Sign in to follow this  
Metallica

Removal instructions for Intel TSS

Recommended Posts

What is Intel TSS?

The Malwarebytes research team has determined that Intel TSS is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.

How do I know if my computer is affected by Intel TSS?

You may see this entry in your list of installed programs:

warning4.png

How did Intel TSS get on my computer?

Tech Support Scammers use different methods for distributing themselves. This particular one was offered as an Intel graphics driver.
But it installs files that will produce a fake Windows BSOD screen with the Tech Support Scammers number.

main.png

How do I remove Intel TSS?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
Due to the nature of the program there are a few things to do before you can start cleaning.
  • Use the Ctrl-Alt-Del key combination to invoke Task Manager.
  • In the list of active processes select the one that is called Intel.exe with the Description "Intel HD Graphics".
    taskmgr.png
  • Use the "End Process" button to stop the selected process and confirm the action in the resulting prompt.
  • Then you can download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Intel TSS?
  • No, Malwarebytes' Anti-Malware removes Intel TSS completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.

 

protection1.png


Technical details for experts

You may see these entries in FRST logs:

 
 (Intel Corporation) C:\Windows\Intel Corporation\Intel HD Graphics\Intel.exe
 HKCU\...\Run: [Intel HD Graphics] => C:\Windows\Intel Corporation\Intel HD Graphics\Intel.exe [487424 2016-10-09] (Intel Corporation)
 C:\Windows\Intel Corporation

Intel HD Graphics (HKLM-x32\...\Intel HD Graphics) (Version: 10.1.5.10 - Intel Corporation)
Alterations made by the installer:
 
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Windows\Intel Corporation\Intel HD Graphics
       Adds the file Intel.exe"="10/9/2016 8:18 PM, 487424 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Intel HD Graphics]
       "DisplayIcon"="REG_SZ", "C:\Windows\Intel Corporation\Intel HD Graphics\Uninstall.exe"
       "DisplayName"="REG_SZ", "Intel HD Graphics"
       "DisplayVersion"="REG_SZ", "10.1.5.10"
       "EstimatedSize"="REG_DWORD", 476
       "InstallDate"="REG_SZ", "20161011"
       "InstallLocation"="REG_SZ", "C:\Windows\Intel Corporation\Intel HD Graphics\"
       "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\"
       "Language"="REG_DWORD", 1033
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Intel Corporation"
       "UninstallString"="REG_SZ", "C:\Windows\Intel Corporation\Intel HD Graphics\Uninstall.exe"
       "VersionMajor"="REG_DWORD", 10
       "VersionMinor"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "Intel HD Graphics"="REG_SZ", "C:\Windows\Intel Corporation\Intel HD Graphics\Intel.exe"
Malwarebytes Anti-Malware log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/11/2016
Scan Time: 12:51 PM
Logfile: mbamIntelTSS.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.11.04
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323931
Time Elapsed: 8 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Rogue.TechSupportScam, C:\Windows\Intel Corporation\Intel HD Graphics\Intel.exe, 2160, Delete-on-Reboot, [717f970022789d9998809e6e679e4ab6]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Rogue.TechSupportScam, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Intel HD Graphics, C:\Windows\Intel Corporation\Intel HD Graphics\Intel.exe, Quarantined, [717f970022789d9998809e6e679e4ab6]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Rogue.TechSupportScam, C:\Windows\Intel Corporation\Intel HD Graphics\Intel.exe, Delete-on-Reboot, [717f970022789d9998809e6e679e4ab6], 
Rogue.TechSupportScam, C:\Users\{username}\Desktop\Setup32.exe, Quarantined, [2ac627706d2d3303bd641bf1b94c3ec2], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  •  
Edited by Metallica

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.