Help with Windows Virus

[Tech Star]

Hey guys, usually I am able to get rid of Windows virus's really easy and swiftly, but this one is giving me a lot of problems. I am trying to help give a person support remotely and anything I do just gives me this blue screen. I can get the start menu to show up (windows 10), but if I click on any program or any option it just takes me back to this blue screen. 

I had gotten malwarebytes installed and running before this happened, but now it won't let me do much. Any suggestions on how to deal with this?

Thanks guys. 

[Anibal P]

Format C and start over 

[Tech Star]

How is that the best option? It's a dumb virus/malware. As you can see with the phone number at the bottom of the blue screen. 

I can still boot into windows. Just after a period of time, this shows up. 

[nyolc8]

Dat BSOD.... try safe mode maybe? Did you tried to access command prompt? (right click on start button and command prompt - select the elevated/admin one) If that starts then you can set your system to boot into safe mode.

[Tech Star]

 It's not a real bsod. It's a fake one that has a phone number at the bottom to call for fake support. I can still hit the start button on the keyboard and the start menu will pop up. Apps just will open in the background of the fake blue screen. I can also hit ctrl-alt-dlt and the option screen will pop up, but can't access task manager. I can log out however. 

[Dadwen]

https://blog.malwarebytes.org/fraud-scam/2015/07/techsupportscams-and-the-blue-screen-of-death/
found this on malwarebytes site, might look for this folder or one like it and it prob won't let you deleted it but I have 
had luck with renaming it and then rebooting and deleted it, might also see if you can run eset's online web scanner and it if will run ok.

the one they mention was in the following path below, guessing it loading from somewhere under their profile if not that that folder something similar.
C:\Users\%userprofile%\AppData\Roaming\SenseIUpdater\

 

**since you have malwarebytes install have you tried it/s  Chameleon mode (under it's menu options in start)

Edited August 23, 2015 by Dadwen

[Anibal P]

How is that the best option? It's a dumb virus/malware. As you can see with the phone number at the bottom of the blue screen. 

I can still boot into windows. Just after a period of time, this shows up. 

I prefer the nuke and start over, only way to be 100% sure 

PLUS if you end up formatting the same person's compute a few times, they may finally realize it's them and stop being dumb 

[siah1214]

Nuke their profile and start over?  Less disruptive than format C:

[Kosh Naranek]

TDSSKiller from Kaspersky will most likely be able to remove it.

http://support.kaspersky.com/viruses/utility#TDSSKiller

[DGMurdockIII]

try the tron script https://www.reddit.com/r/TronScript/

[philcruicks]

F8 while booting to get into safe mode (with networking if you wanna download definition updates), run malware-bytes and whatever AV you use from there, also try downloading and running Hitman Pro, TDSS Killer and running those.

[goretsky Supervisor]

Hello,

Many anti-malware companies offer Live images you can burn to a CD or USB flash drive and boot an infected PC from in order to clean it.  Have you tried using one of those?

Regards,

Aryeh Goretsky

[JakeB]

Well the first thing I do when I get things like this is look in Control Panel add and remove programs. I order by date and I remove anything I didn't knowingly install. The I run Anti-Malwarebytes. 

[wahoospa]

I would first download Hitman Pro to a jump drive and run it.

[Tech Star]

Got rid of the malware by running malwarebytes and force quitting the task before the script could run. Thanks for the help guys.