen (pictured below) giving you a Microsoft Tech Support number to call. There where many other infections on the computer but after I got past the fake blue screen the computer had only local network connectivity, broken IE, broken Windows Update, constant dll errors, broken safe mode and Admin Permissions where corrupted. Also during the cleanup Windows lost it's activation and upon trying to reactivate the error "Unable to Activate".

In the end I was able to salvage the operating system and give the computer back running virus free and fully functional however I wanted to make users aware and look closely at blue screens when you get them. For a technician this was easy to spot however for the average user they might me inclined to call that fake number.
I would like to give credit to Britec for sharing his knowledge of malware/virus removal and Windows repair. He has provided a stepping stone in gaining the knowledge I needed to get through tough infections such as this Cool

[Image: 0923151119.jpg]
Tim's Computer Repair (TCR) 
1503 Kings Way, Savannah, GA 31406, US
912-220-0765
https://www.TimsComputerFix.net 

Reply

#2
Thanks for sharing. Just when you think you've seen it all, they invent new ways of trying to fool users.
Remember! You should exercise complete CTRL and you ALT to think carefully before you DELete stuff willy nilly.
Reply

#3
A problem has been detected and windows has been shut down to prevent damage to your computer.


If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps: 

Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any bios updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

For technical support to this problem, call Windows helpline: +1-888-991-9974.

Technical Information:

*** STOP: 0x0000001E (0xFFFFFFFFC00000094,0xFFFFFF8000C074D1E,0x000000000,0xFFFFFFFFFFD)
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#4
Its easy to remove.
  • Press Ctrl+Alt+Delete all together 
  • Select Start Task Manager 
  • Now select Show Processes For All Users 
  • You may have to use TAB key to navigate, because mouse is disabled by virus.  
  • Now look for a process that is running. In my case it was windows.exe running. I had two windows.exe files one was using 100% CPU
  • Now click End Process for windows.exe. (keep a eye on the path for that file and delete it after you end process)
  • The fake BSOD should now disappear. 
  • Run scans with Malwarebytes and HitmanPro to see if any other malware is detected.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.