Click here to visit Original posting
Remove the MyPC Doctor Tech Support Scam (Removal Guide)
- Thu, 26 Jan 2017 15:09:08 EST
- Read 3458 times
The MyPC Doctor Tech Support Scam is a Trojan from the Trojan.Tech-Support-Scam family that locks you out of your Windows desktop and displays a lock screen asking you to enter a password to gain access. This lock screen pretends to be security warning stating that your computer has a problem and that you should contact MyPC Doctor for help. Randomly, this tech support scam will also display a screen that pretends to be an alert from Malwarebytes stating that your computer encountered a problem and that you should contact the listed number.
It goes without saying that this a scam that is designed to scare you into thinking your computer has a problem so that you contact the remote tech support number. Once you call the number the scammers will most likely try to sell you unnecessary support services and software.
The screen locker that is displayed instead of your desktop will contain a small box that contains the following alert and has a password prompt: The text of this alert is:
ERROR_BAD_COMMAND 22 (0x15)
The device is not ready
Contact Support: 1-855-223-9012
The background for the main lock screen will also contain an alert stating that it is from MyPC Doctor. This alert reads:
MyPC Doctor
Alert!!
A problem has occurred that needs your attention:
Error Code generated: b-00xx01
Please Call us for more assistance.
We will be helping you 24X7.
Toll Free Number
1855 223 9012
0800 0662548
Finally, the Trojan will also display another alert Windows that pretends to be from Malwarebytes that states:
Malwarebytes
Alert!!
A problem has occurred that needs your attention:
Error Code generated: b-00xx01
Please Call us for more assistance.
We will be helping you 24X7.
Toll Free Number
1855 223 9012
0800 0662548
The good news is that even though this Trojan can be a pain to remove, it can be done for free if you follow the instructions in the guide below. If anyone needs any help with this procedure, they are more than welcome to ask in the forums for assistance.
How did the fake MyPC Doctor Tech Support Scamget on my computer?
It is important to note that this Trojan is installed by other programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.
Without a doubt, this scam was created to trick you into calling the listed number so that the developers can try and convince you into purchasing unnecessary services or software. For no reason should you call this number, and if you have already have purchased services, I advise you to dispute the charges with your credit card company. To remove this Trojan and any related software for free, please use the removal guide below.
C:\Program Files (x86)\GMusicPlayer C:\Program Files (x86)\GMusicPlayer\GMusicPlayer C:\Program Files (x86)\GMusicPlayer\GMusicPlayer\GMusicPlayer.exe C:\Program Files (x86)\GMusicPlayer\GMusicPlayer\track6.bat C:\Program Files (x86)\GMusicPlayer\GMusicPlayer\Uninstall.exe C:\Program Files (x86)\GMusicPlayer\GMusicPlayer\Uninstall.ini C:\Users\User\Desktop\GMusicPlayer.lnk C:\Windows\active.bat C:\Windows\active.exe C:\Windows\doctormypc.exe C:\Windows\jj.exe C:\Windows\mycent.exe C:\Windows\track.exe C:\Windows\tt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jj C:\Windows\jj.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run\labelexe C:\Windows\mycent.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MyPc Doctor C:\Windows\MyPc Doctor\MyPc Doctor.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell C:\Windows\doctormypc.exe HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\jj C:\Windows\jj.exe HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\labelexe C:\Windows\mycent.exe HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GMusicPlayer 1.00 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GMusicPlayer 1.00\DisplayName GMusicPlayer 1.00 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GMusicPlayer 1.00\DisplayIcon C:\Program Files (x86)\GMusicPlayer\GMusicPlayer\Uninstall.exe HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GMusicPlayer 1.00\UninstallString C:\Program Files (x86)\GMusicPlayer\GMusicPlayer\Uninstall.exe HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GMusicPlayer 1.00\NoModify 1 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GMusicPlayer 1.00\NoRepair 1 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption Windows Firewall Warning! HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText You might be infected with adware / spyware virus. Call 1-855-223-9012 immediately. Fast assistance with removing viruses. (Toll-FREE 1-855-223-9012 , High Priority Call Line). Seeing these pop-up’s means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk. It’s strongly advised that you call the number above and get your computer fixed before you continue using your internet, especially for shopping. Possible Privacy Breach if virus not removed immediately: Data exposed to risk: 1. Your credit card details and banking information. 2. Your e-mail passwords and other account passwords. 3. Your Facebook, Skype, AIM, ICQ and other chat logs. 4. Your private photos, family photos and other sensitive files. 5. Your webcam could be accessed remotely by stalkers with a VPN virus. (Toll-FREE 1-855-223-9012 , High Priority Call Line) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "C:\Windows\doctormypc.exe"