McAfee > Theat Center > Virus Detail Page

Overview

Characteristics

McAfee® AVERT® recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

The program's documentation describes the program as:

Bluescreen cycles between different Blue Screens and
simulated boots every 15 seconds or so. Virtually all
the information shown on Bluescreen's BSOD and system
start screen is obtained from your system
configuration - its accuracy will fool even advanced
NT developers. For example, the NT build number,
processor revision, loaded drivers and addresses, disk
drive characteristics, and memory size are all taken
from the system Bluescreen is running on.

This is the dialog box displayed when the program is started:

System Changes

Registry

The following registry keys are created:

• hkey_current_user\software\sysinternals\bluescreen
• hkey_current_user\software\sysinternals
• hkey_current_user\software\sysinternals\bluescreen\dodiskwrites
  ="0"
  

Detection of the “Joke” type is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan 7 has also an option, which enables users to detect this kind of program automatically (see below).
This type of detection also exists within e250/e500 Webshield filtering devices.

Symptoms

Method of Infection

Removal

Variants

Variants

N/A

All Information

Overview -

Characteristics

Characteristics -

McAfee® AVERT® recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

The program's documentation describes the program as:

Bluescreen cycles between different Blue Screens and
simulated boots every 15 seconds or so. Virtually all
the information shown on Bluescreen's BSOD and system
start screen is obtained from your system
configuration - its accuracy will fool even advanced
NT developers. For example, the NT build number,
processor revision, loaded drivers and addresses, disk
drive characteristics, and memory size are all taken
from the system Bluescreen is running on.

This is the dialog box displayed when the program is started:

System Changes

Registry

The following registry keys are created:

• hkey_current_user\software\sysinternals\bluescreen
• hkey_current_user\software\sysinternals
• hkey_current_user\software\sysinternals\bluescreen\dodiskwrites
  ="0"
  

Detection of the “Joke” type is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan 7 has also an option, which enables users to detect this kind of program automatically (see below).
This type of detection also exists within e250/e500 Webshield filtering devices.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Variants

Variants -

N/A