Best Security Search
Suspicious Software Tech support scams

How to Remove MSSecTeam Tech Support Scam

“Notice from Microsoft Corporation

All activities of this computer have been recorded.All your files are encrypted as our government order.We used ZhuangZi encryption method to encrypt your files…”

This is how the notification of MSSecTeam begins. However, make no mistake to believe this message is sent by Microsoft Corporation neither your computer is locked as a result of detected illegal actions. In fact, MSSecTeam is a tech support scam that is trying to scare its victims and urge the sending of 0.5 bitcoins to [email protected] address.

Read further about the scam and how to fix your computer.

MSSecTeam Tech Support Scam – Features

MSSecTeam tech support scam is a Trojan malware that locks the computer screen by displaying a fake Microsoft Security Team notice. According to the depicted text, your computer has been locked and all your files are encrypted with ZhuangZi encryption.

Here is all that MSSecTeam tech support scam’s notice states:

“Have A Key?
Files Locked: Complete/Yes
Case No: 43278
System Status: Locked
Contact Us: [email protected] Notice from Microsoft Corporation
All activities of this computer have been recorded.All your files are encrypted as our government order.We used ZhuangZi encryption method to encrypt your files.
Your computer has been blocked due to violation of Copyright and Related rights law and illegally using and distributing copyrighted contents.Your documents,database and all files have encrypted with strongest encryption and unique key,generated for this computer.Your decryption key is stored on a Internet server.No third party softwares can decrypt your files until you pay and obtain the private key.If you don’t send money to our Microsoft address within the week,your all files will be parmanently crypted and no one will be able to recover them.(Article 1,Section 8; Article 202; Article 210 of the criminal code of U.S.A. provides for a deprivation of liberty for 4-12 years) This computer lock is aimed to stop below illegal activity
Your IP was used to:
Working on illegal copy of Windows
Sending Spam messages using Botnets
Distributing copyrighted contents via Torrents
Visiting harmful websites for download malware infected software”

The lock screen of MSSecTeam tech support scam includes two buttons labeled License and Payment. When you click on them, you could see further information. When you click on the Payment button, you see text that is guiding you how to “introduce” yourself to the scammers by contacting them to [email protected]. Once they know your Name/ Institute name along with your E-mail ID they will send you back an email that contains their unique payment address where you should pay 0.5 Bitcoins to get your files back.

While MSSecTeam tech support scam infection is running the process that controls your desktop is terminated as well as the Task Manager screen. Perhaps, its code is designed in this manner to complicate the process of removing.

The good news is there is nothing wrong with your computer but only a Trojan that is designed to display a fake alert, in attempt to scare you into paying 0.5 BTC to the scammers. MSSecTeam is of course yet another scam that locks your screen and does not actually infect your files. Furthermore, the ZhuangZi encryption method is a fake one.

So don’t worry that if you decide to avoid sending money all your files will be “permanently crypted and no one will be able to recover them”. Just follow the malware removal guide below and choose your way to fix your system efficiently.

Removal Guide of MSSecTeam Tech Support Scam

Run a scan with an advanced malware removal tool and delete MSSecTeam tech support scam completelywith a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely MSSecTeam tech support scam Using SpyHunter Anti-Malware Tool

Manual removal of MSSecTeam tech support scam requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete MSSecTeam tech support scam infection with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.
Gergana Ivanova

Gergana Ivanova is computer security enthusiast. She is a member of Best Security Search team and enjoys presenting the latest news on cyber-security and cyber-threat issues.