Tweet
This guide is for the Your PC/Device needs to be repaired Tech Support Scam Trojan from the Rogue.Tech-Support-Scam family. When this infection is installed it will pretend show a fake Windows Blue Screen of Death that states that your PC or device needs to repaired and that the digital signature couldn't be verified. This fake crash screen will overlay the normal Windows screen so that you cannot access your desktop and programs.
Your PC/Device needs to be repaired Scam Removal Guide
This guide is for the Your PC/Device needs to be repaired Tech Support ScamTrojan from theRogue.Tech-Support-Scam family. When this infection is installed it will pretend show a fake Windows Blue Screen of Death that states that your PC or device needs to repaired and that the digital signature couldn't be verified. This fake crash screen will overlay the normal Windows screen so that you cannot access your desktop and programs.
The message is designed to scare you into the calling the listed 1-844-307-1890 phone number. If a victim calls the number they will be told that there could has a problem, is infected, or some other scare tactic in order to convince them to purchase unnecessary software and services. It goes without saying that you should not purchase anything from these people.
Thankfully it is not too difficult to remove this Trojan as you scan still access the Windows task manager to terminate the Nerta.exe process. Once you terminate the process, the crash screen will go away and you can start the Windows explorer and scan your computer for infections.
On a more technical side, you can also disable the fake crash screen by editing the %AppData%\st file and change the second line from True to False. Once you do that, the lock screen will eventually disappear.
The text of this fake crash screen is:
Your PC/Device needs to be repaired
The digital Signature for this File couldn't be verified.
File: \windows\syetm32\boot\winload.exe
Error code: 0xc0000428
The problem seems to be caused by the following file: atikmdag.sys
If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation,You'll need to use recovery tools. If you don't have any installation media [like a disc or USB device), contact your PC administrator or PC/Device manufacturer on these numbers. The automated phone system will ask for your installation ID (IID). Some charges may be applied by local operators for toll-free numbers in certain countries or regions.
Toll free:
1-844-307-1890
Error code:
20200
Installation ID:
1 2 3 4 5 6 7 8 9
8870 9976 5897 8543 5038 1954 9825 3608 7216
Technical Information:
*** STOP: OxaOOOOOl (OXOOOOOOOOOOOOOOO5, OXOOOOOOOOOOOOOOOO, OXOOOOOOOOOOOOOOOO,OXOOOOOOOOOOOOOOOO)
*** atikmdag.sys - Address 0xfffff8800f2c97ce base at 0xfffff8800f2a2000
Press Enter to try again
Press F8 for Startup Settings
How did the Your PC/Device needs to be repaired Scam get on my computer?
It is important to note that this tech support scam is bundled with and installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers youÂ*CustomÂ*orÂ*AdvancedÂ*installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.
As you can see, this program was created purely to scare you into thinking your Windows installation has a problem so that you will then call the listed number. For no reason should you call this number and buy tech support services, and if you have, you should contact your credit card company and dispute the charges. Please use this guide to remove all remnants of this scam from your computer for free.
Array
View Associated Your PC/Device needs to be repaired Scam Files C:\Program Files (x86)\Stlr\C:\Program Files (x86)\Stlr\nerta\C:\Program Files (x86)\Stlr\nerta\bto.icoC:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.dllC:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.pdbC:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.xmlC:\Program Files (x86)\Stlr\nerta\Comparers.dllC:\Program Files (x86)\Stlr\nerta\Garlic.dllC:\Program Files (x86)\Stlr\nerta\Garlic.pdbC:\Program Files (x86)\Stlr\nerta\InstallUtil.InstallLogC:\Program Files (x86)\Stlr\nerta\Ionic.Zip.Reduced.dllC:\Program Files (x86)\Stlr\nerta\LedControl.dllC:\Program Files (x86)\Stlr\nerta\log.txtC:\Program Files (x86)\Stlr\nerta\LoggingControl.dllC:\Program Files (x86)\Stlr\nerta\Microsoft.Win32.TaskScheduler.dllC:\Program Files (x86)\Stlr\nerta\Microsoft.Windows.Shell.dllC:\Program Files (x86)\Stlr\nerta\nerta.exeC:\Program Files (x86)\Stlr\nerta\nerta.exe.configC:\Program Files (x86)\Stlr\nerta\nertacs.exeC:\Program Files (x86)\Stlr\nerta\nertacs.exe.configC:\Program Files (x86)\Stlr\nerta\nertacs.InstallLogC:\Program Files (x86)\Stlr\nerta\nertastarter.exeC:\Program Files (x86)\Stlr\nerta\nertastarter.exe.configC:\Program Files (x86)\Stlr\nerta\Newtonsoft.Json.dllC:\Program Files (x86)\Stlr\nerta\Newtonsoft.Json.xmlC:\Program Files (x86)\Stlr\nerta\nrtupdates.exeC:\Program Files (x86)\Stlr\nerta\nrtupdates.exe.configC:\Program Files (x86)\Stlr\nerta\PDSA.Common.dllC:\Program Files (x86)\Stlr\nerta\System.Windows.Interactivity.dllC:\Program Files (x86)\Stlr\nerta\System.Windows.Interactivity.xmlC:\Program Files (x86)\Stlr\nerta\testwcf.exeC:\Program Files (x86)\Stlr\nerta\testwcf.exe.configC:\Program Files (x86)\Stlr\nerta\UrlHistoryLibrary.dll%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nerta.lnk%UserProfile%\AppData\Roaming\stC:\Windows\System32\Tasks\nertaFile Location Notes:
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7/8, and c:\winnt\profiles\ for Windows NT.
View Associated Your PC/Device needs to be repaired Scam Registry Information HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{875A84EA-06C9-41D4-8B0B-648010E5DDE1}HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nertaHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVe rsion\Uninstall\nertaHKLM\SYSTEM\CurrentControlSet\services\nrtService
Click here to view the article.
Your PC/Device needs to be repaired Scam Removal Guide
- Wed, 14 Sep 2016 16:39:21 EDT
- Read 892 times
This guide is for the Your PC/Device needs to be repaired Tech Support ScamTrojan from theRogue.Tech-Support-Scam family. When this infection is installed it will pretend show a fake Windows Blue Screen of Death that states that your PC or device needs to repaired and that the digital signature couldn't be verified. This fake crash screen will overlay the normal Windows screen so that you cannot access your desktop and programs.
The message is designed to scare you into the calling the listed 1-844-307-1890 phone number. If a victim calls the number they will be told that there could has a problem, is infected, or some other scare tactic in order to convince them to purchase unnecessary software and services. It goes without saying that you should not purchase anything from these people.
Thankfully it is not too difficult to remove this Trojan as you scan still access the Windows task manager to terminate the Nerta.exe process. Once you terminate the process, the crash screen will go away and you can start the Windows explorer and scan your computer for infections.
On a more technical side, you can also disable the fake crash screen by editing the %AppData%\st file and change the second line from True to False. Once you do that, the lock screen will eventually disappear.
The text of this fake crash screen is:
Your PC/Device needs to be repaired
The digital Signature for this File couldn't be verified.
File: \windows\syetm32\boot\winload.exe
Error code: 0xc0000428
The problem seems to be caused by the following file: atikmdag.sys
If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation,You'll need to use recovery tools. If you don't have any installation media [like a disc or USB device), contact your PC administrator or PC/Device manufacturer on these numbers. The automated phone system will ask for your installation ID (IID). Some charges may be applied by local operators for toll-free numbers in certain countries or regions.
Toll free:
1-844-307-1890
Error code:
20200
Installation ID:
1 2 3 4 5 6 7 8 9
8870 9976 5897 8543 5038 1954 9825 3608 7216
Technical Information:
*** STOP: OxaOOOOOl (OXOOOOOOOOOOOOOOO5, OXOOOOOOOOOOOOOOOO, OXOOOOOOOOOOOOOOOO,OXOOOOOOOOOOOOOOOO)
*** atikmdag.sys - Address 0xfffff8800f2c97ce base at 0xfffff8800f2a2000
Press Enter to try again
Press F8 for Startup Settings
How did the Your PC/Device needs to be repaired Scam get on my computer?
It is important to note that this tech support scam is bundled with and installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers youÂ*CustomÂ*orÂ*AdvancedÂ*installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.
As you can see, this program was created purely to scare you into thinking your Windows installation has a problem so that you will then call the listed number. For no reason should you call this number and buy tech support services, and if you have, you should contact your credit card company and dispute the charges. Please use this guide to remove all remnants of this scam from your computer for free.
Array
View Associated Your PC/Device needs to be repaired Scam Files C:\Program Files (x86)\Stlr\C:\Program Files (x86)\Stlr\nerta\C:\Program Files (x86)\Stlr\nerta\bto.icoC:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.dllC:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.pdbC:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.xmlC:\Program Files (x86)\Stlr\nerta\Comparers.dllC:\Program Files (x86)\Stlr\nerta\Garlic.dllC:\Program Files (x86)\Stlr\nerta\Garlic.pdbC:\Program Files (x86)\Stlr\nerta\InstallUtil.InstallLogC:\Program Files (x86)\Stlr\nerta\Ionic.Zip.Reduced.dllC:\Program Files (x86)\Stlr\nerta\LedControl.dllC:\Program Files (x86)\Stlr\nerta\log.txtC:\Program Files (x86)\Stlr\nerta\LoggingControl.dllC:\Program Files (x86)\Stlr\nerta\Microsoft.Win32.TaskScheduler.dllC:\Program Files (x86)\Stlr\nerta\Microsoft.Windows.Shell.dllC:\Program Files (x86)\Stlr\nerta\nerta.exeC:\Program Files (x86)\Stlr\nerta\nerta.exe.configC:\Program Files (x86)\Stlr\nerta\nertacs.exeC:\Program Files (x86)\Stlr\nerta\nertacs.exe.configC:\Program Files (x86)\Stlr\nerta\nertacs.InstallLogC:\Program Files (x86)\Stlr\nerta\nertastarter.exeC:\Program Files (x86)\Stlr\nerta\nertastarter.exe.configC:\Program Files (x86)\Stlr\nerta\Newtonsoft.Json.dllC:\Program Files (x86)\Stlr\nerta\Newtonsoft.Json.xmlC:\Program Files (x86)\Stlr\nerta\nrtupdates.exeC:\Program Files (x86)\Stlr\nerta\nrtupdates.exe.configC:\Program Files (x86)\Stlr\nerta\PDSA.Common.dllC:\Program Files (x86)\Stlr\nerta\System.Windows.Interactivity.dllC:\Program Files (x86)\Stlr\nerta\System.Windows.Interactivity.xmlC:\Program Files (x86)\Stlr\nerta\testwcf.exeC:\Program Files (x86)\Stlr\nerta\testwcf.exe.configC:\Program Files (x86)\Stlr\nerta\UrlHistoryLibrary.dll%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nerta.lnk%UserProfile%\AppData\Roaming\stC:\Windows\System32\Tasks\nertaFile Location Notes:
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7/8, and c:\winnt\profiles\ for Windows NT.
View Associated Your PC/Device needs to be repaired Scam Registry Information HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{875A84EA-06C9-41D4-8B0B-648010E5DDE1}HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nertaHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVe rsion\Uninstall\nertaHKLM\SYSTEM\CurrentControlSet\services\nrtService
Click here to view the article.