Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove cnn.com and msnbc.com fake breaking news spam-virus and joke-bluescreen malware

Joke-bluescreen malware is a malware that also installs rogue security applications (Antivirus XP, IE Defender) and display false alert on compromised computer, infects systems via spam emails with header “cnn.com breaking news” or “msnbc.com breaking news”. If your computer infected, then you have:

  • background turned blue and a box came up that says that you computer has been infected with spyware and you need to download some kind of software to clean PC
  • McAfee keeps telling you that the virus is called joke-bluescreen
  • system is running slow

Download HijackThis and Combofix.
Run HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items (if exists):

O4 - HKLM\..\Run: [DLI32] C:\WINDOWS\dli32.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [CDriver] c:\microsoft\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\microsoft\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\microsoft\svchost.exe
O4 - HKCU\..\Run: [beta] c:\microsoft\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\microsoft\svchost.exe
O4 - HKLM\..\Run: [SMrhcjlaj0ee91] C:\Program Files\rhcjlaj0ee91\rhcjlaj0ee91.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\microsoft\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\microsoft\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\microsoft\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\microsoft\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\microsoft\svchost.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra ‘Tools’ menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O22 - SharedTaskScheduler: cariniana - {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} - C:\WINDOWS\system32\gnjsjc.dll (file missing)

Note: Where is c:\microsoft\svchost.exe can be c:\google.com\svchost.exe
Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Close HijackThis. Double click on combofix.exe and follow the prompts.

If you are still having problems, then I would recommend you follow these instructions and post your logs in the spyware removal forum. I will check your logs and advise you on joke-bluescreen removal.

Share/Save/Bookmark

August 21, 2008 on 9:28 am | In Rogue Anti Spyware, Spyware protection and removal, Trojan, Tutorials - HowTo, Virus | |


2 Comments »

RSS feed for comments on this post. TrackBack URI

  1. I am at work but it is my home computer that is infected. In addition to the problems you mentioned, this virus won\’t let me go to any antispyware sites so I may have to fix the problem manually. Any ideas to allow me to go to the correction sites?

    Thanks,
    Greg

    Comment by Greg — August 25, 2008 #

  2. Hello Greg, please read these instructions and post your logs in the spyware removal forum. I will help you.

    Comment by Patrik — August 25, 2008 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 4 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a


MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^