Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


JFW.SYS Blue Screen of Death

  • Please log in to reply
3 replies to this topic

#1 kharlowe


  • Members
  • 25 posts
  • Local time:01:13 PM

Posted 05 June 2009 - 10:58 AM

I have an HP a810 Athalon. 2 gigs ram, 160 hard drive, Windows XP
Iím having two problems I think are related and may be a Trojan or a portion of one.
My machine has been taking 5-10 minutes to boot; I removed some startup items, and now itís marginally faster.
Worse, Firefox is sometimes absurdly slow to load a page.
Most annoying are the bsods I get which show the source as JFW.sys. They appear to be random. At least, I canít find a pattern if there is one.
Well, there is no such file; I looked.
I was infected twice last winter with the Vundo Trojan.
Norton, of course, didnít detect it.
The first time, I had to have it removed remotely. This still took them three hours, for Chrissake.
But it was gone.
A month or so later, I started getting the popups again.
This time, I recognized the problem.
I had also dumped Norton in favor of Spybot, Malwarebytes and Avast.
One or the other of them caught it and removed it.
I thought that was the last of it, but while I got this same bsod only once when I had the virus, itís recurred an average of once a week since then. No popups. All three scanners detect nothing.
This may not be a virus, but when I Google JFW.sys, itís linked to one or more Trojans. Is it possible itís the remnant of the vundo?
Anyone have any ideas what to try next?
In the absence of genuine ability, martyrdom is the one certain way to achieve fame--
George Bernard Shaw

BC AdBot (Login to Remove)


#2 snowdrop


  • Members
  • 513 posts
  • Local time:01:13 PM

Posted 06 June 2009 - 03:56 AM

What you could do to start with is to fully update the Malwarebytes program, reboot the computer and run a quick scan in Normal mode ; then click the Logs tab and copy/paste the contents of the new report for someone to check for you :thumbsup:

#3 kharlowe

  • Topic Starter

  • Members
  • 25 posts
  • Local time:01:13 PM

Posted 08 June 2009 - 03:50 PM

Ok, I did another scan just now.
The one yesterday showed nothing. This time, I got a hit:
Malwarebytes' Anti-Malware 1.37
Database version: 2249
Windows 5.1.2600 Service Pack 3

6/8/2009 3:40:10 PM
mbam-log-2009-06-08 (15-40-10).txt

Scan type: Quick Scan
Objects scanned: 95431
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; http://bsalsa.com) (Trojan.Banker) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

So, I removed it.
However, since it wasn't there yesterday, it makes me wonder if it's the problem. Avast, Spy Bot, Malwarebytes came up negative yesterday, yet when I rebooted time before last, I got the BSOD again.
I can't find any reference to this file as problem except here:
Where it says it's being reviewed and that it creates a background service, but it's not understood other wise.
What else can I provide?
In the absence of genuine ability, martyrdom is the one certain way to achieve fame--
George Bernard Shaw

#4 kharlowe

  • Topic Starter

  • Members
  • 25 posts
  • Local time:01:13 PM

Posted 08 June 2009 - 05:11 PM

Here's another log, from a different anti-virus:
SUPERAntiSpyware Scan Log

Generated 06/08/2009 at 04:52 PM

Application Version : 4.26.1004

Core Rules Database Version : 3910
Trace Rules Database Version: 1854

Scan type : Quick Scan
Total Scan Time : 00:42:17

Memory items scanned : 649
Memory threats detected : 0
Registry items scanned : 523
Registry threats detected : 0
File items scanned : 13724
File threats detected : 2

Application.PowerReg Scheduler

It doesn't say what's the problem with this, so I'm just going to remove it from startup.
In the absence of genuine ability, martyrdom is the one certain way to achieve fame--
George Bernard Shaw

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users