Fake BSOD

This is the place to discuss the latest computer hardware issues and technology. Please keep the discussion ON TOPIC!
Post Reply
User avatar
unfaithfulsfan
Legit Extremist
Legit Extremist
Posts: 761
Joined: Fri Mar 28, 2008 6:52 pm
Location: Buffalo NY

Fake BSOD

Post by unfaithfulsfan »

Hi all, haven't had a chance to visit much in the last week or so. I think I'm having withdrawals. :shock: and here I was thinking it was all the pain meds :mrgreen:

Anyway, I've got a nasty virus infection on a customer's computer which includes Windows Antivirus 2008 and something new, to me at least, Fake BSODs. Everything from BAD_POOL_ERROR to BOGUS_DRIVER to PANIC_SWITCH.

I read on MS forums that SmitRem will take care of Windows AV (I'm still working my way towards that) but I don't know if that will solve the blue screen problems. Anyone else encountered this ?

Thanks!
Jack
"A payphone was ringing and it just about blew my mind,
when I picked it up & said 'Hello' this foot came through the line"
~Bob Dylan
User avatar
martini161
Mr Awesome
Mr Awesome
Posts: 3183
Joined: Sat Sep 08, 2007 8:27 pm
Location: Cherry Hill, New Jersey

Re: Fake BSOD

Post by martini161 »

if the virus has already managed to get that deep into the system you will probably have to do a total reinstall
User avatar
duplo83
Legit Aficionado
Legit Aficionado
Posts: 94
Joined: Fri May 02, 2008 11:02 am
Location: Moreland, Idaho

Re: Fake BSOD

Post by duplo83 »

The best luck I've had against really tough virus' is to find where they're located on the hard drive and manually change their file type, it renders them completely useless and will enable you to delete them. The tricky part is usually tracking them down. Once I find them I rename them to something like .jpeg or .mp3 from their .dll or.exe form and it completely breaks them. I haven't yet encountered a virus that is impervious to this, it has always worked for me.

Good Luck!! [-o<
Case=Antec Twelve Hundred
Mobo=EVGA 790i Ultra SLI
CPU=Intel Q9450 OC @ 3.7 Ghz
GPU=GTX 280 X 2 SLI
RAM=Corsair DDR3 1600 9-9-9-24
Sound=Creative X-fi Xtreme Gamer
PSU=SilverStone DA1000 1000W
3DMark Vantage=Overall-21,591
CPU-43,435
GPU-18,491
User avatar
unfaithfulsfan
Legit Extremist
Legit Extremist
Posts: 761
Joined: Fri Mar 28, 2008 6:52 pm
Location: Buffalo NY

Re: Fake BSOD

Post by unfaithfulsfan »

Well, it seems I got it fixed (I think [-o< )

The BSOD turned out to be a bogus screensaver with a script to restart the computer after a certain amount of time. :shock: Pretty inventive, I think. You could just hit "esc" to cancel the script and return to Windows. (Found that out by accident) #-o

Anyway, here's how I fixed it:
First I ran Dr Web CureIt in safe mode which found a couple of hundred items
Then I ran it in normal mode and it found a dozen or so more
Then I ran SuperAntiSpyware in Safe then normal modes and found yet another 300 registry items including the .vbs script pointers
Then I ran Spybot Search and Destroy and it found the BSOD files, a couple of more scripts and the Windows AntiVirus 2008 files

It's been idling for about 30 minutes with no problems so maybe I got everything. Still slow as constipated crap with 256 MB of RAM :vom: Customer is older guy on oxygen so upgrades aren't his big priority. Now keeping his grandkids off the computer is more important :mrgreen:

Thanks!
Jack
"A payphone was ringing and it just about blew my mind,
when I picked it up & said 'Hello' this foot came through the line"
~Bob Dylan
User avatar
unfaithfulsfan
Legit Extremist
Legit Extremist
Posts: 761
Joined: Fri Mar 28, 2008 6:52 pm
Location: Buffalo NY

Re: Fake BSOD

Post by unfaithfulsfan »

oops, forgot one step. Ran SmitRem in both normal and Safe modes before SuperAntiSpyware :oops:
"A payphone was ringing and it just about blew my mind,
when I picked it up & said 'Hello' this foot came through the line"
~Bob Dylan
User avatar
DMB2000uk
Site Admin
Site Admin
Posts: 7095
Joined: Mon Jul 18, 2005 5:36 pm
Location: UK

Re: Fake BSOD

Post by DMB2000uk »

I happen to like that BSOD screensaver :P

Are you sure it was actually restarting the PC and wasn't part of the screensaver? (as that is what it normally does :mrgreen: )

Dan
Image (<- Clickable)
User avatar
martini161
Mr Awesome
Mr Awesome
Posts: 3183
Joined: Sat Sep 08, 2007 8:27 pm
Location: Cherry Hill, New Jersey

Re: Fake BSOD

Post by martini161 »

you have just opened up a whole new world of practical computer jokes to me :mrgreen: the possibilities are endless!
vbironchef
Legit Extremist
Legit Extremist
Posts: 2301
Joined: Tue Mar 27, 2007 3:35 pm

Re: Fake BSOD

Post by vbironchef »

That is good news. Maybe run CC Cleaner to make it run a little faster. I use PC pitstop to optimize my internet connection. I am going to save your thread because I never heard of the programs that you ran. Thanks!
User avatar
XstollieX
Staff Writer
Staff Writer
Posts: 1641
Joined: Mon Mar 24, 2008 10:51 am
Contact:

Re: Fake BSOD

Post by XstollieX »

martini161 wrote:you have just opened up a whole new world of practical computer jokes to me :mrgreen: the possibilities are endless!
I like that idea where can I get those. I've got some freinds :nut kick: that i want to give it too
User avatar
bigblockmatt
Legit Extremist
Legit Extremist
Posts: 1341
Joined: Mon Oct 11, 2004 12:01 am
Location: California

Re: Fake BSOD

Post by bigblockmatt »

interesting you bring this up. my dad decided to open an email and download some program that he thought was from UPS. it first installed antivirus xp08 or something like that, then proceeded to do the BSOD and restart thing. at first i was like thought he royally messed something up. but after watching it for a minuted something didnt seem right so i just started to hit some buttons and i hit control and it went away. it made sense it was fake cause it would only come up when you let it sit idle... i found this site http://forums.techguy.org/malware-remov ... win32.html and followed the directions and it cleaned it up.

ps. the best part is my dad did it at home and work (he is a mortgage broker so his work computer is his own, no tech support - well i guess i am his tech support, lucky me). so now that i fixed his laptop, i get to do the same with his work desktop...
comp specs- too lazy to make a cool looking sig... MB:GIGABYTE GA-MA790XT-UD4P, AMD Phenom II X3 720 Black Edition 2.8Ghz, CORSAIR TW3X4G1333C9DHX 4GB PC3-10666, ASUS Radeon HD 4870 512MB, SB audigy gamer, WESTERN DIGITAL Caviar Black 500GB, antec P180 case (extra 120mm fan and 80mm fan), Corsair HX Series 620W: ASSEMBLED June 2009
Image
Post Reply