HM Revenue & Customs Outstanding Amount virus (Free Guide) - Simple Removal Guide

HM Revenue & Customs Outstanding Amount virus Removal Guide

What is HM Revenue & Customs Outstanding Amount virus?

HM Revenue & Customs Outstanding Amount virus is a scam email message that delivers TrickBot banking trojan

HM Revenue & Customs Outstanding Amount virusHM Revenue & Customs Outstanding Amount virus is a malspam campaign used by cybercriminals to spread TrickBot malware

HMRC virus is a malspam campaign recently spotted by security researchers. The fake message informs users that outstanding amount of money needs to be paid to HM Revenue and Customs (an official UK's tax office). “For more details,” victims are either prompted to click on the attachment which comes in a .doc format or to click on a link which brings them to the bogus error message that prompts to download the trojan. The goal of bad actors is clear – they want to infect computers with dangerous malware, which can help them illegally obtain victim's money. Users who get tricked by this phishing email will end up with a banking trojan[1] TrickBot installed on their devices.

Name HM Revenue & Customs Outstanding Amount virus
Type Spam email delivering TrickBot
Symptoms Rarely symptoms can be spotted; although users should watch out for increased CPU usage and random system crashes
Danger Level High. Injects banking trojan that steals sensitive data
Detection Use professional security software, such as FortectIntego or SpyHunter 5Combo Cleaner

Spam emails are the most popular tools that bring various malware into machines. Users can get infected with ransomware,[2] banking trojans, spyware, crypto-miners and other malicious threats. Therefore, security experts[3] always recommend staying away from such emails and be extremely cautious while opening emails from unknown sources. If you are careless and opened the attachment already, read on to find out how to remove HM Revenue & Customs Outstanding Amount virus from your computer.

The fake message states the following:

From: HM Revenue & Customs <>

Date: Tue 26/06/2018 11:47

Subject: Important : Outstanding Amount

Outstanding Amount £31,369.64

Date 26 June 2018
Our ref 2389890:00041273:002

You do not appear to have paid the full amount due as shown on the attached Statement of Liabilities.

Please follow this link for more details.*(@WWWW

About this notice
If you agree the amount is due , then you need to pay in full now. Go to

It is possible that this E-mail has been received by you in error. If so, please note that it may contain confidential information, and we ask that you notify the author by replying to it, then delete it immediately, and take no further action as a result of receiving it. Although we take care by ensuring that any files attached to E-mails sent from our office have been checked with up-to-date virus detection software, you should carry out your own virus check before opening any attachment. We accept no liability for any loss or damage which may be caused by software viruses.

All content is available under the Open Government Licence v3.0.

Criminals use sophisticated social engineering to deceive unsuspecting victims and gain financial benefit. As you can see, there are several reasons why anyone could fall victim to HM Revenue & Customs Outstanding Amount spam:

  • Virtually identical Logo and styling of a reputable governamental institution
  • A believable “From” address
  • No grammar or spelling mistakes

As evident, the UK Government department has nothing to do with HMRC outstanding Amount virus. Because the email allegedly comes from a reputable organization, users can easily get confused and click on the hyperlink or the malicious attachment.

Those who proceed with the scam, inject machines with a TrickBot virus. This malware hijacks users' browsers and displays a fake version of the online banking web page. Thus, as soon as users enter their credentials, the recorded data is sent to cybercriminals, which can use it for identity theft or money stealing. Therefore, the infected machine can lead to great financial losses and compromised virtual safety.

The most important thing is to take care of HM Revenue & Customs Outstanding Amount virus removal before it can inflict any damage. However, it is not possible to accomplish without a reputable anti-malware tool, as the virus is complicated and is deeply embedded within system files. We recommend scanning the contaminated machine with FortectIntego or SpyHunter 5Combo Cleaner – these tools can take care of everything automatically.

It is not the first time cybercriminals are spreading TrickBot. It was also linked to delivering the infamous WannaCry ransomware back in 2017. As users become more aware of cyber threats, hackers also seek new ways to distribute malicious software, and they will not stop as long as there is some money to gain. HM Revenue & Customs Outstanding Amount fake alertHMRC virus - a bogus message that tries to use reputable organization's name in order to trick users

Don't open suspicious emails and avoid computer infections

Typically adware delivers intrusive adverts and other sponsored content. In HMRC spam's case, any user can get the phishing email delivered into their mailbox. Thus, even if you are the most careful person on the planet, you can still receive this malware-infested email.

What is more, spam emails are as well used to deliver other malicious files, such as ransomware or spyware. It is a nasty type of infections which should not be treated lightly, as they can lead to permanent deletion of personal files. Thus it is imperative to not click on anything inside the fake email message.

There are several preventing actions that might stop the virus. First of all, many email providers have a built-in scanner that can flag up the phishing emails. Additionally, MS Office documents from 2010 and newer are equipped with the “Protected View” feature, which would prevent malware from installing itself.

Nevertheless, there is still a chance the malicious payload could get into your machine. Therefore, be careful online: install anti-spyware software, keep regular backups, update your software and OS whenever new patches come out and do not carelessly open every email thrown at you.

Eliminate HM Revenue & Customs Outstanding Amount spam virus from your device

In order to remove HM Revenue & Customs Outstanding Amount virus, you should download and install powerful security software. We recommend using FortectIntego or SpyHunter 5Combo Cleaner. These tools can find even the most stubborn malware and get rid of it. What is more, this procedure only takes a few minutes. However, trojan horses might sometimes prevent proper operation of the anti-malware software. In such case, enter Safe Mode with Networking as explained below, and perform a full system scan.

We must warn you that you should not attempt manual HM Revenue & Customs Outstanding Amount removal. If malware gets installed on your system, it is already too late, and you need to seek to use professional tools for safe elimination of malware.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of HM Revenue & Customs Outstanding Amount virus. Follow these steps

Manual removal using Safe Mode

If HMRC outstanding virus is preventing your security software to start, enter Safe Mode with Networking the following way:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove HM Revenue & Customs Outstanding Amount using System Restore

Eliminate malware using system restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of HM Revenue & Customs Outstanding Amount. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that HM Revenue & Customs Outstanding Amount removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from HM Revenue & Customs Outstanding Amount and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting trojans

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions