Joke-bluescreen malware is a malware that also installs rogue security applications (Antivirus XP, IE Defender) and display false alert on compromised computer, infects systems via spam emails with header “cnn.com breaking news” or “msnbc.com breaking news”. If your computer infected, then you have:
- background turned blue and a box came up that says that you computer has been infected with spyware and you need to download some kind of software to clean PC
- McAfee keeps telling you that the virus is called joke-bluescreen
- system is running slow
Download HijackThis and Combofix.
Run HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items (if exists):
O4 – HKLM\..\Run: [DLI32] C:\WINDOWS\dli32.exe
O4 – HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 – HKCU\..\Run: [CDriver] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [DDriver] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [alpha] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [beta] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [gamma] c:\microsoft\svchost.exe
O4 – HKLM\..\Run: [SMrhcjlaj0ee91] C:\Program Files\rhcjlaj0ee91\rhcjlaj0ee91.exe
O4 – HKLM\..\Policies\Explorer\Run: [CDriver] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [DDriver] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [alpha] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [beta] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [gamma] c:\microsoft\svchost.exe
O9 – Extra button: (no name) – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 – Extra ‘Tools’ menuitem: IE Anti-Spyware – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.securesoftwarefeed.com/redirect.php (file missing)
O22 – SharedTaskScheduler: cariniana – {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} – C:\WINDOWS\system32\gnjsjc.dll (file missing)
Note: Where is c:\microsoft\svchost.exe can be c:\google.com\svchost.exe
Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.
Close HijackThis. Double click on combofix.exe and follow the prompts.
If you are still having problems, then I would recommend you follow these instructions and post your logs in the spyware removal forum. I will check your logs and advise you on joke-bluescreen removal.
I am at work but it is my home computer that is infected. In addition to the problems you mentioned, this virus won\’t let me go to any antispyware sites so I may have to fix the problem manually. Any ideas to allow me to go to the correction sites?
Thanks,
Greg
Hello Greg, please read these instructions and post your logs in the spyware removal forum. I will help you.
Ran Combofix on my cousins computer. It cleaned out the msnbc.com virus. Her machine is back up and running just fine!
I keep getting pc generated mails from msnbc.com (as they are not coming through mail server, but appear in my Outlook mail). I have never opened any of them and I send them to ‘Junk’ and then I empty the junk folder. My pc is operating just fine, otherwise.
Will running these 2 programs remove this spam mail?