'System plugin at address 0x00874324 got critical error'
"System plugin at address 0x00874324 got critical error" is the message displayed in a lock screen that prevents Windows from loading the desktop. The 'System plugin at address 0x00874324 got critical error' lock screen is not the result of any legitimate Windows error; rather, "System plugin at address 0x00874324 got critical error" is a sign that your PC is infected with a Trojan. The Trojan's purpose is to hold your computer hostage by demanding money – despite the fact that the lock screen does not make that demand immediately clear. If your PC is locked by the 'System plugin at address 0x00874324 got critical error' screen, it is very important that you do not call any of the phone numbers listed below the fake error message.
Symptoms Associated with the Lock Screen 'System plugin at address 0x00874324 got critical error'
The symptoms related to the 'System plugin at address 0x00874324 got critical error' lock screen are simple and few, but devastating. While the malware responsible for the message 'System plugin at address 0x00874324 got critical error' is active on your computer, you will not be able to use the computer at all. The screen with the fake error message 'System plugin at address 0x00874324 got critical error' appears after you start your computer, immediately after the boot-up splash screen (the screen with a progress animation and Windows logo). When the lock screen appears, it can show up in one of two different ways, which may depend on the flavor of Windows you are running. There are reports that when the 'System plugin at address 0x00874324 got critical error' malware infects a computer running Windows XP, the lock screen window is minimized on a black background, and it can often be disabled from that point if you do not maximize its window. However, for users running other versions of Windows, there have been reports that the lock screen simply appears, covering the center of the screen, immediately following the splash screen.
While the 'System plugin at address 0x00874324 got critical error' window is active, you will not be able to get into Windows, meaning that you will not see the desktop or task bar. The lock screen even appears when Windows loads in Safe Mode, although it may be easier to disable in Safe Mode. While 'System plugin at address 0x00874324 got critical error' is active, Task Manager may be disabled completely, or the Task Manager window may pop-up behind the 'System plugin at address 0x00874324 got critical error' screen, preventing you from actually doing anything with Task Manager. On the other hand, there have been reports that Task Manager can be opened by pressing Ctrl+Alt+Del for an extended length of time. Within Task Manager, the malware that causes the 'System plugin at address 0x00874324 got critical error' lock screen is known to hide its processes by causing them to appear as svchost.exe, a generic service process that normally refers to many legitimate Windows components.
Contents of the Lock Screen, and What’s Really Going On with those Phone Numbers
The window that starts with the message 'System plugin at address 0x00874324 got critical error' includes this text:
System plugin at address 0x00874324 got critical error, please follow these steps to deactivate it.
- Call one of the following numbers:
0088213090413
00261221000186
0037190100546
0088213240069
0025270701161
00263778289408 - Wait for the answer and write down your identification key 3. Enter the identification key received by phone, click "Next" to continue.
The screen then has five blanks, followed by a button that says "Next." In order to remove the malware, the code 27496 may be entered, and it should disable the lock screen. There have been scant reports of this malware, with the 'System plugin at address 0x00874324 got critical error' message, using a lock screen with a blank for seven numbers. In that case, the code 1351236 may disable the malware so that you can remove "System plugin at address 0x00874324 got critical error".
The scam involved with the lock screen 'System plugin at address 0x00874324 got critical error' is not immediately apparent. After all, all the message says to do is to call a number and then write down a code, rather than demanding any payment. If you were to call one of the numbers, which you should not do for any reason, you would not find anyone demanding payment at the other end. What you would find is that you had called an international premium-rate number, that you would be on the phone for four to five minutes waiting for your code and that the call would later show up on your phone bill, billed to you at a rate of around 9 Euros per minute. That is how the con-artists behind this malware take your money. It is essentially a repeat of a scam that was being perpetrated through spam email and automated phone calls in 2008 and 2009. The difference is, instead of attempting to convince you to call a number back, or to dial a number to claim a bogus prize, the people behind this lock screen version of the scam are now using malware instead of spam and automated calls.
The phone numbers displayed along with the 'System plugin at address 0x00874324 got critical error' message are mostly satellite phone numbers, and their numbers are allocated to a variety of different countries around the world. (The leading 00 is omitted from the numbers in the table; rather than being part of the numbers, it is a prefix for dialing internationally.)
Although most of these are numbers for satellite phones, there is one mobile phone number (in Zimbabwe), and two that can't be classified for lack of information (in Latvia and Somalia). Furthermore, because of phone number portability, the service provider for the satellite and mobile numbers may have changed since the numbers were first put into use, or the numbers' locations may not correspond to those of their owners. In the case of the satellite phone numbers, this is especially likely, since it would allow the people behind the scam to force people to dial remote locations without having to be in those places themselves.
In the end, this is a relatively simple scam, and the only thing that's new about it is that it employs malware to achieve its ends. Usually lock screens involve explicit content or outright demands for money, but this one is a bit more subtle and, therefore, more likely to fool people. Please remember: there is harm in calling the phone numbers in the 'System plugin at address 0x00874324 got critical error' message, and you do not have to call any of those numbers to unlock your PC.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. |
C:\Documents and Settings\ |
|
| 2. | C:\ProgramData\delself.bat | |
| 3. | C:\ProgramData\svchost.exe | |
| 4. |
C:\Documents and Settings\ |
|
| 5. | C:\ProgramData\svchost.tmp_time | |
| 6. |
C:\Documents and Settings\ |
