Micorsoft warns users of Hicurdismos, a ‘telephone tech support’ scam

by Radu Tyrsina
Radu Tyrsina
Radu Tyrsina
CEO & Founder
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of... read more
Affiliate Disclosure

We have lately been encountering numerous support scams that have considerably compromised user security, and safety has become a pressing issue, since technological misuse is modernized for misleading innocent users. The threat of tech-support scams have persisted for years, but seems to have grown significantly in the past years.

Hicurdismos is a fake Microsoft Security Essentials installer, that has spread like wildfire among users of Windows 10 and Windows 8, that tricks them into paying for hoaxes after contacting bogus help centers. Looks like some Tech support scammers, are determined to exploit Microsoft’s active and considerate customer care service by creating a false Microsoft Security Essentials Antivirus.

The Microsoft Security Essentials is an antivirus tool, initially introduced to users of Windows 7 or older Windows versions. As for the later ones, Windows Defender is a pre-installed antimalware service provided with Windows 8 and Windows 10, but some users still feel the need to download an external tool such as Microsoft Security Essentials (which is clearly not needed) for enhanced protection and security.

A recent survey has shown that half of the users who fell for the tech-support scams are aged between 18 and 34 years, which is a much higher impact than mature aged users. The young are a more affected target simply because of their close association with modern technology, which makes them ideal victims of deceitful webpages and pop-up ads.

The malware threat, detected as SupportScam:MSIL/Hicurdismos, deceives victims by generating a fake Blue Screen of Death (BSOD), and trick users into thinking that their PCs have encountered a fatal error, which then would lead them to call the support helpline, as persuaded in the message.

“The fake BSoD screen includes a note to contact technical support. Calling the indicated support number will not fix the BSoD, but may lead to users being encouraged to download more malware under the guise of support tools or software that is supposed to fix a problem that doesn’t exist,” Microsoft explains.

Calling the tech support agents does more harm than good and encourages users to download further malware, that imitates security repair tools. Users have reported financial damage, after paying for bogus scams and false repair instructions.

The company has published an official warning to users of the malware scam that has been recently getting around, and lands on a victim’s PC by mimicking an authentic Microsoft Security Essentials Installer which also possesses the same castle icon as Security Essentials. The malware once installed, generates”severe” warnings and locks an infected computer. Upon triggering, the malware disables the task manager and freezes the cursor to delude users into thinking that ‘Windows is unresponsive’. Microsoft reports that the malware is a production of a company implying to be Bluesquarez LLC.

Protection and Signs of the malware:

Though users aren’t completely helpless, and there are a few tactics to spot any fishy activity that might be caused by a fake antivirus or a malware attack:

  • Since the software is sham and illegal, Microsoft hasn’t signed it as their certified product and it should display warning messages from Microsoft’s SmartScreen – indicating that running the software could be harmful.
  • The downloaded file is since not an authentic Microsoft Security Essentials installers, comes with a name setup.exe (that is the extension most malware hold), that Microsoft doesn’t use for their installers. Moreover, the SmartScreen would also indicate that “the publisher of setup.exe couldn’t be verified.”
  • The BSoD is completely identical to the real BSoD error message, except that it displays contact information for the Support center suggested as “you can call our support at; 1-800-418-4202”, that is not mentioned on original BSoD messages.
  • Navigating to file properties, users can see if the company is listed as Microsoft Corporation, and if the file size exceeds 1 MB, which is the standard file size for Microsoft installers.

If a user observes any of these signs of a potential Hicurdismos malware, they should first-handedly run the  Windows Defender Offline tool to remove it, as it requires minimal PC access (because PC user interaction will supposedly be blocked by the malware) and no internet access. And of course, the best way to tackle any unauthorized activity, is to report it to the concerned organizations. So, Microsoft has urged their users to report any dishonest scam exercises on their Report a Scam form, as it would help them to investigate the incident and collect relevant data regarding the malware, to forward to the concerned authorities.