| Author |
Topic: Blue Screen of Death |
Donna Dodd
From:
Acworth, Georgia, USA
|
Posted 20 Sep 2008 6:14 pm |
|
Recently, I had a big scare with the blue screen of death error message, NO MORE IRP STACK LOCATIONS. I went on line, found a fix for it and made some registry changes. Unfortunately, it was still there, and even gave me different messages such as BOGUS DRIVER, MODE EXCEPTION NOT HANDLED, UNEXPECTED KERNEL MODE TRAP, and PANIC STACK SWITCH. The computer acted like it was shutting down and rebooting, but I noticed all my programs were still opened once I hit the ENTER key.
More research, and I found out there is a SCREEN SAVER that mimics the blue screen of death!!! I went to My Computer, WinXP and then Sys32 - THERE SHE WAS!! I deleted the stupid thing, and now everything is back the way it's supposed to be.
Has anybody else fallen prey to this joke??
_________________
Donna Dodd
Georgia Steel Guitar Association (GaSGA) Board Member & Website Administrator
"Every person is a new door to a different world."
- from movie Six Degrees of Separation
Come visit my steel guitar store on CafePress! http://www.cafepress.com/zoomwithaview
Webmaster, http://www.georgiasteelguitar.com |
|
|
 |
Richard Sinkler
From:
aka: Rusty Strings -- Missoula, Montana
|
Posted 20 Sep 2008 8:43 pm
|
|
Hi Donna,
Any idea how you got that screen saver without you knowing? I recently reinstalled XP when I was getting the Blue Screen Of Death (different error message though). I couldn't even boot the computer up. |
|
|
|
Donna Dodd
From:
Acworth, Georgia, USA
|
Posted 21 Sep 2008 3:50 am
|
|
Hi Richard,
Your blue screen sounds like the serious one - not to be confused with the screen-saver. I have no idea how it got on my computer, but perhaps Wiz has some wisdom he can share.
Donna
_________________
Donna Dodd
Georgia Steel Guitar Association (GaSGA) Board Member & Website Administrator
"Every person is a new door to a different world."
- from movie Six Degrees of Separation
Come visit my steel guitar store on CafePress! http://www.cafepress.com/zoomwithaview
Webmaster, http://www.georgiasteelguitar.com |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 21 Sep 2008 9:44 am
|
|
Donna is referring to a fake security alert screensaver. It is a class of malware that is usually downloaded via exploits in Internet Explorer, or Safari. Fake security alerts are part of a tandem malware kit known as Rogue Anti Virus, or Rogue Anti Spyware applications.
The alert part may be a screensaver resembling a Windows Stop Error, or a changed Desktop Wallpaper, or a shield or icon in the System Tray, or pop-up boxes. No matter, these alerts are encoded with a message designed to cause panic in the owner of the machine.
The second part of this malware is the fake/Rogue removal program. The alerts will often mention the fake remover by name, for you to search for it, or may provide a link to download it. In the first case the authors behind this fake AV have poisoned all major search results with keywords and the brand name of this rogue product, so searchers will probably be led to it in the top SERPs.
Once you download the fake AV it will scan your computer then report a varying amount of threats found, just like a real scanner might do. They often have progress indicators, to add to the ruse.
After the fake scan is complete and the report presented - you will be told by a message that in order to remove these threats you must first pay for a license. Many people do just that. Once paid for the scanner portion will run again. This time it will report that all the previously detected threats have been removed, and that will usually be the end of it. It usually removes the fake alerts once the paid scan has completed. At least the ones that cleanup their crap are being decent about scamming you and leaving town with the loot.
There is a website that was dedicated to maintaining a list of known rogue security applications. Unfortunately, it has not been updated in a year. You can use Google, or Yahoo, or MSN searches to find other sites that are more up to date with fake or rogue anti virus/spyware programs.
All major security programs that have spyware detectors can detect and remove rogue AV products. Spybot Search and Destroy is free and is updated once a week, on Wednesdays. Only use the most current version of that program. Older versions are known to have many false positives and problems with current definitions for modern threats.
Unfortunately, once you pay the criminals behind the fake programs your money is gone. Furthermore, you have given credit or debit card information to criminals. Keep a close eye on your accounts afterward and ask for new cards and numbers as soon as possible.
Sometimes these threats are combined with fake video codec downloads you may see if you click on a hostile link in a spam email describing a supposed news event or sensational item about a movie star. The website at the destination will show a video blank player and a pop-up box telling you that you must download a new "Video Codec" or "Video ActiveX Object" to view the movie. The file you download is not a video codec, but is a downloader Trojan. It may download the Rogue Anti Virus alerts to your computer, or may do even nastier things to it.
Some variants of the Video Codec scams are sent from Storm or Srizbi infected computers and if installed will add your PC to their Botnet. Others may install a keylogger and try to steal logins to your auction, cPanel, banking or investment websites.
If suspect that you have a Rogue Anti Virus/Spyware program on your PC I advise you to use a real scanning service or program to remove all traces of it. I have a list of legitimate anti virus and anti spyware programs in the right sidebar on Wiz's Security Blog. There is also a list of spyware removal forums on my blog (in the sidebar), many of which have sections specifically dedicated to removing fake anti virus applications.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Donna Dodd
From:
Acworth, Georgia, USA
|
Posted 21 Sep 2008 6:28 pm
|
|
| Wiz Feinberg wrote: |
After the fake scan is complete and the report presented - you will be told by a message that in order to remove these threats you must first pay for a license. |
Wiz, that's exactly what happened to me! I didn't pay for the license, however - but then it was too late!
Thanks again, Wiz!
I very much appreciate the contribution you make to this forum!!
_________________
Donna Dodd
Georgia Steel Guitar Association (GaSGA) Board Member & Website Administrator
"Every person is a new door to a different world."
- from movie Six Degrees of Separation
Come visit my steel guitar store on CafePress! http://www.cafepress.com/zoomwithaview
Webmaster, http://www.georgiasteelguitar.com |
|
|
|
