Remove 844-763-5838 Tech Support Scam

stf-warning-fileview-exe-crashed-844-763-5838-tech-support-scam

Tech support scams keep trying to use different tactics to work more efficiently. The latest such scam uses a Trojan horse which once launched, makes an executable file. That executable is named “WinInfos.exe”. Registry entries are created to make the .exe file start automatically with each boot of the Windows operating system. The 844-763-5838 phone number is put as a contact detail in the fake alert messages that are being displayed. Those messages claim that the “fileview.exe” has crashed. You should read the article to the end and see how to remove this tech support scam.

Threat Summary

Name844-763-5838 Scam
TypeTech Support Scam
Short DescriptionThe tech support scam attempts to scare you by showing fake error messages on your screen. It is all a ruse in trying to make you call the phone number given in the messages.
SymptomsFake alert messages will pop-up. The 844-763-5838 phone number will be provided as the only possible fix.
Distribution MethodFreeware Installers, Suspicious Sites, Browser Redirects
Detection Tool See If Your System Has Been Affected by 844-763-5838 Scam

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss 844-763-5838 Scam.

844-763-5838 Scam – Distribution Methods

The 844-763-5838 tech support scam has a couple of distribution methods. Browsing on suspicious websites with an unknown origin can be one of these methods. Files associated with the scam and its Trojan horse might be residing there and quickly infect your computer machine. That usually happens through redirects and advertisements loaded from those sites. They inject the Trojan or a PUP (potentially unwanted program) containing it whenever these is some interaction with them.

The Trojan horse which installs WinInfos.exe and which causes the 844-763-5838 phone number of the scam to appear on your PC screen could be inside an installer package. Third-party freeware and bundled applications usually have such installation setups. Those package setups might be configured to place additional components on your computer by default. To prevent installation setups to install extra components is possible if you find an Advanced or a Custom settings menu from where to deselect components.

844-763-5838 Scam – Technical Information

The tech support scam uses the 844-763-5838 phone number as a contact and puts into every fake alert message. That’s the reason it is called like that. This scam uses a Trojan horse to make an executable file called WinInfos.exe.

It puts it in the following directory:

→%Windir%\cWinInfos\168271\WinInfos.exe

Afterward, the Trojan horse creates sub-keys for that file in the Windows Registry.
These are the sub-keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\cWinInfos
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinInfos
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinInfos
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cWinInfos
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cWinInfos\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cWinInfos\Enum

Then, new registry entries are created, to make the Trojan auto-start with the boot of the Windows operating system and to make it more resilient. Those are the registry entries:

→HKEY_LOCAL_MACHINE\SOFTWARE\cWinInfos\”version” = “16.8.27.1”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CWININFOS\0000\”Service” = “cWinInfos”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CWININFOS\0000\”Class” = “LegacyDriver”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CWININFOS\0000\”ClassGUID” = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CWININFOS\0000\”DeviceDesc” = “cWindows Informations Service”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CWININFOS\0000\Control\”ActiveService” = “cWinInfos”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinInfos\”EventMessageFile” = “%Windir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\”Type” = “10”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\”Start” = “2”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\”ErrorControl” = “1”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\”ImagePath” = “%Windir%\cWinInfos\168271\WinInfos.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\”DisplayName” = “cWindows Informations Service”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cWinInfos\”ObjectName” = “LocalSystem”

After all of the aforementioned prerequisites are set, the executable file WinInfos.exe keeps popping up alert messages with errors. Those alerts are fake, and the goal here is to try and trick you into calling the provided phone number, which is 844-763-5838.

This is exactly how such a fake alert message looks like:

stf-warning-fileview-exe-crashed-844-763-5838-tech-support-scam
Image source: Symantec

The message reads:

WARNING!
YOUR COMPUTER MAY BE AT RISK:
CALL: (844) 763-5838
For Emergency Tech Support call immediately
fileview.exe
just crashed on your system.
Call us now for instant premium support
(844) 763-5838

Many users continue to fall victim to scams such as the 844-763-5838 fake tech support one. This is probably due to the fact that these scams find new ways to hide into your system without you noticing. They can enter your computer machine silently, without you finding out how.

In this particular case, the tech support scam does not require an active Internet connection to keep on spreading its bogus alert messages. The alerts will just keep popping up on your PC screen urging you to call the 844-763-5838 phone number. The people behind the scam will most likely present themselves as Microsoft representatives or technicians working for another legitimate company.

Whatever you do, do NOT call the scammers in any circumstances. Refrain from providing personal information over the phone when you are not certain to whom you are talking to. The 844-763-5838 number is not free, and even the shortest conversation on it can cost you a small fortune.

The con artists will try to get personal information from you if you call them and stall for time, while you are on the phone with them. Not only that the phone impulses will make them money, but they will try to extract your personal information to try and sell it on the black market to the highest bidder. That might even lead to identity theft. Whatever the case, you should remove the malware responsible for this scam.

Remove 844-763-5838 Tech Support Scam

To remove WinInfos.exe or more popularly known as the 844-763-5838 tech support scam, manually from your computer, follow the step-by-step removal instructions given below. If the manual removal does not get rid of the scam and alerts effectively, you should search for and remove any leftover items with an advanced anti-malware tool. Such software will keep your system secure in the future.

Manually delete 844-763-5838 Scam from Windows and your browser

Note! Substantial notification about the 844-763-5838 Scam threat: Manual removal of 844-763-5838 Scam requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Remove or Uninstall 844-763-5838 Scam in Windows
2. Remove 844-763-5838 Scam from Your Browser and Your Registry Editor

Automatically remove 844-763-5838 Scam by downloading an advanced anti-malware program

1. Remove 844-763-5838 Scam with SpyHunter Anti-Malware Tool and back up your data
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.