What is Troubleshooter? Malware displays fake Blue Screen of Death to sell phony Windows antivirus
It claims that the infected PC has encountered an "unexpected error 0xc00000e9".
Security researchers have discovered a new strain of malware that displays the fake Blue Screen of Death and tricks a panicky user into buying phony Windows antivirus software. Researches at Malwarebytes, the malware called "Troubleshooter" infects a targeted device and displays the infamous, nerve-rattling BSOD (Blue Screen of Death) to users.
A "troubleshooting wizard" then pops up that claims to diagnose the infected PC and lists multiple "issues" on the device. It claims the PC has encountered an "unexpected error 0xc00000e9" and says several .dll files are missing or have been corrupted.
Hackers usually use malware to swipe personal and financial data, hold files for ransom or spy on users. However, this one prompts users to purchase a phony Microsoft security tool called 'Windows Defender Essentials' for $25 (£18.56) via PayPal to clear up the issue.
The name of the purported security software is actually a combination of two legitimate products from Microsoft - Windows Defender and Security Essentials.
The malware also disables short keys such as "Ctrl-Alt-Del" to prevent users from closing the pop-up window. Should a user attempt to do so, users are met with another popup that reads: "The application was unable to start correctly (0xc0000142). Click OK to close the application."
It can also take a screenshot of the user's desktop and sends it over to a remote IP address.
"Tech Support Scammers use different methods for distributing themselves. This particular one was offered as a cracked software installer," MalwareBytes said.
If a user does shell out $25, they are redirected to a "thank you" webpage and the malware is supposedly removed.
However, users can fix the issue themselves by rebooting the PC into Safe Mode and removing the malicious file.