Remove Brolo Fake BSOD Ransomware from Your PC - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove Brolo Fake BSOD Ransomware from Your PC

Another locker type of ransomware called Brolo has been reported to affect users on a massive scale. The ransomware uses malicious JavaScript to infect the browser of the user and connect to a remote host that displays a fake Blue Screen of Death (BSOD) message along with a scareware pop-up. Its aim is to extort users for money to fix a problem that does not exist. All users affected are advised not to fall into this trap and clean up their system methodologically from this malware, instructions for which are presented after this article.

NameBrolo.C
TypeRansomware
Short DescriptionThe virus uses malicious JavaScript code to restrict access to the buttons of the web browser of the user.
SymptomsThe user may witness a Fake BSOD scareware message imitating the official Microsoft one and claiming his computer has malware along with a phone number attached.
Distribution MethodVia PUPs, installed by visiting a suspicious third-party site or malicious attachments.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Brolo.C
User ExperienceJoin our forum to follow the discussion about Brolo.C.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

malware-sensorstechforumSource: Microsoft Malware Protection Center

Brolo Fake BSOD Ransomware – How Did I Get It

This virus has been reported by Microsoft security researchers to affect users by utilizing JavaScript codes. It may arrive onto the user’s web browser by several different methods:

  • Injected automatically via an adware program on the user PC.
  • Inserted using spam mails containing malicious links and attachments
  • Via messages featuring malicious links on online chat platforms.

After it has been executed, it might make an exploit or take advantage of a dead code and connect to a remote host after which deploy the payload.

Brolo Fake BSOD Ransomware – How Does It Work?

After it has been executed, the malicious payload may tamper with various registry entries, one of which may belong to the web browser you are using, for example:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

It may set custom values to block every button, the address bar and other settings that may allow users to access their browser use it. This may be done by the malicious JavaScript, which monitors any commands that are input.

Besides a fake blue screen of death, Microsoft reports the malware to deploy a pop-up which may contain a message of the following character:

“There is a .net frame work file missing due to some harmfull virus
Debug malware error 895-system 32.exe failure.
Please contact Microsoft technicians to rectify the issue.Please do not open internet browser for your security issue to avoid data corruption on your registry of your operating system. Please contact Microsoft technicians at: {cyber-criminals’ phone number}”

The message may also have additional scareware texts written in capital fonts:

“PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILURE OF OPERATING SYSTEM, HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS. CONTACT ADMINISTRATOR DEPARTMENT TO RESOLVE THE ISSUE ON TOLL-FREE {cyber-criminals’ phone number}”
Furthermore, the languages of the message may vary, depending on the location of the user. All users who come across this message should immediately disconnect from the internet and remove this malware.

Remove Brolo Fake BSOD Ransomware Completely

To remove Brolo a conventional restart or directly deleting the browser from %Program Files% will may not be successful, since the malware may cause real system freezes and interruptions. Furthermore, it may reappear when another web browser is installed since it may have files concealed in several key Windows locations:

  • %AppData%
  • %Roaming%
  • %System%
  • %Temp%
  • %Users%

To get rid of it successfully it is strongly recommended to follow the removal steps below since they are methodically arranged for maximum effectiveness. We also advise using an advanced anti-malware tool that is updated to the latest definitions in order to catch any obfuscators of the malware and also protect you in the future.

Manually delete Brolo.C from Windows and your browser.

Note! Substantial notification about the Brolo.C threat: Manual removal of Brolo.C requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Brolo.C
2. Reinstall your web browser to get it rid of Brolo.C from it.

Automatically remove Brolo.C by downloading an advanced anti-malware program.

1. Remove Brolo.C with SpyHunter Anti-Malware Tool
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.