Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake BSoD in Chrome (Strange Incident)


  • Please log in to reply
4 replies to this topic

#1 Wolffie03

Wolffie03

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 03 November 2015 - 10:11 PM

So I was downloading some custom content for a game that I played when one of the websites directed me to a fake BSoD website. It looked something like this:

 

(This is not my screenshot, btw. I found it from another forum while browsing about it but it had the same message.)

 

bsod-error-333-registry-failure-popup_zp

 

The oddest thing is unlike that photo, I had an option to click on some check button to remember my answer about leaving the page. (Edit: I just remembered it was the simple check message that said Prevent this page from creating additional dialogues. After I check marked it, I clicked the leave page option, obviously.) Once that little pop up was gone, I quickly closed the tab. I didn't do anything else after. I simply ran rKill and then Malwarebytes. Both did not pick up or end anything. I was still able to browse/use my browser normally, though. Every time I started it up, the fake BSoD never really booted up or anything unlike other people have mentioned with the fake BSoD. Was I just lucky or... do I still have a cause to be concerned? Any other steps I can take to ensure that it didn't leave anything on my computer? D:

I even checked the %AppData% folder and nothing was really left. There were no installers or anything of that sort. :/


Edited by Wolffie03, 03 November 2015 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:34 AM

Posted 04 November 2015 - 03:26 AM

Hello there,

The fake BSoD in the picture is just a popup embedded into the website to get you to call a tech support scammer. Usually these do not leave any long-lasting damage (i.e. malware).

I'd say you do not have to worry about it since their main purpose is to scare you.

#3 Wolffie03

Wolffie03
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 04 November 2015 - 07:59 AM

Ah okay. Thank you! I just needed to validate and make sure I didn't have to do any additional steps to make sure it didn't leave anything behind on my PC.



#4 Wolffie03

Wolffie03
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 09 April 2016 - 09:38 PM

Can anyone help me again? I encountered one of those pesky fake microsoft tech support popups while on an adfly link and closed it via task manager but Malwarebytes isn't picking up anything. Adwcleaner isn't picking up anything either. Junkware removal isn't picking up anything. However, RougeKiller is picking up some changes to my registry. Idk what to do to make sure my computer is not infected. There's no extensions on my browser. There's nothing to be removed in the uninstall programs in the control panel or well... anything indicating that something got installed at all. I'm just confused. I'll be posting a log from RogueKiller to see what it picked up then work from there. :/

Idk if adfly itself is infected or if its my browser or what. I download stuff for games and it doesn't help these modders always have an adfly link so they can gain revenue, yet when I press continue, I find myself redirected to these fake microsoft scam popups. Also, I've done what was already said and reset my Chrome settings. My computer seems to be working fine, at least I thought it was. Then the explorer/system itself was slightly dragging until I started using it. (It was probably cause I left it idle or something while watching YouTube videos.)


Edited by Wolffie03, 09 April 2016 - 09:52 PM.


#5 Wolffie03

Wolffie03
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 09 April 2016 - 09:52 PM

Here's my log from RougeKiller:

 

RogueKiller V12.1.1.0 [Apr  4 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Monica [Administrator]
Started from : C:\Users\Monica\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/09/2016 21:45:47
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gkernel (\??\C:\Users\Monica\AppData\Local\Temp\gkernel.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkernel (\??\C:\Users\Monica\AppData\Local\Temp\gkernel.sys) -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3940321128-3193170646-2332125308-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3940321128-3193170646-2332125308-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 6f91cddc700d8c43c782a7c8acda1a4a
[BSP] 5a6c40c9524f4e6f1e5078710f6293f1 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 1890242 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 3874312192 | Size: 15970 MB
User = LL1 ... OK
User = LL2 ... OK





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users