Fake Windows Troubleshooting Support Scam Convince Users Into Purchasing A Fake Windows Defender

“Windows Troubleshooting” is a new nasty scam that distributes as cracked software installer, it displays a fake BSOD, or Blue Screen of Death, on the infected machine and then shows Troubleshooting Windows pop up that seems like legit Windows Troubleshooter.

The Troubleshooting scam has been detected by Pieter Arntz (a security researcher from Malwarebytes), the researcher said that Tech Support Scammers use different techniques for distributing themselves. This particular one was offered as a cracked software installer.

After installed, the scam will say that your Windows cannot be fixed, prevents you from using Windows, and encourages you to buy a program using PayPal to fix the “detected problems” and unlock the screen.

The option of “Buy Windows Defender Essentials” will open a PayPal page to let you purchase the app for $25. The funds will be transferred to the following PayPal address “lillysoft.it@gmail.com” and use the following URL:
“https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DXKLEMZTGTTDY”

After a successful payment, victims will be redirected to “hitechnovation.com/thankyou.txt”, which includes the word “thankuhitechnovation” that tells the program to open a new screen that pretends to fix the issues and enables the victim to close the program.

How to remove it?

To remove this scam, you should first bypass the lock screen, the malware uses a simply breakable mechanism to verify if a victim made a payment or not. But, you can simply workaround this issue by following these steps:

– Open the fake PayPal purchase screen.
– Press Ctrl + O keys from the keyboard to launch open dialog box.
– Type http://hitechnovation.com/thankyou.txt into Open box and press enter.

That’s all. You should be able to close the window and access your Windows because the program will think the user paid and shut itself down.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA