'Windows Defender Prevented Malicious Software' Scam Description
The 'Windows Defender Prevented Malicious Software' message is generated by a Trojan that is associated with technical support tactics. The 'Windows Defender Prevented Malicious Software' should not be trusted because it promotes fake computer support services on the 877-360-0485 toll-free phone line, which is not operated by Microsoft Corp. The Trojan at hand is crafted to generate a lock screen on the desktop, which is loaded as soon as the user logs into Windows. Cyber security experts are not sure how the Trojan is delivered to users, but there is a good chance that a free program may have been bundled with badware. The 'Windows Defender Prevented Malicious Software' lock screen cannot be removed with the Alt+F4 keyboard command and tools like regedit.exe, Command Prompt, and taskmngr.exe may not be accessible.
Security analysts note that the 'Windows Defender Prevented Malicious Software' lock screen is styled to look like the update screen on Windows 10. Users that are shown the 'Windows Defender Prevented Malicious Software' screen are lead to believe that the Microsoft's security tool have detected threatening programs and access is limited to the PC. The text on the 'Windows Defender Prevented Malicious Software' screen reads:
'Customer Support: 1-877-360-0485
Please Enter Product Key
Windows Defender prevented an unrecognized and malicious software on your computer. Please enter your Windows Product Key. The Product Key should be on a label or the card inside the box that Windows Disk came in or in the confirmation email you received after buying it. If you have upgraded to Windows 10, you have a digital license instead of a key.
A product key is a 25 character code used to active Windows. It look like this:
PRODUCT KEY: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX'
The Trojan behind the 'Windows Defender Prevented Malicious Software' hoax provides links to download remote desktop tools such as Supremo, TeamViewer and GoToAssist. These tools are legitimate remote desktop utilities that are exploited by con artists with the aim to simulate virus infection on remote computers and offer a 'fix' in exchange for hundreds of dollars. We have seen the scenario play out with the Microsoft Security Essentials Alert Virus. Fortunately, researchers found a hardcoded key for the 'Windows Defender Prevented Malicious Software' lock screen, which you can enter. The key is THTY4-89LK6-RTI23-XZTOP-05ERY, and you may have to write it down on a piece of paper because copy/pasting is disabled on the 'Windows Defender Prevented Malicious Software' screen message. From here on, you could use a reputable anti-spyware tool to find and delete the Trojan that infiltrated your PC.