TECHNOLOGY

Clever Scam Lures Even Smart Microsoft Users to Pay $25 for Fake ‘Windows Defender Essentials’

But you can fool the malware into thinking you paid.

Share on
BY Minda Zetlin - 01 Dec 2017

 Clever Scam Lures Even Smart Microsoft Users to Pay $25 for Fake 'Windows Defender Essentials'

PHOTO CREDIT: Getty Images

There are some very clever malware scams out there, but a newly discovered one named "Troubleshooter" targeting Windows users is the best one I've seen in a long time. It's extremely easy to fall for so don't be fooled.

The trouble begins with something that appears to most seasoned Windows users, the so-called "blue screen of death" in which your entire screen turns blue and you see text telling you that your operating system has crashed. In this case, the text says: "A problem has been detected and Windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: SYSTEM32.DLL" However, this is not a genuine blue screen of death, it's an image of a blue screen of death splashed across your computer monitor. Your computer is in fact running perfectly normally, (other than the Troubleshooter scam itself).

As might well happen with a genuine Windows malfunction, a screen will then appear informing you that Windows encountered and error and prompting you to click "Next" to diagnose and troubleshoot the problem. If you do click "Next," as many people likely do, the computer will pretend to perform a scan and then pop up a screen informing you that a whole list of .dll files are "missing or corrupt" and that troubleshooting cannot solve the problem. It then suggests you purchase something called "Windows Defender Essentials" for $25, which might seem to you like a reasonable and quick way to solve the problem.

And it will solve the problem (that was never there in the first place). If you click "Buy Windows Defender Essentials (Recommended)" it will take you to a PayPal page where you can pay $25. Once you do, another pretend scan will run, appearing to fix the problem. Curiously, in addition to software that fools you into thinking you have a problem, Troubleshooter also installs two other files, one that take a screen shot of your computer and another that shows you ads.

"Windows Defender Essentials" is a particularly smart name for a fake security app--doesn't it sound real? That's because Microsoft really does offer two software products called Windows Defender and Security Essentials.

If you encounter this scam, you don't have to pay the $25. There's a relatively simple way to fool the system into thinking that you've paid, described here. That can be handy for regaining control of your computer since other methods such as Control+Alt+Delete won't work. Once you've regained mastery, you can remove Troubleshooter altogether using Malwarebytes, which you can download for free. Here's a description of how to do it.

Speaking of Malwarebytes, hats off to Malwarebytes engineer Djordje Lukic for discovering Troubleshooter. Apparently users get Troubleshooter in the first place from downloading "cracked" or pirated software. Be warned.