'888-398-0888' Technical Support Scam
The '888-398-0888' technical support scam is a campaign run by fake computer support agents. The '888-398-0888' technical support scam utilizes a Screen Locker Trojan that you might install as a "critical update" to your existing anti-virus product. The company behind the '888-398-0888' technical support scam uses misleading pages on the Internet, fake security products and persistent pop-up windows to push a Screen locker program to users. The Screen Locker program may feature different names depending on the page that hosts the file. We have seen the '888-398-0888' technical support scam refer to leading brands in the cyber security sector. It is believed that by using trusted names, users are more likely to install questionable updates to their system and security solution.
Unfortunately, many users may fall for the "Install Critical Update" scheme given that the pop-up windows and dialog boxes on their screen include screenshots of Support.microsoft.com and a logo of a reputable AV product. The Screen Locker at hand is known to require admin-level system privileges and produce a full-screen message titled 'Windows Security has been Compromised'. The 'Windows Security has been Compromised' message is styled to look like a Windows 10 Blue Screen of Death (BSOD) report and show the '888-398-0888' phone line. Affected PC users are blocked from entering commands via the keyboard, and the computer mouse may be the only input method available. Computer security experts have reported that the 'Windows Security has been Compromised' Screen Locker disables the task manager and registry editor on Windows. The message displayed to users reads:
'Windows Security has been Compromised
Your Windows Security has been Compromised, and Microsoft has detected an unsolvable threat
and this threat can result a great loss to your computer and it has been violated the terms of Microsoft.
We (microsoft) will not be the responsible for any kinds of security threats.
Your PC has been Blocked, so you cannot access your PC right now and it is very much bad for you.
We have covered you with 2 options
1. Install a New Windows (Removes all the data and files)
2. Purchase and Verify the new License from the Microsoft Certified Technician
The choice is yours, If you choose the number 1. Then we are going to delete all of your files
from your computer and we are going to ban you from your PC and the 2nd one refers if you
want your files back, click the below button (what to do) and you need to purchase and verify
the new license from the microsoft certified technician and you will get your files back
[What to do|a button that loads a customized LogMeIn client]
Department: Windows Help and Support
Contact: +1-888-398-0888
Already got a new License? Submit it here: [text box] [Submit|fake button]'
It is recommended to avoid contact with the technicians answering the '+888-398-0888' phone line. You may be suggested that you are talking with a certified computer support agent, but that is far from the truth. Con artists receive calls from users who have fallen for the '888-398-0888' technical support scam and offer them a new Windows license for $300 to $600. Also, you may be offered to buy a "lifetime PC help subscription" that is paid only one time. Do not trust the information provided via the '+888-398-0888' phone line and other numbers that may be promoted on the 'Windows Security has been Compromised' BSOD screen. The 'Windows Security has been Compromised' Screen Locker should be removed by booting into Safe Mode and using a reliable anti-malware tool. AVs tag related files with the following detection names:
Gen:Heur.Ransom.MSIL.1
MSIL/FakeSupport.CT
Msil.Trojan.Blocker.Ahoi
TR/FakeSupport.avuvg
TROJ_GEN.R038C0OIG18
Trojan ( 0053c6e51 )
Trojan.FakeSupport!8.BA68 (CLOUD)
Trojan.IGENERIC
W32/Trojan.BYOV-8990
Win32/Trojan.Ransom.935
malicious.9328cd
