Microsoft has discovered a piece of malware masquerading as its Security Essentials software, which prompts users to call a tech-support scammer when active.

The malware has been christened Hicurdismos and comes to your PC via a drive-by download, the attack vector of choice for numerous malicious programmes.

When the malware is activated it brings up an error message that is strikingly familiar but there is something out of place. Can you spot it?

hic1-1024x640
Click to enlarge the image if you’re having trouble reading the text.

For those that can’t find the difference between this screen and other error messages, it’s that last line of the message which reads “if you’d like to resolve the issue over the phone you can call our support on 1-800-418-4202” that is out of place.

Microsoft never prompts users to call tech-support; instead it offers an error code which users have to search for.

Another tell tale sign that the file is malware is how different its install icon and file properties are from a legitimate Microsoft Security Essentials install file.

hic4

Interestingly, Hicurdismos doesn’t trigger a blue screen of death; it simply displays an image overlay and disables features to mimic the event, and rather well we might add.

The malware, when activated, disables the task manager so that Ctrl+Alt+Delete does nothing and it hides the mouse cursor to appear more authentic. It then brings the blue screen of death prompt to the fore and prevents the user from using the PC.

Getting rid of Hicurdismos

The first thing you should do if you encounter this malware is obvious: don’t call that “tech-support” number. If you have already we’ll touch on how to try solve that in a moment.

Microsoft suggests installing Windows Defender Offline to remove Hicurdismos. While the task manager is disabled you should still be able to hit the Windows key – which is usually beside the Alt key on the bottom right or left of your keyboard –  to bring up the Start menu.

From there you should be able to install Windows Defender Offline and then prompt a scan to  remove the malware.

If you’ve fallen prey to the scammers Microsoft suggests contacting your credit card provider to reverse the charges and changing all of your passwords.

Preventing a Hicurdismos infection is relatively simple. If your browser informs you that a file could harm your PC, take it seriously and don’t continue the download. In addition to that make sure you read through what some programmes are installing. Often malware comes bundled with other software and gets accidentally installed.

Microsoft also points out that there is no need for Microsoft Security Essentials on PCs with Windows 10 as Windows Defender has replaced it and is included – and switched on – in every new installation of the operating system.

Good luck, and be careful out there youngsters, Microsoft says you’re more prone to this sort of attack than your parents, even if your parents are the ones allegedly calling tech-support scammers.