Security home


Home / malwarePDF  


First posted on 05 September 2017.
Source: Microsoft

Aliases :

There are no other names known for SupportScam:MSIL/Tifine.A.

Explanation :


This support scam creates the following registry entry:

SysMon = ""


Tricks you into calling a fake tech support number

This threat displays the following window on your desktop, showing that you are infected with a malware and that you need to call the tech support number:

Stops or changes running processes in your PC without your consent

The threat then does the following:

  • Blocks mouse and keyboard input
  • Stops the following processes
    • Chrome
    • Firefox
    • Opera
    • IExplore
    • Safari
  • Disables Task Manager
  • Hides Start menu and Taskbar

Connects to a remote host

This threat then contacts the following remote URL to get the malware status:
  • hxxp://

It also creates a .bin file. The contents of this .bin file is the date and time when this malware is executed in the system.

Last update 05 September 2017



Malware :