No replies to this topic

[Metallica]

Content is republished with permission from Malwarebytes.

What is TSS Microsoft Help Desk?

The Malwarebytes research team has determined that TSS Microsoft Help Desk is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.

How do I know if my computer is affected by TSS Microsoft Help Desk?

You will see this screen as soon as the executable is run:



and this screen will appear a little later flashing the "High Risk !" text:



How did TSS Microsoft Help Desk get on my computer?

Tech Support Scammers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove TSS Microsoft Help Desk?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application, but due to the nature of the infection this will require a few extra steps.

• When you are confronted with the lockscreen, click on the part that says "Microsoft Help Desk".
  
• The blue screen called "Shell" will minimize and Internet Explorer will open a window to fastsuppport.com.
  
• Minimize that window and you should have access to your desktop.
• At certain intervals the lockscreen will maximize again. Repeat the procedure above until you were able to carry out the instructions below.
• Please download Malwarebytes Anti-Malware to your desktop.
• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.

Is there anything else I need to do to get rid of TSS Microsoft Help Desk?

• No, Malwarebytes' Anti-Malware removes TSS Microsoft Help Desk completely.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.

Technical details for experts

You may see these entries in FRST logs:

 () C:\Users\{username}\Downloads\bsodc23x1.exe
 HKCU\...\Winlogon: [Shell] C:\Users\{username}\Downloads\bsodc23x1.exe [49664 2016-12-09] () <==== ATTENTION

Alterations made by the installer:

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
       "Shell"="REG_SZ", "C:\Users\{username}\Downloads\bsodc23x1.exe"

Malwarebytes Anti-Malware log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/9/16
Scan Time: 9:01 AM
Logfile: mbamHelpdesk.txt
Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.670
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: METALLICA-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350840
Time Elapsed: 8 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Trojan.TechSupportScam, C:\USERS\METALLICA\DOWNLOADS\BSODC23X1.EXE, Quarantined, [125], [350133],1.0.670

Module: 1
Trojan.TechSupportScam, C:\USERS\METALLICA\DOWNLOADS\BSODC23X1.EXE, Quarantined, [125], [350133],1.0.670

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.TechSupportScam, C:\USERS\METALLICA\DOWNLOADS\BSODC23X1.EXE, Delete-on-Reboot, [125], [350133],1.0.670

Physical Sector: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):

• Dynamically Blocks Malware Sites & Servers
• Malware Execution Prevention

Save yourself the hassle and get protected.