Fake Bsod 0x00009af8 virus

[pvtmadness]

I am running Win 7 64bit Home Premium on HP Pavillion p6837c with SvcPac 1 installed and have auto updates enabled. About 4 days ago started getting random BSOD '0X00009AF8 Driver_IRQL Pending Operation'. Goes away on reboot and occurs randomly during the day. Can not find this error number via google search so thanks in advance for any help!

 

[Arc]

The screen looks unusual, a windows BSOD screen does not look like that, and dont say those texts. Specially the contracts, this part looks like a scam.

On the other side, it is a stop 0xD1 BSOD which is a driver related issue in most of the cases. But as the upload does not contain any crash dump, we cannot check them to find out the probleming driver. There is no such irql.sys as the screenshot says. IRQL is Interrupt Request Level (IRQL) is a level of priority of the computers internal environment, not a sys file.


Follow it: http://www.sevenforums.com/tutorials/174459-dump-files-configure-windows-create-bsod.html
Go to Option Two, Point 2. Download the .reg file and merge it in registry by double clicking it.

Now wait for another BSOD. When it occurred, search the .dmp files manually in the default path: C:\Windows\Minidump or %SystemRoot%\Minidump. See if the crash dump is recorded or not (hopefully it will be recorded).Post it following the Blue Screen of Death (BSOD) Posting Instructions.

Dont run any disc cleanup tool before you upload another zip.

 

[z3r010]

virus 877-316-8654 / 8773168654 Reverse Phone Lookup

 

[Arc]

Please move it to the system security forum then, John?

Edit: @pvtmadness, It is not a BSOD screen. The data you uploaded does not show a BSOD. You are scammed. Something you have downloaded willingly or unwillingly in your computer which is resulting this screen.

If I have been in place of you, I would have formatted the HDD at once.

 

[z3r010]

Moved and title amended.

 

[Arc]

Thanks John.

And thanks to kado897 too, for the deep digging.
877-316-8654 / 8773168654 Reverse Phone Lookup

 

[Cr00zng]

My customer had a similar fake BSOD with different phone number this morning:



No files dropped, I know of, closing IE in the task manager got rid of it. Rebooted the system and it did not return as of yet...

 

[pvtmadness]

Thanks to all of you!! I will continue to follow on security forum.

Will

 

[ICIT2LOL]

Hmm this is an interesting one and although it is a nuisance makes one wonder what the source was trying to do ? sell the OS again??

 

[pvtmadness]

In an interesting turn of events, there is now a line at the bottom of the BSOD screen that says something along the lines of " If you want to get out of this screen hit escape at your own risk" Exact wording not available because the "BSOD" is not up at the moment. I called the number on the page for the "microsoft technician" and, of course, the person answering the phone won't talk to me unless I give him a credit card number. Ha! Balls! So I am now convinced this is adware of some type and they are either selling the ability to help me "resolve" the problem, perhaps by sharing my screen (yikes!), or even to sell me security software. Disappointingly, MWB did not catch it, nor did Windows Security Essentials. In the end, hitting escape does in fact take me back to what I was doing with no other problems...that I can see. Now to figure out how to get rid of it....

 

[pvtmadness]

Now that I have "escaped" from the fake BSOD a few times, I received a "system" warning about dangers to my PC from not being protected. Obviously this is true if both MWB and Windows Security Essentials are not catching this. See attached SS

 

[Arc]

This is not Microsoft Security Essentials.

Your system is compromised. It would be the best for you if you format the HDD and start afresh.

 

[pvtmadness]

Thanks for your response, Arc. Yes, I agree, this is not MS Security Essentials, it is a fake. The question is, where is it getting in if both MWB and MS SE are not catching it? In my opinion, reformatting, which would certainly get rid of the problem, is not the first step that I want to take. It is like someone who has a shoulder pain and elects radical surgery before trying physical therapy first. Surely there is a special tool that can be recommended to scan for this type of malware and remove it. I will download Defender Offline first and see what comes of that.

 

[Arc]

This is something more than just a malware or adware. It is an attempt to hack your system. Removal of the particular item/items will not be the best thing there, IMHO.

I have requested Cottonball to have a look.

 

[pvtmadness]

The interesting thing is that whoever it is has put up this fake BSOD and is now making a *timely* offering of software to fix the problem, all under the ruse of being MS. This appears to be a well thought out campaign to sell their product and I'm surprised this isn't more widely reported on the internet.

 

[pvtmadness]

FYI, I googled the number in the ad and came up with a number of articles on fake pop ups and scams, including this one by MWB https://blog.malwarebytes.org/tech-support-scams/ In the article MWB says to run a full scan to get rid of these but that doesn't seem to be working on my PC. Chalk one up for the scammers.

Also, googling "pc-techies", the name in the URL, comes up with all sorts of stories about them being a scammer operation...yet, no word on how to block them.

 

[carwiz]

It probably came in on something you downloaded and installed recently. If the code is not performing unusual tasks, it probably won't be caught by any malware scanner. And simply displaying text is not an unusual task. The damage will be done when you let them into your system. Check to see if you can identify the program that is running in Task Manager when the screen appears. If you can find it, delete the program file.

The fact that it reappears suggest that it may be a two-part problem aided by the software you installed. It may have generated a Scheduled Task, a Start Up task or something is running all the time to issue the display.

Forgot to ask: Are you using Gadgets?

Also, Go to Programs and Features, sort the list by clicking on the "Installed on" column header then post a snip of it.

 

[mdd1963]

I'd try Malware Bytes' Junkware Removal Tool, and, AdwCleaner....

You might also consider Comodo's AutoRuns, or SysInternal's AutoRuns, which might let you track down the source of who/what is initiating the popup/fake warning, so that you might be able to delete it.

 

[ICIT2LOL]

If no one minds me putting in two cents worth I think a run with a rescue disk is worth a try there are two I would recommend
Kaspersky Rescue Disk 10 or How to create a Bitdefender Rescue CD

I personally find the Kaspersky the easiest to run but the choice if you want it try - got nothing to lose and it will not require Windows to boot at all


There is also a ton of security stuff in here too only they have reorganised it because the rescue disks were in a section of their own Free Windows Desktop Software Security List - Entire List | Gizmo's Freeware

 

[mdd1963]

" The system have found 35....."

It's a good thing most scam tards can't compose a simple sentence correctly!