Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake BSOD in Chrome


  • Please log in to reply
9 replies to this topic

#1 robjamco

robjamco

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Shaky Ground, Southern California
  • Local time:04:19 PM

Posted 30 September 2015 - 08:54 AM

HI BC, 
I am at wits end dealing with this and as a "self-help website" advised.(and what  I am doing)..I am seeking professional help. Attached are a couple screenshots of different scenarios encountered.  It seems based on the Chrome browser..but hell what do I know?  Even though it appears to be a BSOD but computer does not lock up and if caught before opening it can be closed.  I want to thank-you for any help or assistance you may provide in advance. I know this is a process that must be followed precisely and will do my best to follow all advice from your staff.**
 
   And like someone wiser than me once told me..
 
 "Ya didnt dig this bleep hole overnight and it aint gonna be fixed overnight either..."  
 
 I eagerly await any assistance you may provide
 
**(BSOD forum refered me to "Am I infected?")
 
OS Name Microsoft Windows 7 Professional
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name PRECISION-PC
System Manufacturer Dell Inc.
System Model Precision WorkStation T5400
System Type x64-based PC
Processor Intel® Xeon® CPU           E5405  @ 2.00GHz, 1995 Mhz, 4 Core(s), 4 Logical Processor(s)
BIOS Version/Date Dell Inc. A11, 4/30/2012
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.1.7601.17514"
User Name Precision-PC\Precision
Time Zone Pacific Daylight Time
Installed Physical Memory (RAM) 8.00 GB
Total Physical Memory 8.00 GB
Available Physical Memory 5.78 GB
Total Virtual Memory 16.0 GB
Available Virtual Memory 13.7 GB
Page File Space 8.00 GB
Page File C:\pagefile.sys
 
Eset Smart Security 8
 
Browsers
 
IE (Rarely used)
 
Chrome (Primary and where BSOD/Hijack appears)
 
Mozilla Firefox (Secondary)
 
 
 
Attached Screenshot
 


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:19 AM

Posted 30 September 2015 - 12:00 PM

Hello,

 

Yes, that is a fake BSOD message. Do not call that number.

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-------------

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

------------

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

--------

 

Please download Junkware Removal Tool  to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

-------------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 robjamco

robjamco
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Shaky Ground, Southern California
  • Local time:04:19 PM

Posted 30 September 2015 - 07:07 PM

Hello.

  And ty for your response!!  I do appreciate your help..

 

_____________________________________________________________________-

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/30/2015 04:02:50 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/30/2015 04:03:31 PM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
 
 
_______________________________________________
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/30/2015
Scan Time: 4:15 PM
Logfile: Malware log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.30.09
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Precision
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402207
Time Elapsed: 12 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
_________________________________________________
 
# AdwCleaner v5.009 - Logfile created 30/09/2015 at 16:41:54
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Precision - PRECISION-PC
# Running from : C:\Users\Precision\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Precision\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [750 bytes] ##########
 
____________________________________________________________________
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by Precision on Wed 09/30/2015 at 16:52:35.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Precision\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Precision\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Precision\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Precision\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/30/2015 at 16:56:57.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
 
Thanks again and look forward to your reply.
 
Rob


#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:19 AM

Posted 01 October 2015 - 01:30 AM

Hello,

 

Reset your Chrome browser.

 

To reset your browser settings to default:

§  How to Reset Your Web Browser to its default settings in Google Chrome, Firefox, Internet Explorer

§  How to reset your browser settings to default in Internet Explorer, Firefox, Google Chrome, Opera, Safari

§  How to reset Internet Explorer settings (all versions)

§  Refresh Firefox - reset add-ons and settings

§  Reset Chrome browser settings

§  Reset Default Page Settings in Google Chrome

 

Let me know if you need any further help. 

 

Do you still have that fake BSOD screen after browser reset?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 robjamco

robjamco
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Shaky Ground, Southern California
  • Local time:04:19 PM

Posted 01 October 2015 - 02:43 AM

Good Morning,

 

After Browser reset...still have fake BSOD..

 

Rob



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:19 AM

Posted 01 October 2015 - 02:48 AM

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

------

 

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 robjamco

robjamco
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Shaky Ground, Southern California
  • Local time:04:19 PM

Posted 01 October 2015 - 10:58 AM

Hello again,

 

 

Eset scan
no threat found
________________________________
 
Emsisoft Emergency Kit - Version 10.0
Last update: 10/1/2015 8:41:38 AM
User account: Precision-PC\Precision
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, 
 
Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 10/1/2015 8:45:00 
 
AM
Value: HKEY_USERS\S-1-5-21-
 
894491506-2789795501-3251863158-
 
1000\SOFTWARE\MICROSOFT
 
\WINDOWS\CURRENTVERSION
 
\POLICIES\SYSTEM -> 
 
DISABLETASKMGR detected:
Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-
 
894491506-2789795501-3251863158-
 
1000\SOFTWARE\MICROSOFT
 
\WINDOWS\CURRENTVERSION
 
\POLICIES\SYSTEM -> 
 
DISABLEREGISTRYTOOLS detected: 
 
Setting.DisableRegistryTools (A)
 
Scanned 74628
Found 2
 
Scan end: 10/1/2015 8:47:57 
 
AM
Scan time: 0:02:57
 
---------------------------------------
 
Thanks again,
 
Rob


#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:19 AM

Posted 01 October 2015 - 12:23 PM

Do you still have problems? 

 

Can you look in your browser extensions and to disable unknown:

 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 robjamco

robjamco
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Shaky Ground, Southern California
  • Local time:04:19 PM

Posted 04 October 2015 - 12:00 AM

Sorry for my absence.  Long days at work and I am on call as well. I disabled extensions as recommended to no avail.  Antivirus did seem to block a few pages but still getting fake BSOD and "call this number" etc.

Thank-you again for your continuing assistance

Rob



#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:19 AM

Posted 04 October 2015 - 02:41 AM

That is strange. I had similar cases before and those steps removed this fake BSOD.

 

You can get an expert opinion by asking for help in the Virus, Trojan, Spyware, and Malware Removal Logs forum. You will need to follow instructions in the Preparation Guide. Start with Step 6 and post FRST log in new topic, and link this topic there. 

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

They can use tool which are not allowed here. 

 

Let me know if you need any help with that. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users