Remove DRIVER_IRQL_NOT_LES_OR_EQUAL Tech Support Scam Virus

This virus displays a fake BSOD (Blue Screen of Death) with an error “DRIVER_IRQL_NOT_LES_OR_EQUAL“. It asks you to contact technical support via a provided phone number. However, the support line is fake and the scammers try to extort your money and personal information. Also, the provided number is presented as a Toll Free but it might actually have increased rates and charge for calls more than a regular line.

There is no actual error on your computer if you get this message displayed. The only required action is to remove the threat and you will regain the access to your computer.

We recommend using an automatic tool in order to remove the virus. This is usually the best way to remove such kind of threats. It will also protect your computer in the future from other infections. We have also prepared manual removal instructions if you feel comfortable working with important Windows system settings and files. However, the manual method only removes the symptoms and does not protect your computer. Therefore, this or any other threat might come back in the future.


Recommended Method: Download Tech Support Scam Virus Removal Tool

Version:   All Updated:   2 days ago Compatible OS:   All
This is the most suitable program for automatically removing the threat and repairing your PC.
Works with: Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP. Read instructions here
File name Size
mb3-setup.exe 56.5 MB

Click here to download alternative tool

What is DRIVER_IRQL_NOT_LES_OR_EQUAL virus?

This virus copies a real Windows error called “DRIVER_IRQL_NOT_LESS_OR_EQUAL“, however, it often has the word “LESS” misspelled. It states that there is a problem with gv3.sys file or Zeus malware while in reality your system is working and is only locked by the virus.

Here is an example of fake error message:

A problem has been detected and windows has been shutdown to prevent damage to your computer.
 
DRIVER_IRQL_NOT_LES_OR_EQUAL

Contact your system administrator or technical support group for further assistance.
for Contact us Toll Free +1-888-496-5150 If this is the first time you’ve seen this stop error screen, 
restart your computer, If this screen appears again,
follow these steps: Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.
If problems continue, disable or remove any newly installed hardware or software.
Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components,
restart your computer, press F8 to select Advanced Startup Options,
and then select Safe Mode.

Technical information:
*** STOP: 0x00D1 (0x00C,0x002,0x00,0xF86B5A89)
*** gv3.sys – Address F86B5A89 base at F86B5000, DateStamp 3dd9919eb

Beginning dump of physical memory Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.
for Contact us Toll Free +1-888-828-6971

The virus also displays a fake alert with the same contact information:

Microsoft Security Essentials detected 5 potential threats 
that might compromise your privacy or damage your computer. 
Microsoft Security Essentials wasn't able to block virus.
Helpline: +1-888-828-6971

There is also a button on the lock screen called “Microsoft Help Desk“. When clicked, this button minimizes the lock screen and opens https://www.fastsupport.com in a new Internet Explorer window. While the lock screen is minimized you should be able to access your computer as normal.

The main purpose of this virus is to get the users to call the fake support number. The scammers might then try varios tactics in order to extort as much money as possible. This can range from simply offering paid error removal services to installing additional software on your computer and stealing personal data and online banking credentials. The support line might also charge increased rates even though it is presented as a Toll Free number.

Tech support scam viruses spread through various channels. Sometimes they are sent as attachments with spam emails. In other cases they are bundled with other software and get installed together. Finally, you can find such infections attached to various cracks, torrent downloads and other suspicious or illegal software. There is usually no way of knowing that the virus is installing until it activates and locks the computer.

You should remove this malware as soon as possible if you want to restore access to your machine. Just closing the warning screen is not enough as the virus will come back when you will launch the computer. Therefore, we recommend using the automatic removal and protection tool or following the manual guide below.

Here are some screenshots of the virus:

  


 Manual Removal Instructions:

Make sure to bookmark this page, print it out or simply open on another device in order to access it after a browser or computer restart which may be required during the removal process.

Only proceed if you feel confident with editing important system files and settings!

Step 1:

Start by killing the screen locker process.

Press at the same time: CTRL + SHIFT + ESC to launch Windows Task Manager.

Alternatively you can minimize the lock screen by clicking the Microsoft Help Desk button. Then you will be able to launch the Task Manager by right-clicking on Windows toolbar/startbar and clicking Start Task Manager.

Look for one the following processes under the Processes tab:

bsodc23x1.exe
fatalerror.exe

Usually only one of these processes is running depending on the virus version you have been infected with.

Right-click on each of them and choose Open File Location.

Right-click on the same process again and choose End Process.

Delete the process file in the opened location so it would not launch again.

Step 2:

Clean up Windows temporary files as the locker might operate from this folder.

Removing all temporary files is completely safe for your computer.

Hold Windows () key and click R key.

Enter the following in the field:

%Temp%

Click OK.

Simply select all files and folders displayed in the temporary files directory and delete them permanently by simultaneously pressing CTRL + A and then SHIFT + DELETE.

Step 3:

Delete registry values created by this virus.

Press and hold Windows () key and click R key.

Enter the following in the field:

regedit.exe

Click OK.

Search for any virus entries by pressing keyboard buttons CTRL + F and entering the virus name. Here are some examples:

driver_irql_not_les_or_equal
driver_irql_not_less_or_equal
fastsupport.com

Click Find Next.

Delete any registry entries associated with the virus.

Repeat the search until all entries are cleaned.

Make sure you delete only malicious entries as Windows registry is full of important information and deleting a critical entry might result in damaged operating system!

Step 4:

Remove suspicious programs from your startup config so they would not launch as soon as you boot your computer.

Hold Windows () key and click R key.

Enter the following in the field:

msconfig.exe

Click OK.

Go to the Startup tab and uncheck all suspicious entries.

The infected or fake startup items usually have “Unknown” listed as Manufacturer. However, sometimes they might pretend to be legitimate programs.

Check process location by hovering your mouse over the “Command” column. Navigate to the location and scan the file using virustotal.com if it looks suspicious but you are not sure.

Click OK when you are finished unselecting all potentially dangerous processes.

Step 5:

Enable recovery since the virus might have turned it off.

Hold Windows () key and click R key while holding to open “Run” window.

Enter the following in the field:

cmd

Click OK.

A comand prompt will open.

Copy the following:

bcdedit.exe /set {default} recoveryenabled yes

Right-click on the command prompt (black window) and select Paste.

Press Enter

Step 6:

Restore the old system settings using System Restore. The virus has changed them so you need to revert to the old ones.

Press and hold Windows () key and click R key.

Enter the following in the field:

rstrui.exe

Click OK.

A System Restore wizard will open.

Click Next.

Check Show more restore points.

If you see any restore points, restore the system. Make sure you select a point that has been created before the attack happened.

If there are no restore points you will see “No restore points have been created…” error.

After removing the virus

The symptoms should be gone after you follow this manual removal guide. However, your computer still needs a good protection. This is why we recommend simply using the automatic removal and protection tool listed at the beginning of this site or installing any other good antivirus suite.


Share your experience with us by leaving a comment!

Leave a comment to tell us about your experience removing this threat!
We can also help you if you run into any problems during the process, just don't hesitate to ask!

Leave a Reply

Your email address will not be published. Required fields are marked *