BSOD: Error 333 Registry Failure” pop-up virus

[REDACTED]

Our laptop has been hit with the BSOD: Error 333 Registry Failure” pop-up virus.  Yes, day before yesterday I was trying to open a PDF file and some rogue PDF kept pulling up to open the document.  I finally downloaded Adobe PDF and viewed my document.  But the system was acting very very slow.  Some Crazy Score thing kept popping up on the side of certain webpages.  I ran Malewarebytes and AVAST and one of them found 69 harmful files.  I do remember that most had Crazy..... or something to that effect in the name.  Now we are getting the BSOD: Error 333 Registry Failure Pop up virus.  Of course it warns not to shut your computer off, which I hope is not true because we are headed for severe storms today and we always shut down and unplug our systems.  At least this is the laptop and not the desk top and I can simply unplug for a time.

I did take a photo of the screen if I need to upload that.

Thank you!

[Pondus]

follow instructions here  https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs ... 3 logs total

I did take a photo of the screen if I need to upload that.

you may attach that

[Eddy]

Just as information:

The adware that pushes the BSOD Error 333 pop-ups may change your home page and insert a registry key in Window to start at system boot-up. Users infected with the BSOD Error 333 adware are directed to call 855-399-8171 and receive help from supposedly certified Microsoft technicians.

[REDACTED]

Well, my photos are to large to upload.  Sorry!

[essexboy]

Hi  Busymama62

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Select  additions at the bottom
• Press Scan button.
  
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach both logs generated.

[REDACTED]

Hello Essexboy, Great to see  you!  You have helped us out a number of times.  Not on this laptop but here we go.  I am fixing to do the Farbar Recovery Scan Tool.  Had a webinar this am and then other business matters so now back to the laptop.  At least this didn't hit the desk top which is the business computer.

[REDACTED]

Results attached

[essexboy]

Did you install Chromium on the system ?  (This is not Chrome)

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [LManager] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\gatsby70\AppData\Roaming\Mozilla\Firefox\Profiles\x9qi61jy.default\user.js [2015-05-23]
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

No I did not install Chromium!  Come to think of is this "Ghost like icon" has just started showing up the last few days.  Would that be why on some of the web pages a side bar so to speak on the left opens up?  We have had this laptop almost a year.  It was my brothers and I got it when he passed away.  He had very little installed on it.  Not really sure what he was using it for. 

I have attached the Fixlog.txt

[essexboy]

It was only installed 3 days ago which is why I asked

Could you let me know what problems remain after this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-2206397092-1218934494-1219599929-1001\...\Run: [GoogleChromeAutoLaunch_EFAD21E9274B6657FE8ABB656CACEF16] => C:\Users\gatsby70\AppData\Local\Chromium\Application\chrome.exe [656384 2015-05-18] (The Chromium Authors)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (No Name) - C:\Users\gatsby70\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014-12-17]
2015-05-23 19:05 - 2015-05-26 12:05 - 00000356 _____ () C:\WINDOWS\Tasks\Chromium.job
2015-05-23 19:05 - 2015-05-23 19:05 - 00002694 _____ () C:\WINDOWS\System32\Tasks\Chromium
2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\Users\gatsby70\AppData\Local\Chromium
Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\gatsby70\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE
Task: {C0C8B410-207C-46F9-814E-6938520D2508} - System32\Tasks\Chromium => C:\Users\gatsby70\AppData\Local\Chromium\Application\45.0.2406.0\Installer\uninstall.exe [2015-05-23] ()
EmptyTemp:

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

The "Ghost icon" is no longer showing up.    Did Chromium install at the same time as that pop up virus or were these two separate hits.  I know where the pop up came from but not the Chromium. 

[REDACTED]

Playing around trying to do some testing and when I opened up Chrome this box popped up.  "Unsupported ext disabled     To make Crome safer, we disabled some extensions that aren't listed in the Chrome Web Store and may have been added without your knowledge.

. Crazy Score

This is the one that has been popping up on the left hand side of the system.    What do I need to do to completely remove it?

Thanks!

[essexboy]

That one is not showing on the list of extensions so I reckon it has hijacked a legitimate file (there is a lot of this happening now with chrome )
I believe they are both the same attack



Re-install Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
 Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

[REDACTED]

I logged in to my chrome but did not see a stop and clear.  Question since chrome was already on this laptop when we got it will the chrome be under my brothers info?  If so, I probably have a problem.

[essexboy]

No as if the password/username is different then it will not try to synch