Joke-bluescreen is a type of malware that is designed to trick users into downloading and installing rogue security applications (Antivirus XP, IE Defender, etc). This malware typically infects computers through spam emails with subject headers like “cnn.com breaking news” or “msnbc.com breaking news.”
If your computer has been infected with Joke-bluescreen, you may notice a blue background and a pop-up box that says your computer has been infected with spyware. This pop-up may also prompt you to download software to clean your PC. However, this software is likely to be a fake security application that will further compromise your computer.
You may also receive alerts from your McAfee antivirus software indicating that your computer has been infected with Joke-bluescreen. Additionally, you may notice that your system is running slower than usual.
To remove Joke-bluescreen from your computer, it is recommended that you use the steps below and perform a thorough scan of your system with a reputable antivirus program. You should also avoid opening suspicious emails or clicking on links from unknown sources to prevent future infections.
Download HijackThis and Combofix.
Run HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items (if exists):
O4 – HKLM\..\Run: [DLI32] C:\WINDOWS\dli32.exe
O4 – HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 – HKCU\..\Run: [CDriver] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [DDriver] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [alpha] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [beta] c:\microsoft\svchost.exe
O4 – HKCU\..\Run: [gamma] c:\microsoft\svchost.exe
O4 – HKLM\..\Run: [SMrhcjlaj0ee91] C:\Program Files\rhcjlaj0ee91\rhcjlaj0ee91.exe
O4 – HKLM\..\Policies\Explorer\Run: [CDriver] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [DDriver] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [alpha] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [beta] c:\microsoft\svchost.exe
O4 – HKLM\..\Policies\Explorer\Run: [gamma] c:\microsoft\svchost.exe
O9 – Extra button: (no name) – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 – Extra ‘Tools’ menuitem: IE Anti-Spyware – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.securesoftwarefeed.com/redirect.php (file missing)
O22 – SharedTaskScheduler: cariniana – {5c770fbc-cc2f-4acd-93e8-e6f0594307fd} – C:\WINDOWS\system32\gnjsjc.dll (file missing)
Note: Where is c:\microsoft\svchost.exe can be c:\google.com\svchost.exe
Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.
Close HijackThis. Double click on combofix.exe and follow the prompts.
If you are still having problems, then I would recommend you follow these instructions and post your logs in the spyware removal forum. I will check your logs and advise you on joke-bluescreen removal.
I am at work but it is my home computer that is infected. In addition to the problems you mentioned, this virus won\’t let me go to any antispyware sites so I may have to fix the problem manually. Any ideas to allow me to go to the correction sites?
Thanks,
Greg
Hello Greg, please read these instructions and post your logs in the spyware removal forum. I will help you.
Ran Combofix on my cousins computer. It cleaned out the msnbc.com virus. Her machine is back up and running just fine!
I keep getting pc generated mails from msnbc.com (as they are not coming through mail server, but appear in my Outlook mail). I have never opened any of them and I send them to ‘Junk’ and then I empty the junk folder. My pc is operating just fine, otherwise.
Will running these 2 programs remove this spam mail?