Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird BOSD, fake or not?


  • Please log in to reply
12 replies to this topic

#1 SDogAlex

SDogAlex

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 25 May 2015 - 01:51 PM

Hello everyone, I am having a problem with my Dell Latitude  E6420. I am getting this random blue screen, but it looks fake to me. This is what it looks like:
 
If I use Ctrl + Alt + Delete it pulls up the screen, then I click log off and it works fine, I don't even have to restart. I have done a virus scan with Avast but nothing has come up, does anyone know how to fix this? Thanks!
 
Here is a video also:


BC AdBot (Login to Remove)

 


#2 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:11:33 AM

Posted 25 May 2015 - 02:06 PM

This is very fascinating, I have never seen this before.

Is there anything in the event viewer at all?

It certainly looks like a virus of some kind.

What processes are running?

 

It isn't a real BSOD, you are correct.

It would never have a number on it to call. 0xED is UNMOUNTABLE_BOOT_VOLUME.

So whoever created this 'BSOD' can't even do his research.



#3 SDogAlex

SDogAlex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 25 May 2015 - 02:20 PM

This is very fascinating, I have never seen this before.

Is there anything in the event viewer at all?

It certainly looks like a virus of some kind.

What processes are running?

 

It isn't a real BSOD, you are correct.

It would never have a number on it to call. 0xED is UNMOUNTABLE_BOOT_VOLUME.

So whoever created this 'BSOD' can't even do his research.

There really aren't any processes running except for system, adobe, and opera. Avast won't pick up a virus so I have no idea at all. I am going to try some other anti virus methods and I will tell you what I got.



#4 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:11:33 AM

Posted 25 May 2015 - 02:21 PM

Good idea.

Is there anything logged in the event viewer?



#5 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:11:33 AM

Posted 25 May 2015 - 04:34 PM

1-800-426-9400

Contact this free number, it's the Microsoft customer service help desk. They'll want to know about this situation, they should sort something out.



#6 ring 0

ring 0

  • BSOD Kernel Dump Expert
  • 89 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 AM

Posted 25 May 2015 - 05:33 PM

Looks like malware to me, maybe interacting with/from Opera since it's displaying a memory exhaustion page (whether it's true or not).

 

I'd run a scan with your AV/malwarebytes.



#7 Spideypl0x

Spideypl0x

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 27 May 2015 - 01:03 AM

I have the same Issue, I was able to get access to the task manager and figure out what process it is (SenseIUpdaterN8.exe) as soon as I end task the fake blue screen goes away. So far Ive tried Avast full system scan, avast boot-time scan, Malwarebytes scan + Malwarewarebytes anti rootkit scan, and ADW Cleaner with no luck so far.

Attached Files


Edited by Spideypl0x, 27 May 2015 - 01:04 AM.


#8 thisisu

thisisu

  • Malware Response Team
  • 2,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 AM

Posted 27 May 2015 - 01:25 AM

Interesting

 

I have the same Issue, I was able to get access to the task manager and figure out what process it is (SenseIUpdaterN8.exe) as soon as I end task the fake blue screen goes away. So far Ive tried Avast full system scan, avast boot-time scan, Malwarebytes scan + Malwarewarebytes anti rootkit scan, and ADW Cleaner with no luck so far.

 

Right mouse click the process while in TaskManager and choose : Open File Location

What is its file path?



#9 Spideypl0x

Spideypl0x

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 27 May 2015 - 01:32 AM

Interesting

 

I have the same Issue, I was able to get access to the task manager and figure out what process it is (SenseIUpdaterN8.exe) as soon as I end task the fake blue screen goes away. So far Ive tried Avast full system scan, avast boot-time scan, Malwarebytes scan + Malwarewarebytes anti rootkit scan, and ADW Cleaner with no luck so far.

 

Right mouse click the process while in TaskManager and choose : Open File Location

What is its file path?

Well crap, I just ran ComboFix and I think It may have taken care of it, if not Ill let you know.

 

(update) I still have it, but I wasnt able to access task manager this time. It runs as if its like a full screen program that can't be minimized.

(update2) Okay file path is CUsersMikeAppDataRoamingSenseIUpdater


Edited by Spideypl0x, 27 May 2015 - 02:10 AM.


#10 thisisu

thisisu

  • Malware Response Team
  • 2,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 AM

Posted 27 May 2015 - 02:39 AM

Thanks for the info. You can delete that SenseIUpdater folder. You'll have to stop the process first though. 


Edited by thisisu, 27 May 2015 - 02:40 AM.


#11 SDogAlex

SDogAlex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 27 May 2015 - 04:42 AM

Thanks for the info. You can delete that SenseIUpdater folder. You'll have to stop the process first though. 

 

 

Interesting

 

I have the same Issue, I was able to get access to the task manager and figure out what process it is (SenseIUpdaterN8.exe) as soon as I end task the fake blue screen goes away. So far Ive tried Avast full system scan, avast boot-time scan, Malwarebytes scan + Malwarewarebytes anti rootkit scan, and ADW Cleaner with no luck so far.

 

Right mouse click the process while in TaskManager and choose : Open File Location

What is its file path?

Well crap, I just ran ComboFix and I think It may have taken care of it, if not Ill let you know.

 

(update) I still have it, but I wasnt able to access task manager this time. It runs as if its like a full screen program that can't be minimized.

(update2) Okay file path is CUsersMikeAppDataRoamingSenseIUpdater

 

Thank you so much both of you, that has fixed the problem! Thanks!!



#12 ring 0

ring 0

  • BSOD Kernel Dump Expert
  • 89 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 AM

Posted 27 May 2015 - 05:17 PM

Yeah, figured. That's some pretty terrible malware.



#13 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:06:33 AM

Posted 19 July 2015 - 05:22 AM

It is absolutely fake.  Microsoft does not list phone numbers on BSOD screens.

 

What OS?  Can't be Windows 8, 8.1 or 10.  Different design.

 

0x00000ed (0x80F128D0, 0xc000009c, 0x00000000, 0x0000000)

 

0xed is a valid bugcheck - UNMOUNTABLE_BOOT_VOLUME -- the I/O subsystem attempted to mount the boot volume and it failed

 

The real problem with it are the lengths of  the bugcheck + parms (numbers inside the parenthesis - "P1, P2, P3, P4" or "P1-P4").

 

At first glance, it appears to be an x86 Windows OS BSOD as each number appears to be 8  digits in length -- but they are not. x64 = 16 digits normally, but not always.  Also note that some bugchecks do legitimately have parms with <8/16, but not many.

 

bugcheck - 0x00000ed = 7 digits
P1 - 0x80F128D0 = 8 digits
P2 - 0xc000009c = 8 digits
P3 - 0x00000000 = 8 digits
P4 - 0x0000000 = 7 digits

 

The bugcheck + P4 simply don't have enough digits.  They screwed up.

 

We would expect bugcheck 0xed to have an exception error code in P2, which it does (you can easily ID an exception code as the majority always begin with 0xc); 0xc9c is a valid exception code.

0xC000009C
STATUS_DEVICE_DATA_ERROR
 
There are bad blocks (sectors) on the hard disk. 

 

The bugcheck + P1-P4 are hexadecimal numbers; hence the reason for 8/16 digits.

 

Regards. . .

 

jcgriff2


Edited by jcgriff2, 19 July 2015 - 05:28 AM.

Microsoft MVP 2009-2015




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users