Remove Brolo Fake BSOD Ransomware from Your PC

Another locker type of ransomware called Brolo has been reported to affect users on a massive scale. The ransomware uses malicious JavaScript to infect the browser of the user and connect to a remote host that displays a fake Blue Screen of Death (BSOD) message along with a scareware pop-up. Its aim is to extort users for money to fix a problem that does not exist. All users affected are advised not to fall into this trap and clean up their system methodologically from this malware, instructions for which are presented after this article.

Source: Microsoft Malware Protection Center

Brolo Fake BSOD Ransomware – How Did I Get It

This virus has been reported by Microsoft security researchers to affect users by utilizing JavaScript codes. It may arrive onto the user’s web browser by several different methods:

• Injected automatically via an adware program on the user PC.
• Inserted using spam mails containing malicious links and attachments
• Via messages featuring malicious links on online chat platforms.

After it has been executed, it might make an exploit or take advantage of a dead code and connect to a remote host after which deploy the payload.

Brolo Fake BSOD Ransomware – How Does It Work?

After it has been executed, the malicious payload may tamper with various registry entries, one of which may belong to the web browser you are using, for example:

→HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

It may set custom values to block every button, the address bar and other settings that may allow users to access their browser use it. This may be done by the malicious JavaScript, which monitors any commands that are input.

Besides a fake blue screen of death, Microsoft reports the malware to deploy a pop-up which may contain a message of the following character:

→ “There is a .net frame work file missing due to some harmfull virus
Debug malware error 895-system 32.exe failure.
Please contact Microsoft technicians to rectify the issue.Please do not open internet browser for your security issue to avoid data corruption on your registry of your operating system. Please contact Microsoft technicians at: {cyber-criminals’ phone number}”

The message may also have additional scareware texts written in capital fonts:

→ “PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILURE OF OPERATING SYSTEM, HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS. CONTACT ADMINISTRATOR DEPARTMENT TO RESOLVE THE ISSUE ON TOLL-FREE {cyber-criminals’ phone number}”
Furthermore, the languages of the message may vary, depending on the location of the user. All users who come across this message should immediately disconnect from the internet and remove this malware.

Remove Brolo Fake BSOD Ransomware Completely

To remove Brolo a conventional restart or directly deleting the browser from %Program Files% will may not be successful, since the malware may cause real system freezes and interruptions. Furthermore, it may reappear when another web browser is installed since it may have files concealed in several key Windows locations:

• %AppData%
• %Roaming%
• %System%
• %Temp%
• %Users%

To get rid of it successfully it is strongly recommended to follow the removal steps below since they are methodically arranged for maximum effectiveness. We also advise using an advanced anti-malware tool that is updated to the latest definitions in order to catch any obfuscators of the malware and also protect you in the future.

Manually delete Brolo.C from Windows and your browser.

Note! Substantial notification about the Brolo.C threat: Manual removal of Brolo.C requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Brolo.C

Boot Your PC Into Safe Mode

1. For Windows 7,XP and Vista. 2. For Windows 8, 8.1 and 10.

For Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.

– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.

3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.

4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

Step 1: Open the Start Menu

Step 2: Whilst holding down Shift button, click on Power and then click on Restart.
Step 3: After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.

Step 4: You will see the Troubleshoot menu. From this menu you can choose Advanced Options.

Step 5: After the Advanced Options menu appears, click on Startup Settings.

Step 6: Click on Restart.

Step 7: A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart.

2. Reinstall your web browser to get it rid of Brolo.C from it.

Remove or Uninstall Your Web Browser in Windows.

Step 1: Remove/Uninstall Your Browser using Windows Programs and Features.

Here is a method in few easy steps to uninstall your web browser. No matter if you are using Windows 8, 7, Vista or XP or 10, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program get left behind, and that can lead to unstable work of your PC, mistakes with the file type associations and other unpleasant activities caused by the virus. The proper way to get the browser off your computer is to Uninstall it. To do that:

Hold the Windows Logo Button and “R” on your keyboard. A Pop-up window will appear (fig.1).

In the field type in “appwiz.cpl” and press ENTER (fig.2).

This will open a window with all the programs installed on the PC.
Select the web browser that you want to remove, and press “Uninstall” (fig.3).

After you uninstall your web browser, you should clean up your registries before downloading it again. For more information on how to clean up your registries, proceed to the following article:
Fix Windows Registry Errors Caused by Malware

Finally you may want to install your browser against if you are certain the threat is gone.

Automatically remove Brolo.C by downloading an advanced anti-malware program.

1. Remove Brolo.C with SpyHunter Anti-Malware Tool

Remove Brolo.C with SpyHunter Anti-Malware Tool

1. Install SpyHunter to scan for and remove Brolo.C.2. Scan with SpyHunter to Detect and Remove Brolo.C.

Step 1:Click on the “Download” button to proceed to SpyHunter’s download page.

Download

Malware Removal Tool

It is highly recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.

Step 2: Guide yourself by the download instructions provided for each browser.
Step 3: After you have installed SpyHunter, wait for it to automatically update.

Step1: After the update process has finished, click on the ‘Scan Computer Now’ button.

Step2: After SpyHunter has finished scanning your PC for any Brolo.C files, click on the ‘Fix Threats’ button to remove them automatically and permanently.

Step3: Once the intrusions on your PC have been removed, it is highly recommended to restart it.

Optional: Using Alternative Anti-Malware Tools

Remove Brolo.C Using Other Alternative Tools

Malwarebytes Anti-MalwareSTOPZilla Anti Malware

1. Install Malwarebytes Anti-Malware to scan for and remove Brolo.C.
Step 1: Download Malwarebytes by clicking here.
Step 2: A pop-up window will appear. Click on the ‘Save File’ button. If it does not, click on the Download button and save it afterwards.


Step 3: After you have downloaded the setup, simply open it.
Step 4: The installer should appear. Click on the ‘Next’ button.

Step 5: Check the ‘I accept the agreement’ check circle if not checked if you accept it and click the ‘Next’ button once again.

Step 6: Review and click on ‘Next’ on the following 4 steps that will appear afterwards and after that click on the ‘Install’ button.

Step 7: After the installation process has completed click on the ‘Finish’ button and check the ‘Launch MalwareBytes AntiMalware’ check box.

2. Scan your PC with MalwareBytes to remove all Brolo.C associated files automatically.

Step 1: Launch MalwareBytes if you havent launched it after install.
Step 2: Wait for the software to update and then click on the blue ‘Scan Now’ button. If it doesnt start updating automatically, click on the blue ‘Update Now’ highlighted text.

Step 3: At this point, after clicking the ‘Scan Now’ button, the system should start scanning your PC. It may take a while but be patient – it is worth it.

Step 4: After the scan has been complete and all of the threats have been identified, click on the ‘Remove Selected’ button to delete them permanently.

Step 5: Once the scan has completed, MalwareBytes will prompt you to restart your computer. It is recommended to save all your data you are working on before restarting.

1. Download and Install STOPZilla Anti-malware to Scan for And Remove Brolo.C.
Step 1: Download STOPZilla by clicking here.
Step 2: A pop-up window will appear. Click on the ‘Save File’ button. If it does not, click on the Download button and save it afterwards.

Step 3: After you have downloaded the setup, simply open it.
Step 4: The installer should appear. Click on the ‘Next’ button.

Step 5: Check the ‘I accept the agreement’ check circle if not checked if you accept it and click the ‘Next’ button once again.

Step 6: Review and click on the ‘Install’ button.

Step 7: After the installation process has completed click on the ‘Finish’ button.

2. Scan your PC with STOPZilla Anti Malware to remove all Brolo.C associated files completely.
Step 1: Launch STOPZilla if you haven’t launched it after install.
Step 2: Wait for the software to automatically scan and then click on the ‘Repair Now’ button. If it does not scan automatically, click on the ‘Scan Now’ button.

Step 3: After the removal of all threats and associated objects, you should Restart your PC.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website