Follow @BPSPro

Facebook Microsoft Security Essentials Alert | Facebook Malware | Fake mstsc.exe File

2 Comments RSS Site Feed Author: AITpro Admin
Published: November 6, 2010
Updated: December 4, 2010

This is nuisance Malware and will not do any serious damage to your computer.  If you have clicked on any of the bogus Malware program buttons you may have further and more serious problems, but it appears that this Malware is just intended to trick you into buying bogus Malware cleaning software under the guise of being alerted by the Microsoft Security Essentials anti Malware program.  Since I did not click any of the buttons I’m not exactly sure what would happen next.

Clicking on a video on Facebook caused the download of mstsc.exe and 2 other files – hotfix.exe and dkfjasdfshd.bat.  This is a profile specific Malware attack that will only download these 3 files to your computer and launch what looks like a legitimate virus warning message – see below.  The 3 files are downloaded / located in your profile folder >>> C:\Documents and Settings\your_profile_name\Application Data folder.   This Malware does not add any Registry entries or any other Malware files to your computer system.  The program will disable Task Manager, Regedit, Regedit32, log off and shutdown so you may have to cold boot your computer in order to delete the 3 files.  Since this is a profile specific Malware infection it will be launched again as soon as you log back into the profile that is infected with these Malware files.  The easiest way to delete the 3 files is log into your computer with another computer account and navigate to the profile that has these files in it and delete them.  I did not try booting into Safe Mode and deleting them from the infected profile, but that may work.  You could also boot into DOS Safe Mode and delete the files that way using the DOS delete command.  I noticed that this Malware blocked the standard things like regedit32, etc that allow you to remove Malware programs, but it appeared that my computer functioned somewhat normally as far as opening other apps and panels so you could probably go to your control panel create a new computer account, reboot your system and log in with that new computer account and delete the 3 files in the profile of the computer account this is infected with the Malware.

The Microsoft Security Essentials Alert Warning Message is Bogus.  Microsoft Security Essentials is a legitimate anti-malware program, but this Malware is just imitating the legitmate software application.

Do NOT click on any of the Malware buttons!

facebook Malware Microsoft Security Essentials Alert

Looks like F-Secure documented this Microsoft Security Essentials fake on 10/22/2010.

My original search did not find this documented case.  This post contains additional technical info about the Malware scam.  Also check out the F-Secure site for other details that are not covered in this post.

mstsc.exe is a legitimate Microsoft file used for Remote Desktop Connection and is located in your /system32 folder.  So do not delete that file.  Any time you are unsure of whether a file is legitmate or not check the file’s properties by right mouse clicking on the file and clicking Properties.  99% of all Malware, Spyware or other malicious programs / files will not contain a Version tab that will tell you who created the file if it is a legitimate .exe, .dll or other type of file.

Legitimate MSTSC.exe Microsoft File Properties

Skip to toolbar