New Tech Support Scam Mimics Blue Screen of Death and Windows Troubleshooter

A Malwarebytes researcher recently discovered a new “tech support scam” that mimics both the Windows Blue Screen of Death (BSOD) error screen and the Windows Troubleshooter application. This scheme attempts to extort $25 from unsuspecting victims by recommending the purchase of Windows Defender Essentials and displaying a link that opens a PayPal purchase page. If the victim proceeds with the purchase, the fraudulent troubleshooter detects the string in the subsequent URL and pretends to repair the infected system. This screen-locking extortion software is distributed via a trojan that masquerades as a cracked software installer. Once a system is infected, the trojan downloads several executable files including csrvc.exeBSOD.exe,Troubleshoot.exeScshtrv.exe, and adwizz.exe that are designed to kill processes associated with the Task Manager, Registry Editor, and Explorer and launch the extortion scheme. After the infection process, it uploads a screenshot from the victim’s system to a hard-coded FTP server. The NJCCIC recommends affected users review Bleeping Computer’s article for additional information on indicators of compromise and removal instructions.

AlertNJCCICScam, Campaign