Results 1 to 14 of 14
  1. #1
    New Lounger
    Join Date
    Aug 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Blue screen requesting to contact Microsoft Technician

    I switched to Win 10 in the hope that I could eliminate some security issues.

    First, I got infected with a browser hijacker under Win 8.1 that sent my default browser addresses in Chrome and Internet Explorer to:
    http://usa-aa.s3-website-us-east-1.a...ws.com/?grp=10, by attaching itself to the end of the default address, like this:

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://usa-aa.s3-website-us-east-1.a...ws.com/?grp=10.

    I found out how to eliminate the added address and go back to my defaults, however I just could not stop this from reoccurring.

    Second, I also was infected by a message that I felt was a scam. It opens a blue screen with several lines of text indicating that:

    “A problem has been detected and your PC has been stopped to prevent damage.
    0x00009af8 DRIVER_IRQL PENDING OPERATION
    COMPUTER HEALTH IS CRITICAL
    DO NOT RESTART
    . . . . .ETC”

    And ends by making a request to contact a Microsoft Certified Technician and a toll free number.

    I didn’t heed the request and restarted. The process repeated itself several times and I could not find any other solution than restarting, until I found that by using the Sign Out option in the CTRL + ALT + DEL call for Task Manager, I could go back to the screen prior to the message and continue working.

    After any of the two occurrences I would run Malwarebytes Anti-Malware, Spybot and ADW Cleaner, plus CCleaner, although the first two are scheduled to run periodically.

    Once I switched to Win 10, the hijackers apparently stopped, but the blue screen is back again, which has given me the reason to send this message to seek some help.

    Thanks.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,604
    Thanks
    147
    Thanked 847 Times in 809 Posts
    I would advise a forum with specialist disinfection help for this but have you tried MBAM with the Rootkit box checked in Settings/Detection and Protection.

    There's also the ESET Free Online Scanner you could try. http://www.eset.co.uk/Antivirus-Util...Online-Scanner

    Click on the Advanced button and check all of the boxes and disable your AV program immediately before hitting the Scan button, but downloading and running this scan in Safe Mode with Networking would be better and then you don't need to disable your AV program as it will be isolated and hopefully that infection.

    You may also want to review your choice of antivirus program and look out for check boxes that will bundle unwanted software when you are downloading anything.

  3. #3
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,484
    Thanks
    283
    Thanked 572 Times in 476 Posts
    I suggest you visit Sysnative.com with this problem, their malware team will get this fixed with you and, if this fake BSOD what I think it is, there are a number of other specialists there that would be very interested in it.

  4. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,484
    Thanks
    283
    Thanked 572 Times in 476 Posts
    Actually, now I've had a little time to think on this, from the investigative point of view, you'd help them more by following their BSOD procedure first: http://www.sysnative.com/forums/bsod...8-7-vista.html

    That way, they can collect any data needed for further investigation before the machine is cleaned up. Just add "Fake BSOD" to the title and they should jump in pretty quickly

  5. #5
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    ??Nobody's mentioned Junkware Removal Tool??

    http://thisisudax.org/

    Zig

  6. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,604
    Thanks
    147
    Thanked 847 Times in 809 Posts
    Quote Originally Posted by Zig View Post
    ??Nobody's mentioned Junkware Removal Tool??

    http://thisisudax.org/

    Zig
    That crossed my mind but I think this requires expert help to cleanout as does satrow.

  7. #7
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,150
    Thanks
    31
    Thanked 302 Times in 263 Posts
    Quote Originally Posted by Sudo15 View Post
    ...I think this requires expert help to cleanout...
    Agreed. Sounds like a rootkit virus infection.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  8. #8
    New Lounger
    Join Date
    Aug 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I want to thank those who collaborated in finding a solution to my problem.

    Following satrow suggestion, I contacted the Sysnative forum and they were able to help me clean my laptop through several messages. I followed their instructions and somehow the Fake BSOD, just has not come back, although I don't know what caused it or how they fixed it.

    I am very appreciative of yours and their help.

  9. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,484
    Thanks
    283
    Thanked 572 Times in 476 Posts
    No worries

    If Corrine doesn't get back to you soon with a breakdown (I can see she's currently busy there and elsewhere, playing catchup as usual), give me a nudge and I'll try to work out what happened for you.

  10. #10
    New Lounger Corrine's Avatar
    Join Date
    Jun 2010
    Location
    Upstate, NY
    Posts
    18
    Thanks
    0
    Thanked 2 Times in 1 Post
    Do you really expect me to give away all my secrets, satrow?

    Seriously, the .exe file that was pointed to in a private analysis of a similar fake BSOD wasn't in the logs. As a result, I cannot point to the exact process. There were several "alphabet city" tasks and corresponding .job files that may have been the source but I can't point to a specific file.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
    Remember - A day without laughter is a day wasted. ~ ~ ~ May the wind sing to you and the sun rise in your heart.

  11. The Following 2 Users Say Thank You to Corrine For This Useful Post:

    Fascist Nation (2015-08-27),satrow (2015-08-26)

  12. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 648 Times in 571 Posts

  13. #12
    4 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    557
    Thanks
    51
    Thanked 68 Times in 66 Posts
    A worrisome development. The usual point of control for a PC user I recommend is to be the one making the call. If someone calls you it's a fake; if you call tech support then it's legitimate.

    This partly replicates a legitimate support experience since the user is the one making the call. The scammers supply the phone number and that's how they get you. In concept it's no different than malware presenting you with a clickable link, but in feel they have advanced their confidence schemes to a new level.

    Sigh. When will the fraudsters give up or get arrested??

  14. #13
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,365
    Thanks
    232
    Thanked 147 Times in 136 Posts
    Quote Originally Posted by BHarder View Post

    Sigh. When will the fraudsters give up or get arrested??
    Does not matter, there will always be more.
    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  15. #14
    WS Lounge VIP access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    1,720
    Thanks
    146
    Thanked 156 Times in 149 Posts
    Quote Originally Posted by BHarder View Post
    A worrisome development. The usual point of control for a PC user I recommend is to be the one making the call. If someone calls you it's a fake; if you call tech support then it's legitimate.

    This partly replicates a legitimate support experience since the user is the one making the call. The scammers supply the phone number and that's how they get you. In concept it's no different than malware presenting you with a clickable link, but in feel they have advanced their confidence schemes to a new level.

    Sigh. When will the fraudsters give up or get arrested??
    Obviously you need to know the correct number - Googling for it might get you one for a scammer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •