How To Remove The Troubleshooter Malware That Generates Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

According to Myce, the security researchers from Malwarebytes have discovered a malware called Troubleshooter, which generates fake Blue Screen of Deaths (BSODs) and asks the user to buy Windows Defender Essentials (fake Windows Defender version) to clean the computer.

The malware inserts a BSOD image and disables the key combinations that permit the user to close the windows (e.g. ALT+F4) and asks for 25$ on Paypal, for buying the fake version of Win Defender.

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

A security researcher found out that if the user pays for the fake software, the website http://hitechnovation.com/thankyou.txt gets opened and the malware kills himself. If you get in this situation, just use the CTRL + O combination and navigate to the website yourself (without paying the ransom).

Apparently, this type of malware spreads with cracked software, so if you are a good samaritan and use only genuine software or open-source alternatives, you should be safe.

To remove this software completely, you need to reboot in safe mode, delete the Troubleshooter.exe file from %temp%, disable the csrvc service and scan your computer with Malwarebytes. More detailed instructions can be found on this Malwarebytes forum thread.

Leave a Reply