Fake BSOD

Fake BSOD: a reader asks…

I have an HP laptop with Windows 10 and recently got this error message. It lists an 800 number that I should call for help with the error. Before I grab my phone, is this legit?

In a word, no. This is a scam. Likely you were attempting to get the Microsoft Security Essentials program to protect your computer, but clicked on a link that wasn’t really from Microsoft. Instead of getting the official program, you got malware, most likely “Hicurdismos”. This malware also disables your cursor and Task Manager to make you think that Windows is not responding.

Real error messages from Microsoft never include an 800 number to call, nor do they ask for payment for giving you tech support, which you would have gotten if you’d have called the number.

I should mention that with Windows 10, you don’t need Microsoft Security Essentials because the protection capability is built into the Windows Defender that comes with Windows 10. Microsoft Security Essentials was for previous versions of Windows that had a much weaker version of Windows Defender.

So at this point, your best bet is to run Windows Defender Offline (see https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc). To do this:

1. Click Start, then Settings, then choose the Update & Security
2. Click the Windows Defender menu option
3. Scroll down to the Windows Defender Offline entry and click the Scan Offline button.

This will restart your computer and take a good 15 minutes to run, but should remove the malware.

As another alternative, you can get Malwarebytes Anti-Malware (from https://www.malwarebytes.org/antimalware/) install and run that to remove the malware. The free version will work just fine to detect and remove the Hicurdismos malware, but you might want to buy the Premium version to provide full-time protection.

I should mention that in order to get that fake error message, you would have had to have clicked through two approvals. The first one is the normal one you get whenever you try to install a program, but the second one should have raised your hackles, since it warned that the setup.exe program’s publisher couldn’t be verified. You may want to take a beat and reconsider your thinking on how to respond to warning messages that pop up on screen, that warning is a dead giveaway that you’re likely installing bad software.

If by chance you went ahead and called that 800 number, talked to the technician and gave them money, Microsoft recommends you take the following actions:

• Apply all security updates as soon as they are available. Do a full scan to remove the threat.
• Change your passwords.
• Call your credit card provider to reverse the charges, if you have already paid.
• Monitor anomalous logon activity. Block traffic to services that you would not normally access.

There’s a good chance that the scammer has snooped their way into your digital life and now has access to your email, bank, social media and shopping accounts. Once your computer is secured against the malware, you need to go and change all your passwords. Rather than use a single new password for everything, give each account a unique and strong password. For that, you need a password manager to keep track of all the passwords for you, and I like LastPass, although 1Password and Dashlane are other good choices.

---

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via (send to @PosiTek), (send to Support@PosiTek.net), using any credit card (no Paypal account required), using Zelle, Apple Pay or Google Pay, or by mailing a check or cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thank you!

Go to Top of Page