'Select Region' Tech Support Scam

'Select Region' Tech Support Scam Description

Computer users that are greeted by a blue screen with the title 'Microsoft Windows Select Region' after booting their OSes are likely to be infected with a Trojan that is associated with computer support tactics. The 'Select Region' screen message is displayed in full screen by a Trojan that is programmed to block your access to the desktop. The screen layout is styled to resemble the installation window for Microsoft's Windows 10 OS. The desktop overlay includes the Windows 10 logo in the top right corner and the 0800-652-8283 phone line listed in the top left corner of the screen. The right-hand side features five text fields that include information about your system and an invitation to select your country and region. Users are shown the following text:

'Customer Support: 0800-652-8283
Select Region
Please Select Region to Continue
Country [TEXT FIELD]
Device [DESKTOP]
Device Name [User-PC]
Operational System [Microsoft Windows ]

Computer users affected by the 'Select Region' TSS (Technical Support Scam) Trojan may be bale to edit their country and region's field, but the other fields are filled by the Trojan. The PC user may be able to click on the 'Next' button only. Clicking the button may trigger your browser to open in full-screen mode and download and run a customized version of a remote desktop utility like TeamViewer and LogMeIn. These tools are legitimate programs for remote computer administration. However, con artists may use them as well and pretend to be employees of Microsoft that are trying to help you remove viruses on your PC. You may be interested to know that the 0800-652-8283 phone line was reported for spam calls and computer supports tactics by the Mac OS users on February 3rd, 2017. It is no surprise that the company that operates the 0800-652-8283 phone line may try to expand to the Windows OS.

The layout of the 'Select Region' lock screen is similar to cases we have reported before, which include the 'Your Windows has been blocked' Pop-Ups and the 'Windows Has Been Blocked Due to Suspicious Activity' messages. The 'Select Region' TSS Trojan may prevent users from launching the Registry editor, the Command Line utility and the Task Manager by making changes to the system Registry. You may need to boot into Safe Mode on Windows and install a credible anti-malware utility that can detect and remove the 'Select Region' TSS Trojan.