BSOD: Error 333 Registry Failure” pop-up virus

Our laptop has been hit with the BSOD: Error 333 Registry Failure” pop-up virus. Yes, day before yesterday I was trying to open a PDF file and some rogue PDF kept pulling up to open the document. I finally downloaded Adobe PDF and viewed my document. But the system was acting very very slow. Some Crazy Score thing kept popping up on the side of certain webpages. I ran Malewarebytes and AVAST and one of them found 69 harmful files. I do remember that most had Crazy… or something to that effect in the name. Now we are getting the BSOD: Error 333 Registry Failure Pop up virus. Of course it warns not to shut your computer off, which I hope is not true because we are headed for severe storms today and we always shut down and unplug our systems. At least this is the laptop and not the desk top and I can simply unplug for a time.

I did take a photo of the screen if I need to upload that.

Thank you!

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total

I did take a photo of the screen if I need to upload that.
you may attach that

Just as information:

The adware that pushes the BSOD Error 333 pop-ups may change your home page and insert a registry key in Window to start at system boot-up. Users infected with the BSOD Error 333 adware are directed to call 855-399-8171 and receive help from supposedly certified Microsoft technicians.

Well, my photos are to large to upload. Sorry!

Hi Busymama62

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

Hello Essexboy, Great to see you! You have helped us out a number of times. Not on this laptop but here we go. I am fixing to do the Farbar Recovery Scan Tool. Had a webinar this am and then other business matters so now back to the laptop. At least this didn’t hit the desk top which is the business computer.

Results attached

Did you install Chromium on the system ? (This is not Chrome)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM-x32\...\Run: [LManager] => [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF user.js: detected! => C:\Users\gatsby70\AppData\Roaming\Mozilla\Firefox\Profiles\x9qi61jy.default\user.js [2015-05-23] Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

No I did not install Chromium! Come to think of is this “Ghost like icon” has just started showing up the last few days. Would that be why on some of the web pages a side bar so to speak on the left opens up? We have had this laptop almost a year. It was my brothers and I got it when he passed away. He had very little installed on it. Not really sure what he was using it for.

I have attached the Fixlog.txt

It was only installed 3 days ago which is why I asked :slight_smile:

Could you let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-2206397092-1218934494-1219599929-1001\...\Run: [GoogleChromeAutoLaunch_EFAD21E9274B6657FE8ABB656CACEF16] => C:\Users\gatsby70\AppData\Local\Chromium\Application\chrome.exe [656384 2015-05-18] (The Chromium Authors) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Extension: (No Name) - C:\Users\gatsby70\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014-12-17] 2015-05-23 19:05 - 2015-05-26 12:05 - 00000356 _____ () C:\WINDOWS\Tasks\Chromium.job 2015-05-23 19:05 - 2015-05-23 19:05 - 00002694 _____ () C:\WINDOWS\System32\Tasks\Chromium 2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\Users\gatsby70\AppData\Local\Chromium Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\gatsby70\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE Task: {C0C8B410-207C-46F9-814E-6938520D2508} - System32\Tasks\Chromium => C:\Users\gatsby70\AppData\Local\Chromium\Application\45.0.2406.0\Installer\uninstall.exe [2015-05-23] () EmptyTemp:

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

The “Ghost icon” is no longer showing up. :slight_smile: Did Chromium install at the same time as that pop up virus or were these two separate hits. I know where the pop up came from but not the Chromium.

Playing around trying to do some testing and when I opened up Chrome this box popped up. "Unsupported ext disabled To make Crome safer, we disabled some extensions that aren’t listed in the Chrome Web Store and may have been added without your knowledge.

. Crazy Score

This is the one that has been popping up on the left hand side of the system. What do I need to do to completely remove it?

Thanks!

That one is not showing on the list of extensions so I reckon it has hijacked a legitimate file (there is a lot of this happening now with chrome )
I believe they are both the same attack

Re-install Chrome

  1. If you have bookmarks, let’s save them by exporting them - Export Bookmarks
  2. Then I need you to go Google Sync and sign into your account
  3. Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
  4. Now we need to uninstall chrome via control panel .
    Note: When asked about user data or settings you must remove this also so please check the box.
  5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
  6. Import your bookmarks back into Chrome
  7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

I logged in to my chrome but did not see a stop and clear. Question since chrome was already on this laptop when we got it will the chrome be under my brothers info? If so, I probably have a problem.

No as if the password/username is different then it will not try to synch :slight_smile:

Well, that is good to know however, I did not see the “Stop & Clear”. At least for now Chrome has that hijack blocked. My husband said he did not have any problem with it last night.

Any further problems or shall I tidy up :slight_smile:

I guess we can tidy up. If that files starts to be a problem I can just start a new thread.

Thank you very much!!!

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: