Jump to content

Removal instructions for Microsoft Security Essentials TSS


Recommended Posts

  • Staff
What is Microsoft Security Essentials TSS?

The Malwarebytes research team has determined that Microsoft Security Essentials TSS is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.

How do I know if my computer is affected by Microsoft Security Essentials TSS?

You will see this screen as soon as the executable is run:

mainws.png

and this prompt:

warning1ws.png

How did Microsoft Security Essentials TSS get on my computer?

Tech Support Scammers use different methods for distributing themselves. This particular one was installed as part of a bundle.

How do I remove Microsoft Security Essentials TSS?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application, but due to the nature of the infection this will require a few extra steps.
  • When confronted with the lockscreen shown above, click on the "Remote Support" button in the fake BSOD screen.
  • This will open an Internet Explorer window inviting you to use remote assistance.
    warning2.png
  • Minimize this window and you will have access to your desktop.
  • You can use taskmanager to use "End Process" for "bsodm.exe" or repeat the procedure above a few times as the blue screen will maximize every now and then.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Microsoft Security Essentials TSS?
  • No, Malwarebytes' Anti-Malware removes Microsoft Security Essentials TSS completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.
 

protection1.png


Technical details for experts

Note: the location of the executable may be different from case to case.

You may see these entries in FRST logs:
 
 () C:\Users\{username}\Desktop\bsodm.exe
 (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 HKCU\...\Winlogon: [Shell] C:\Users\{username}\Desktop\bsodm.exe [903168 2016-11-17] () <==== ATTENTION
 HKCU-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Users\{username}\Desktop\bsodm.exe [903168 2016-11-17] () <==== ATTENTION
Alterations made by the installer:
 
Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
       "Shell"="REG_SZ", "C:\Users\{username}\Desktop\bsodm.exe"
Malwarebytes Anti-Malware log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2016
Scan Time: 11:53 AM
Logfile: mbamBSODM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.17.06
Rootkit Database: v2016.10.31.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301305
Time Elapsed: 9 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.TechSupportScam, C:\Users\{username}\Desktop\bsodm.exe, 3728, Delete-on-Reboot, [5703843db5e552e44f259e37e91aba46]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.TechSupportScam, C:\Users\{username}\Desktop\bsodm.exe, Delete-on-Reboot, [5703843db5e552e44f259e37e91aba46], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.