Home / malware SupportScam:MSIL/Hicurdismos.A
First posted on 22 October 2016.
Source: MicrosoftAliases :
There are no other names known for SupportScam:MSIL/Hicurdismos.A.
Explanation :
Installation
This threat is an installer that arrives by drive-by-download.
This threat drops a copy of itself in the following path:
"%SystemRoot%\bluesquarez llc\sysprotector\microsoft security essentials.exe"
This threat also creates an auto start launch point in the registry:
In subkey: HKEY_USERS\\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "Sysprotector"
With data: "%SystemRoot%\bluesquarez llc\sysprotector\microsoft security essentials.exe"
When run, the malware immediately renders the fake BSoD experience. To do so, it performs the following:
- Hides the mouse cursor (to make the user think the system is not responding)
- Disables Task Manager
(to prevent the user from terminating the process)- Displays the BSoD image, which occupies the entire screen (to prevent the user from using the PC)
For details, see Beware of Hicurdismos: It's a fake Microsoft Security Essentials installer that can lead to a support call scam.
Related information
- Tech support scams are a growing problem
Last update 22 October 2016
