Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Fake BSOD Ransomware and Restore Your PC

A ransomware is reported to lock the user’s web browser, demanding money in return for the fix. The ransomware pretends to be an official BSOD error caused by Windows failure. It also includes a phone number to contact the cyber-criminals. All users who have been infected are strongly advised NOT to pay any ransom “fees” offered by the fake Microsoft representatives and to install special software that will remove this virus.

Name JS/FakeBsod.A Ransomware
Type Ransomware
Short Description The virus uses malicious JavaScript code to restrict access to the buttons of the web browser of the user.
Symptoms The user may witness a Fake BSOD scareware message imitating the official Microsoft one and claiming his computer has malware along with a phone number attached.
Distribution Method Via PUPs, installed by visiting a suspicious third-party site or malicious attachments.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by JS/FakeBsod.A Ransomware
User Experience Join our forum to discuss JS/FakeBsod.A Ransomware.

fake-bsod-lockscreen-sensorstechforum

Fake BSOD Ransomware – How Did I Get Infected

This ransomware has been reported by Microsoft malware researchers to infect users using a malicious JavaScript. Such script may come onto your web browser via several different techniques:

  • It may be inserted automatically via a PUP (Potentially Unwanted Program) that displays ads and redirects to sites containing it.
  • Via spam e-mails that may contain malicious web links or attachments.
  • Through spam messages in online forums or social networks.

Once the java script is activated it may create an exploit, connect to a remote host send information about the computer about to be infected and download the appropriate payload of the virus.

Fake BSOD Ransomware – How Does It Work?

Once activated, the payload of the ransomware may create registry entries in the registry key of your web browser to activate its payload. If you are running Google Chrome, the location would be the following, for example:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

After activating its payload, the next time you run your web browser, the ransomware may prevent you from executing any control commands such as closing it or typing a website as well as using shortcuts and bookmarks. This is done by using the malicious JavaScript to intercept the commands.

Furthermore, the virus also uses a scareware message, such as the following:

“0x000000CE DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS
WINDOWS HEALTH IS CRITICAL
DO NOT RESTART
PLEASE CONTACT MICROSOFT TECHNICIANS
BSOD : Error 333 Registry Failure of operating system – Host :
BLUE SCREEN ERROR 0X000000CE
Please contact Microsoft technicians At Toll-Free: {Phone Number}
To Immediately Rectify issue to prevent Data Loss.”

This scareware message is used to trick inexperienced users to pay for the “fixing” of the issue. However, the only issue on the computer may be the malware causing the Fake BSOD. Its phone number is featured to use social engineering tactics and extract information such as credit card details or personal info from users.

Remove Fake BSOD Screen and Restore Your Browser

To get rid of this ransomware unfortunately, you need to reinstall your web browser, clean up your Registries and scan your computer with an advanced anti-malware software. Scanning it will make sure any concealed files of the malware are discovered. The typical locations for those may be:

%temp%
%appdata%
%Users%
%System%

For effective results, you may want to follow the step by step instructions outlined below:

1. Boot Your PC In Safe Mode to isolate and remove JS/FakeBsod.A Ransomware
2. Remove JS/FakeBsod.A Ransomware with SpyHunter Anti-Malware Tool
3. Uninstall your web browser to get it rid of JS/FakeBsod.A Ransomware from it.
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the JS/FakeBsod.A Ransomware threat: Manual removal of JS/FakeBsod.A Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.