'844-324-6233' Tech Support Scam

The '844-324-6233' tech support scam relies on freeware bundles to spread a backdoor Trojan onto systems and allows remote code execution. The '844-324-6233' tech support scam is related to a file named 'WinCPU.exe' that is built on the .NET framework and works like any other backdoor Trojan. When 'WinCPU.exe' is launched, the user will be shown a lock screen that prevents access to the desktop. The lock screen resembles the layout of the CMD utility and displays the following message:

'A problem has been detected, and windows has been shutdown to prevent damage to your computer.
DRIVER IRQL NOT LES OR EQUAL
If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps: of Contact us 1-844-324-6233
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.
If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Start windows normally to remove or disable components. restart your computer, press F8 to select. Advanced Startup options and then select Start Windows normally.
Technical information: error
Zeus was detected and put in quarantine Zeus is a very dangerous software used by criminals to steal data such as credit card information, access to banking accounts, passwords to social networks and emails.
***STOP: OXOOD1 (0X00C,0X002,0C00,0XF8685A89)
—*gv3.sys - Adress F8685A89 base at F8686000. DataStamp 3dd9919eb
Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.
Contact us +1-844-324-6233'

The '844-324-6233' lock screen cannot be removed using the 'Esc' button and the right-click menu. Users might need an advanced understanding of the Windows Task Manager to disable 'WinCPU.exe' without causing damage to Microsoft-powered services. While the '844-324-6233' lock screen is shown on your screen, 'WinCPU.exe' will connect to a remote Command and Control server and wait for instructions. The commands that 'WinCPU.exe' can run include opening pages on the Internet, the download of software from remote locations, a query for the system properties and a few others. Research revealed that the '844-324-6233' tech support scam is facilitated via the Neurotech System Management, which is a product of Neurotech Systems Limited. The Neurotech platform is used by companies like MTN, Ericsson, and Airtel according to Neurotechltd.com. It is not the first time or the last that con artists are outsourcing some of their work to hide their activities.

Computer users that find 'WinCPU.exe' on their machines should delete the program and use a credible anti-spyware tool to scan their machines for items linked to the '844-324-6233' tech support scam. The WinCPU software is known to store files in the folder of Microsoft under the AppData directory to avoid detection and prevent users from removing the application manually. You might want to consider using a reliable anti-malware tool to purge the programs that may be used to generate the '1-844-324-6233' lock screen on your desktop.