Click here to visit Original posting
Remove the MSSecTeam Tech Support Scam (Removal Guide)
- Sun, 12 Feb 2017 12:42:03 EST
- Read 686 times
The MSSecTeam Tech Support Scam is a Trojan.Tech-Support-Scam that displays a lock screen pretending to be from Microsoft's Security Team that states that your files have been encrypted and your computer locked because of detected illegal behavior. It then proceeds to state that the files on the computer have been encrypted using ZhuangZi encryption, which is a fake encryption method. In order to unlock the computer, the Trojan states that you must send .5 bitcoins to the mssecteam@sigaint.org address.
Furthermore, while this infection is running it will terminate the Windows Explorer, which is your desktop, and the Task Manager screen to make it more difficult to remove. This obviously a scam and nothing more than a computer infection locking your computer. For no reason should you send any money to unlock your computer from this infection.
The text of the MSSecTeam Tech Support Scam is:
Have A Key?
Files Locked: Complete/Yes
Case No: 43278
System Status: Locked
Contact Us: mssecteam@sigaint.org
Notice from Microsoft Corporation
All activities of this computer have been recorded.All your files are encrypted as our government order.We used ZhuangZi encryption method to encrypt your files.
Your computer has been blocked due to violation of Copyright and Related rights law and illegally using and distributing copyrighted contents.Your documents,database and all files have encrypted with strongest encryption and unique key,generated for this computer.Your decryption key is stored on a Internet server.No third party softwares can decrypt your files until you pay and obtain the private key.If you don't send money to our Microsoft address within the week,your all files will be parmanently crypted and no one will be able to recover them.(Article 1,Section 8; Article 202; Article 210 of the criminal code of U.S.A. provides for a deprivation of liberty for 4-12 years)
This computer lock is aimed to stop below illegal activity
Your IP was used to:
Working on illegal copy of Windows
Sending Spam messages using Botnets
Distributing copyrighted contents via Torrents
Visiting harmful websites for download malware infected software
The lock screen will also contain two buttons called License and Payment that display additional information when you click on them. The License button will display the following text:
SCOPE OF LICENSE.
The software is licensed, not sold. This agreement only gives you some rights to use the features included in the software edition you licensed.
Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement.
In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.
You may not
1·work around any technical limitations in the software;
2·reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
3·use components of the software to run applications not running on the software;
4·make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
5·publish the software for others to copy;
6·rent, lease or lend the software; or
7·use the software for commercial software hosting services.
The payment button will display:
Install Tor Browser in another PC.
Your all files are locked.Pay 0.5 Bitcoins to our unique address to get back your files.
For address mail me with your Name,Institute name along with your E-mail ID and Case no:
for more information about how to pay? Leave a mail
mssecteam@sigaint.org
Last, but not least, when you try to close the program it will display an alert with the following message:
Please contact msssecteam@sigaint.org with your Institute Name.
As you can see, this scam was created to trick you into emailing the listed address so that the developers can try and convince you into making a payment. For no reason should you contact these developers and should instead remove this Trojan and any related software for free by using the removal guide below.
microsoftsecteam.exe