Announcement

Collapse
No announcement yet.

How to remove the 1-844-208-3526 and Master.exe Fake Crash Screen

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to remove the 1-844-208-3526 and Master.exe Fake Crash Screen

    This guide is for a new Rogue.Tech-Support that displays a fake Windows crash, or BSOD, when you login to your computer in order to scare you into calling a remote tech support number. When installed, this infection will create a file called Master.exe, with a description called Nigma, and store it in the %AppData%\Master folder. It will also configure Windows to automatically launch master.exe when a user logs into Windows. Once master.exe is started, it will display a fake Windows crash, or Blue Screen of Death (BSOD), that states that your computer encountered an error and that you should call the listed support number. This support number, though, is for a remote tech support company who will try and sell you unneeded services.

    How to remove the 1-844-208-3526 and Master.exe Fake Crash Screen

    • Mon, 09 May 2016 11:26:27 EDT
    • Read 285 times








    This guide is for a new Rogue.Tech-Support that displays a fake Windows crash, or BSOD, when you login to your computer in order to scare you into calling a remote tech support number. When installed, this infection will create a file called Master.exe, with a description called Nigma, and stores it in the %AppData%\Master folder. It will also configure Windows to automatically launch master.exe when a user logs into Windows. Once master.exe is started, it will display a fake Windows crash, or Blue Screen of Death (BSOD), that states that your computer encountered an error and that you should call the listed support number. This support number, though, is for a remote tech support company who will try and sell you unneeded services.
    When the Master tech support scam is is installed it will also change a variety of Windows settings, including the disabling of the Windows Task Manager. This allows it to display fake the BSOD alert, which overlaps your entire screen, without fear that you can terminate it. The text of the BSOD crash that will be displayed is:
    A Critical Error has occurred. Please call certified Microsoft technicians
    at 1-844-208-3526 to prevent permanent damage to your system
    Please follow these steps:
    Do not shut down or restart your system until you have called a certified Microsoft technician.
    A full diagnosis is required in order to fully resolve any hardware or software issues.
    If this is a new installation, please inform the support representative.
    A Critical Error has occurred. Please call certified Microsoft technicians
    at 1-844-208-3526 to prevent permanent damage to your system
    Technical information:
    ****STOP: 0x00000054 (0x68697320, 0x00000069, 0x73206661, 0x00006B6f)

    Without a doubt, this program was created for the sole purpose of displaying a fake Windows crash to scare you into calling the listed remote support number. For no reason should you call this number, and if you have already purchased services from them, I would advise you to dispute the charges on your credit card company. To remove this Trojan and any related software, please use the removal guide below.
    Array
    View Associated 1-844-208-3526 Tech Support Scam Files C:\ProgramData\Microsoft\Windows\Start Menu\Programs\master\C:\ProgramData\country_data.txtC:\ProgramData\installationlimit_data.txtC:\Prog ramData\nigma.txt%AppData%\master\%AppData%\master\Master.exe%AppData%\master\MasterReports.dll%AppD ata%\master\uninstaller.exeFile Location Notes:
    %AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming.



    View Associated 1-844-208-3526 Tech Support Scam Registry Information HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1609 0HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1609 0HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\1609 0HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1609 0HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1409 3HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609 0HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1409 3HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1609 0HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 0HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr 1HKCU\Software\Microsoft\Windows\CurrentVersion\Run\master %AppData%\master\master.exeHKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingHKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\PopupsUseNewWindow 2HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\Enabled 1HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\WarnOnClose 0HKCU\Software\masterHKLM\SOFTWARE\Classes\TypeLib\{839891CF-C2A2-4B95-BA8D-AE02918B81F6}HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{839891CF-C2A2-4B95-BA8D-AE02918B81F6}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\master %AppData%\master\master.exeHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\BrowserEmulation\DisableSiteListEditing 1HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\CommandBar\ShowCompatibilityViewButton 1HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Safety\PrivacIE\DisableToolbars 0HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\TabbedBrowsing\PopupsUseNewWindow 2HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr 1HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\DisableAddonLoadTimePerform anceNotifications 1HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{839891CF-C2A2-4B95-BA8D-AE02918B81F6}HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Internet Explorer\BrowserEmulation\DisableSiteListEditing 1HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Internet Explorer\CommandBar\ShowCompatibilityViewButton 1HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Internet Explorer\Safety\PrivacIE\DisableToolbars 0HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Internet Explorer\TabbedBrowsing\PopupsUseNewWindow 2HKLM\SOFTWARE\master







    Click here to view the article.
Working...
X