Page 1 of 1

Fake BSOD

Posted: Fri Aug 01, 2008 10:00 am
by unfaithfulsfan
Hi all, haven't had a chance to visit much in the last week or so. I think I'm having withdrawals. :shock: and here I was thinking it was all the pain meds :mrgreen:

Anyway, I've got a nasty virus infection on a customer's computer which includes Windows Antivirus 2008 and something new, to me at least, Fake BSODs. Everything from BAD_POOL_ERROR to BOGUS_DRIVER to PANIC_SWITCH.

I read on MS forums that SmitRem will take care of Windows AV (I'm still working my way towards that) but I don't know if that will solve the blue screen problems. Anyone else encountered this ?

Thanks!
Jack

Re: Fake BSOD

Posted: Fri Aug 01, 2008 10:10 am
by martini161
if the virus has already managed to get that deep into the system you will probably have to do a total reinstall

Re: Fake BSOD

Posted: Fri Aug 01, 2008 10:51 am
by duplo83
The best luck I've had against really tough virus' is to find where they're located on the hard drive and manually change their file type, it renders them completely useless and will enable you to delete them. The tricky part is usually tracking them down. Once I find them I rename them to something like .jpeg or .mp3 from their .dll or.exe form and it completely breaks them. I haven't yet encountered a virus that is impervious to this, it has always worked for me.

Good Luck!! [-o<

Re: Fake BSOD

Posted: Fri Aug 01, 2008 12:49 pm
by unfaithfulsfan
Well, it seems I got it fixed (I think [-o< )

The BSOD turned out to be a bogus screensaver with a script to restart the computer after a certain amount of time. :shock: Pretty inventive, I think. You could just hit "esc" to cancel the script and return to Windows. (Found that out by accident) #-o

Anyway, here's how I fixed it:
First I ran Dr Web CureIt in safe mode which found a couple of hundred items
Then I ran it in normal mode and it found a dozen or so more
Then I ran SuperAntiSpyware in Safe then normal modes and found yet another 300 registry items including the .vbs script pointers
Then I ran Spybot Search and Destroy and it found the BSOD files, a couple of more scripts and the Windows AntiVirus 2008 files

It's been idling for about 30 minutes with no problems so maybe I got everything. Still slow as constipated crap with 256 MB of RAM :vom: Customer is older guy on oxygen so upgrades aren't his big priority. Now keeping his grandkids off the computer is more important :mrgreen:

Thanks!
Jack

Re: Fake BSOD

Posted: Fri Aug 01, 2008 12:51 pm
by unfaithfulsfan
oops, forgot one step. Ran SmitRem in both normal and Safe modes before SuperAntiSpyware :oops:

Re: Fake BSOD

Posted: Fri Aug 01, 2008 1:00 pm
by DMB2000uk
I happen to like that BSOD screensaver :P

Are you sure it was actually restarting the PC and wasn't part of the screensaver? (as that is what it normally does :mrgreen: )

Dan

Re: Fake BSOD

Posted: Fri Aug 01, 2008 1:23 pm
by martini161
you have just opened up a whole new world of practical computer jokes to me :mrgreen: the possibilities are endless!

Re: Fake BSOD

Posted: Fri Aug 01, 2008 2:49 pm
by vbironchef
That is good news. Maybe run CC Cleaner to make it run a little faster. I use PC pitstop to optimize my internet connection. I am going to save your thread because I never heard of the programs that you ran. Thanks!

Re: Fake BSOD

Posted: Fri Aug 01, 2008 9:06 pm
by XstollieX
martini161 wrote:you have just opened up a whole new world of practical computer jokes to me :mrgreen: the possibilities are endless!
I like that idea where can I get those. I've got some freinds :nut kick: that i want to give it too

Re: Fake BSOD

Posted: Sat Aug 02, 2008 12:59 pm
by bigblockmatt
interesting you bring this up. my dad decided to open an email and download some program that he thought was from UPS. it first installed antivirus xp08 or something like that, then proceeded to do the BSOD and restart thing. at first i was like thought he royally messed something up. but after watching it for a minuted something didnt seem right so i just started to hit some buttons and i hit control and it went away. it made sense it was fake cause it would only come up when you let it sit idle... i found this site http://forums.techguy.org/malware-remov ... win32.html and followed the directions and it cleaned it up.

ps. the best part is my dad did it at home and work (he is a mortgage broker so his work computer is his own, no tech support - well i guess i am his tech support, lucky me). so now that i fixed his laptop, i get to do the same with his work desktop...