How To Remove The Troubleshooter Malware That Generates Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

According to Myce, the security researchers from Malwarebytes have discovered a malware called Troubleshooter, which generates fake Blue Screen of Deaths (BSODs) and asks the user to buy Windows Defender Essentials (fake Windows Defender version) to clean the computer.

The malware inserts a BSOD image and disables the key combinations that permit the user to close the windows (e.g. ALT+F4) and asks for 25$ on Paypal, for buying the fake version of Win Defender.

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

A security researcher found out that if the user pays for the fake software, the website gets opened and the malware kills himself. If you get in this situation, just use the CTRL + O combination and navigate to the website yourself (without paying the ransom).

Apparently, this type of malware spreads with cracked software, so if you are a good samaritan and use only genuine software or open-source alternatives, you should be safe.

To remove this software completely, you need to reboot in safe mode, delete the Troubleshooter.exe file from %temp%, disable the csrvc service and scan your computer with Malwarebytes. More detailed instructions can be found on this Malwarebytes forum thread.

Offers and promotions Security solutions and antivirus software

Get MalwareFox for free

Malwarefox is advanced, yet simple-to-use anti-malware solution for Windows computers. It gets rid of adware, spyware, browser hijacker and other malware and keeps PC safe from Ransomware. It provide aggressive detection capabilities and effective malware removal tool to keep your systems safe and secure.

Considering the advent newer form of cyber crimes, Anti-Malware software have become necessity these days. This is because traditional Antivirus programs are incapable of catching every threat.

MalwareFox is a lightweight yet powerful anti-malware program. It has clean and simple user interface. It is strong against adware, ransomware, and zero-day exploits. MalwareFox provides real-time protection against different malware attacks.You can turn to this application if you need a quick, efficient way to detect if your system has been targeted by malicious attacks and whether or not they had succeeded to infect it.

Just as you launch the program you will notice that the main window displays a bunch of statistics, which include the status of your PC, when you performed the last scan and the real-time protection status. Running a scan can be simply done by pressing the “Scan” button.

All things considered, if you’re looking for a handy malware scanner that lets you quarantine detected items, you can opt for MalwareFox AntiMalware.


Installer size: 5 MB.

Other notes: the software is very similar to Zemana Antimalware. In case you already have Zemana installed you will notice an error when installing MalwareFox stating that you have a newer version of MalwareFox, and I’m guesing that this is the case since it seems to use the same engine and algorithm for scanning against malware.

The offer is available for the next 2 days and a half through SharewareOnSale. Take advantage now and save $24.95. In case you miss the offer, please go to the developers website.


You are allowed to use this product only within the laws of your country/region. Zeroviruses and its staff are not responsible for any illegal activity. We did not develop this product; if you have an issue with this product, contact the developer. This product is offered “as is” without express or implied or any other type of warranty. The description of this product on this page is a marketing description, written by the developer with few more notes written by the ZeroViruses team. The quality and performance of this product is without guarantee. Download or use at your own risk. If you don’t feel comfortable with this product, then don’t download it.

Editorials and informational articles

Fruitfly malware went undetected for years

A new Mac malware has passed undetected for years allowing its operator to spy on its victims. The Fruitfly malware has been patched in January 2017, but Patrick Wardle, scientist researcher at security firm Synack has discovered another version of the malware out in the open. Patrick was formerly a NSA hacker.

This new version could gain control of the victim’s computer, take screenshots of their screen, take webcam photos and more. So far it has been known that Fruitfly has infected nearly 400 victims, but the number can be bigger. Most of the victims are in the United States.

Wardle has stated for ZDNed that “it’s not the most sophisticated Mac malware“. He also continued in another article from ArsTechnica stating “I don’t know if it’s just some bored person or someone with perverse goals […] If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons“.

After the discovery made by Wardle, he reported everything to the law enforcement officials. Also all domains know to be associated with the malware are no longer available. That should essentially neutralize the threat.

As you might all guess, the Apple representatives did not respond to an e-mail seeking comment for this article.

The interesting thing is that even though the malware is not that sophisticated, it managed to stay under the radar for so long. Compairing with the new Mac malware that appeared recently, Fruitfly malware was easily detectable. Given the facts, none managed to find it until recently.

According to a McAfee study, the infections of Mac operating systems is increasing and by the end of the year we’re expecting for the numbers to grow.

fruitfly malware

Credits for photo, Patrick Wardle.

Editorials and informational articles

Erebus Malware – web Hosting Provider paid 1 million dollars to ransomware attacker

The South Korean web hosting provider Nayana agreed to pay the 1 million dollars ransomware in Bitcoin, after 153 Linux servers were infected with Erebus malware on the 10th of June.

After the attack, over 3400 business websites the company hosted were encrypted. According to the initial Nayana’s announcement, the attacker has requested 550 Bitcoins (1,62 million dollars). After the company negociated with the attacker, the ransomware demanded was 397.6 Bitcoins (around 1 million dollars).

As Trend Micro reveals, the ransomware used in this attack was Erebus. Erebus is a piece of malware that was initially spotted in September 2016 on Windows operating systems. Looks like someone has ported the ransomware to Linux. The ransomware is used to target vulnerable servers.

Nayana’s website was running on Linux kernel, a kernel compiled back in 2008. Additionally, Nayana’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of wich were released back in 2006. Samples of the ransomware were submitted to VirusTotal also from Ukraine and Romania.

Details about Erebus Malware

The malware uses the RSA algorithm to encrypt AES keys and each infected file is encrypted with a unique AES key. However, the RSA-2048 public key is shared. The ransomware targets Office documents, databases, archives and multimedia files, being able to encrypt a total of 433 file types. But the malware was build specifically to target and encrypt web servers and data stored in them.

erebus malware - ransomware note

So, the only safe way of dealing with ransomware attacks is prevention. As we have previously recommended, the best defense against Ransomware is to create awareness within the organizations, as well as to maintain back-ups that are rotated regularly.

Most viruses are introduced by opening infected attachments or clicking on links to malware usually in spam emails. So, DO NOT CLICK on links provided in emails and attachments from unknown sources.

Editorials and informational articles

uTorrent malware ad is using a Flash exploit, be aware!

After installing the SecureAPlus anti-malware program, we’ve also found about an ad that’s been running on uTorrent – the ad installs malware through a Flash exploit.

We’ve found few discussions about the uTorrent malware ad on Reddit, and the confirmation actually came from Bleeping Computer.

So, how do you know if you’ve been infected with the malware? If you have any antivirus solution, it might trigger at some point a detection located in C:\Users\%username%\AppData\Local\Microsoft\Windows\INetCache. The name of the malware seems to be Exploint:SWF/Meargive.

If you’ve already been prompted by the anti-malware or antivirus solution that a detection was found, you could also scan your PC with other applications like: ADWCleaner, MalwareBytes, HitmanPro or Windows Deffender – until you’re sure that you got rid of the infection. Even though this might be a little bit tricky, because some infections stay hidden until their creators activate them in order to do a certain thing.

I’m going to post a tutorial in the next few days in order to help you out with getting to work with uTorrent without any ads. That way you could just avoid the malware that’s been spreading through uTorrent flash ad.

On a side note, just a heads up for Bittorrent users. Bittorrent might also have been compromised by this malware ad.

Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware spreading stopped – Thanks to Microsoft and MalwareTech security firm

As a reminder, WannaCry Ransomware is a ransomware malware created to use some exploits harvested from NSA hack. The infection spread in over 70 countries.

Microsoft has patched this issue, so the users that run supported Windows versions, Windows 7, Windows 8.1 and Windows 10, are safe if they have all the system updates installed and Windows Defender enables.

But despite this, Microsoft has published an emergency update for all the Windows systems (except Vista), in order to block the WannaCry ransomware, flagged by Microsoft Ransom:Win32/WannaCrypt .

Download the update patch matching your operating system and architecture:

All you have to do in order to patch your system is to download the update and install.

On top of Microsoft’s work to update and secure operating systems which reached EOL (end of life), a cybersecurity researcher from MalwareTech handle has managed to stop the WannaCry infection from spreading.

The researcher has studied the code and found a kill switch, hardcoded by the creator of the code in case he wanted to stop it from spreading. The malware was designed to stop if it got response from an internet domain, so the MalwareTech company registered that domain since the attacker did not bother to buy that domain.

According to Bitdefender, the malware spread in 104 countries, infected 180.000 devices, and only 102 victims decided to pay the $300 Bitcoin ransom.

As a piece of advice, as I said in the previous article, you should download the right patch for your operating system, keep Windows Defender active and do not open malicious mails.

WannaCry Ransomware spreading stopped


Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware infection is the largest in history

Recently, the British National Health System (NHS) has become the victim of WannaCry ransomware (also known as WCry or WanaCryptor), a very lethal computer virus that encrypts all the data from the infected computers. While the first infected systems were in UK, the virus has spread in other countries as well.

The attack took place on Friday (yesterday) and affected 74 countries (including UK, US, China, Russia, Spain, Italy and Taiwan), including 16 NHS trusts in UK, being the biggest in the history.

The WannaCry ransomware is based on an exploit harvested from the EternalBlue tool used for hacking by NSA and leaked a few months ago by the hacker group Shadow Brokers. Once a computer is hacked, it explores a vulnerability in the SMB file sharing. The most vulnerable computers are the ones with older operating systems and since the encryption is done with RSA-2048, the files cannot be decrypted without the hacker’s key.

The problem is that a lot of computers from public institutions still use Windows XP, a system which is very vulnerable to hackers, since it does not receive any more updates.

The losses were bigger than financial, this causing surgeons to cancel operations, because everybody was locked out of the system. For more information, see this Liliputing article.

The good thing in this is that Microsoft has released an update patch for all the supported Windows systems – Windows 7, 8.1 and 10 and the May 2017 updates should keep the users safe from this, if they have Windows Defender enabled with up to date signature database.

Final words:

If you keep your Windows system up to date with the latest updates and keep Windows Defender updated and enabled, you are safe from this ransomware malware.

Unfortunately, this happened because government agencies like NSA or CIA keep vulnerabilities unknown for their own benefit.

Hackers and hacks

Meet the rensenware ransomware – a ransomware that asks the users to play a game to unlock their data

The guys from the Malware Hunter Team have discovered the rensenware ransomware, a different type of malware, one that requires the victims to play a game and get a top score in order to get their files back.

It encrypts the documents, music files, pictures and personal user files but it does not ask the users to pay a bitcoin ransomware. Instead, the virus forces them to play a difficult game. The users have to reach the 0.2 billion score in LUNATIC level of TH12 – Undefined Fantastic Object and this may be a difficult mission for those who do not have gaming capabilities.

After the hacker (Tvple Eraser) created the rensenware ransomware he has also released an apology on Twitter, because he felt bad about it. The hacker has created an decryption tool and removed the rensenWare code from Github, in order to help the victims recover their data without having to win the game.

The hacker’s decrypting tool tricks the game’s memory directly, getting around the malware’s encryption without playing the game.

As a replacement for the initial ransomware, the hacker has uploaded the code without the encrypting part, as a joke.

For more information, see this article from If you want to be in touch with our other ransomware and related articles, follow the ransomware tag.


The number of Mac adware increased in 2016

Despite the fact that Mac computers are safer than Windows PCs because they use an Unix-based operating system, the number of attacks has increased a lot lately, hackers being more and more focused on Apple products.

According to this McAfee report, the number of macOS malware grew to 460.000, 744% more, compared to the year before.

Compared to the total number of malware (600 million instances) or with the mobile malware (which reached 15 million instances), 470 thousand is neglectable quantity.

Like on Windows and Android, the most popular mac malware is adware, which open different unwanted websites and that’s about it. They do not have the power to damage the system, they only annoy and distract the users.

In order to easily protect yourself against this kind of malware, you should use adblockers on your internet browsers, download software only from trusted sources and avoid opening unwanted mail attachments.

The more concerning part from the McAfee report is that there are the number of malware infections on Internet of Things devices is also growing, permitting the hackers to use those devices for various purposes.

It is a good thing that more and more devices are connected to the internet and communicate with each others, but this makes them more vulnerable as well.

For more information, see this article on 9to5mac.


Security solutions and antivirus software

The launch of iOS 10.3 might have been hurried due to a fake ransomware

The new iOS update to version 10.3 that was launched on the 28th of March might have been hurried after some user have reported that their devices are blocked due to a ransomware.

A virus that acted just like the FBI ransomware, to be more precise a pop-up that accused the owners of the devices that they have accessed illegal porn or pirated music, that seemed to be hard to remove or get rid off. In fact the ransomware was a fake one, and by clearing the browser cache memory the users could gain back full access to their devices.

The ransomware was created using JavaScript, a code used frequently on many websites. According to security company Lookout, the attackers were requesting 100 pounds under a iTunes coupon that was suppose to be sent out via a SMS to a certain phone number in order to unlock the victims phone.

Researchers have written that: “in fact the malware was a fake one and it did not encrypt any data. The purpose was to frighten the victims in order to pay for the unlocking of the browser before they would realize it is no need to pay a ransomware to recover phone data or access to the browser.

The patch from iOS 10.3 did fix the problem, but prof. Alan Woodward, expert in cybernetic security at Surrey University has said that many iPhone users have avoided the update because it would have also bring some new features regarding the devices functionality.

I, for personal reasons, have not updated my iOS since version 10.0.1 and I also recommend waiting for a couple of days before doing any updates, because not all updates are good. Have you updated to the new iOS 10.3 due to the fake ransomware?