First posted on 05 September 2017.
There are no other names known for SupportScam:MSIL/Tifine.A.
This support scam creates the following registry entry:
SysMon = ""
Tricks you into calling a fake tech support number
This threat displays the following window on your desktop, showing that you are infected with a malware and that you need to call the tech support number:
Stops or changes running processes in your PC without your consent
The threat then does the following:
- Blocks mouse and keyboard input
- Stops the following processes
- Disables Task Manager
- Hides Start menu and Taskbar
Connects to a remote host
This threat then contacts the following remote URL to get the malware status:
It also creates a .bin file. The contents of this .bin file is the date and time when this malware is executed in the system.
Last update 05 September 2017