Avoid this "Casino Online Promotion" 419 Scam

Tech support scammer follow-up

This post is a sequel to Tech support scammers using Winlogon. As we have found after writing that post there are many variants of this scam. The removal guides with examples can be found on our forums [1], [2], [3], and [4].

I want to go into some more detail about the last one. Where the first variants all showed you a screen asking for a product key and some buttons that the “remote assistants” could use to “magically” solve your reboot problem (that they caused themselves in the first place), this one just appears to be hanging. It just displays the phone number, a Microsoft Windows logo, the moving dots associated with “wait a bit, we’re working on it”, and a “Start” button.

main

This one can also be seen with the phone number 1-844-386-3111

Below is the sequence of events that follows if you choose to click the button(s) presented to you.

step2

After clicking Start we get this. OK, so let’s try Next

step3

Change without progress. Let’s focus on the prompt.

dumbfound

Is that English? But OK.

genuine

But….

pleasecall

Screaming in caps are we?

pleasecall2

OK. That’s better.

Clicking OK there gets us back to this one.

thekey

By now they hope you are frustrated enough to call them. Thank Redmond for Ctrl-Alt-Del though. Using that key combination and picking “Start Task Manager” we took a look at the running processes.

taskmanager

And it’s relatively easy to spot the culprit. In this example there is only one error.exe running, but I have seen up to 3 of them, so make sure to “kill ‘em all”. Start another instance of explorer after doing so and you should have back control and be able to remove the application that calls itself LicenseError.

Extra information

A full removal guide for this variant can be found on our forums.

Md5 of the installer : e73bba955204e4f3ba800fecf0fff43a

Malwarebytes Anti-Malware Premium detects and blocks the installer as Rogue.TechSupportScam as it does any of the others in this series.

protection1

Save yourself the hassle and get protected.

Pieter Arntz

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.