Select Page

Scammers are using fake messages and a phony “Troubleshooter for Windows” app to get $25 from victims.

This story originally appeared on:

By: Abrar Al-Heeti

Scammers are tricking victims into paying $25 for fake security software, ZDNet reports.

The tech-support scammers use fake blue screen of death (BSOD) messages and a phony “Troubleshooter for Windows” application to try to sell a supposed Microsoft security product called “Windows Defender Essentials.” The name sounds like two real Windows anti-malware applications: Windows Defender and Security Essentials.

Malwarebytes researcher Pieter Arntz said the Troubleshooter app is being distributed through a cracked software installer.

Instead of troubleshooting, the app states that “Windows has encountered an unexpected error” and the computer is “missing .dll registry files resulting in computer failure.” Victims are encouraged to click “next” to diagnose and troubleshoot the issue.

Once the victim does that, they’re led to a screen that lists false problems and says the troubleshoot couldn’t fix the issue. But the message says it can be resolved by clicking a “Recommended” link to “Buy Windows Defender Essentials.” Selecting this leads to a page that encourages victims to send $25 to the scammer’s PayPal account.

A browser-based screen locker goes away after the money is paid.

“We can confirm this is a scam, and we recommend users follow advice on how to protect themselves against similar tech support scams in our April 3 and November 20 security blogs,” a Microsoft representative said.

According to tech support site BleepingComputer, victims can “trick” the program into shutting down: once they reach the PayPal purchase screen, they can hit Ctrl+O to open a dialogue box, and then enter This makes the program think they’ve paid the $25, and it shuts down.

Removal instructions for Troubleshooter are available on Malwarebytes.

Last week, Microsoft warned about a scam in which tech-support scammers trick users into calling a bogus hotline using click-to-call functionality in a website.

This story originally appeared on: