Severity scale:  
  (75/100)

HM Revenue & Customs Outstanding Amount virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Trojans

HM Revenue & Customs Outstanding Amount virus is a scam email message that delivers TrickBot banking trojan

HM Revenue & Customs Outstanding Amount virus
HM Revenue & Customs Outstanding Amount virus is a malspam campaign used by cybercriminals to spread TrickBot malware

HMRC virus is a malspam campaign recently spotted by security researchers. The fake message informs users that outstanding amount of money needs to be paid to HM Revenue and Customs (an official UK's tax office). “For more details,” victims are either prompted to click on the attachment which comes in a .doc format or to click on a link which brings them to the bogus error message that prompts to download the trojan. The goal of bad actors is clear – they want to infect computers with dangerous malware, which can help them illegally obtain victim's money. Users who get tricked by this phishing email will end up with a banking trojan[1] TrickBot installed on their devices.

SUMMARY
Name HM Revenue & Customs Outstanding Amount virus
Type Spam email delivering TrickBot
Symptoms Rarely symptoms can be spotted; although users should watch out for increased CPU usage and random system crashes
Danger Level High. Injects banking trojan that steals sensitive data
Detection Use professional security software, such as Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus

Spam emails are the most popular tools that bring various malware into machines. Users can get infected with ransomware,[2] banking trojans, spyware, crypto-miners and other malicious threats. Therefore, security experts[3] always recommend staying away from such emails and be extremely cautious while opening emails from unknown sources. If you are careless and opened the attachment already, read on to find out how to remove HM Revenue & Customs Outstanding Amount virus from your computer.

The fake message states the following:

From: HM Revenue & Customs <no-reply@hmrcmailgov.uk>

Date: Tue 26/06/2018 11:47

Subject: Important : Outstanding Amount

Outstanding Amount £31,369.64

Date                  26 June 2018
Our ref               2389890:00041273:002

You do not appear to have paid the full amount due as shown on the attached Statement of Liabilities.

Please follow this link for more details.

https://payert-gov.uk/sidp/form?=victiom@victimsdomain.com&?n2389890KJBDS*(@WWWW

About this notice
If you agree the amount is due , then you need to pay in full now. Go to www.hmrc.gov.uk/payert/index.htm

It is possible that this E-mail has been received by you in error. If so, please note that it may contain confidential information, and we ask that you notify the author by replying to it, then delete it immediately, and take no further action as a result of receiving it. Although we take care by ensuring that any files attached to E-mails sent from our office have been checked with up-to-date virus detection software, you should carry out your own virus check before opening any attachment. We accept no liability for any loss or damage which may be caused by software viruses.

All content is available under the Open Government Licence v3.0.

Criminals use sophisticated social engineering to deceive unsuspecting victims and gain financial benefit. As you can see, there are several reasons why anyone could fall victim to HM Revenue & Customs Outstanding Amount spam:

  • Virtually identical Logo and styling of a reputable governamental institution
  • A believable “From” address
  • No grammar or spelling mistakes

As evident, the UK Government department has nothing to do with HMRC outstanding Amount virus. Because the email allegedly comes from a reputable organization, users can easily get confused and click on the hyperlink or the malicious attachment. 

Those who proceed with the scam, inject machines with a TrickBot virus. This malware hijacks users' browsers and displays a fake version of the online banking web page. Thus, as soon as users enter their credentials, the recorded data is sent to cybercriminals, which can use it for identity theft or money stealing. Therefore, the infected machine can lead to great financial losses and compromised virtual safety.

The most important thing is to take care of HM Revenue & Customs Outstanding Amount virus removal before it can inflict any damage. However, it is not possible to accomplish without a reputable anti-malware tool, as the virus is complicated and is deeply embedded within system files. We recommend scanning the contaminated machine with Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus – these tools can take care of everything automatically.

It is not the first time cybercriminals are spreading TrickBot. It was also linked to delivering the infamous WannaCry ransomware back in 2017. As users become more aware of cyber threats, hackers also seek new ways to distribute malicious software, and they will not stop as long as there is some money to gain.

Don't open suspicious emails and avoid computer infections

Typically adware delivers intrusive adverts and other sponsored content. In HMRC spam's case, any user can get the phishing email delivered into their mailbox. Thus, even if you are the most careful person on the planet, you can still receive this malware-infested email. 

What is more, spam emails are as well used to deliver other malicious files, such as ransomware or spyware. It is a nasty type of infections which should not be treated lightly, as they can lead to permanent deletion of personal files. Thus it is imperative to not click on anything inside the fake email message.

There are several preventing actions that might stop the virus. First of all, many email providers have a built-in scanner that can flag up the phishing emails. Additionally, MS Office documents from 2010 and newer are equipped with the “Protected View” feature, which would prevent malware from installing itself.

Nevertheless, there is still a chance the malicious payload could get into your machine. Therefore, be careful online: install anti-spyware software, keep regular backups, update your software and OS whenever new patches come out and do not carelessly open every email thrown at you.

Eliminate HM Revenue & Customs Outstanding Amount spam virus from your device

In order to remove HM Revenue & Customs Outstanding Amount virus, you should download and install powerful security software. We recommend using Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. These tools can find even the most stubborn malware and get rid of it. What is more, this procedure only takes a few minutes. However, trojan horses might sometimes prevent proper operation of the anti-malware software. In such case, enter Safe Mode with Networking as explained below, and perform a full system scan.

We must warn you that you should not attempt manual HM Revenue & Customs Outstanding Amount removal. If malware gets installed on your system, it is already too late, and you need to seek to use professional tools for safe elimination of malware.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove HM Revenue & Customs Outstanding Amount virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall HM Revenue & Customs Outstanding Amount virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

To remove HM Revenue & Customs Outstanding Amount virus, follow these steps:

Remove HM Revenue & Customs Outstanding Amount using Safe Mode with Networking

If HMRC outstanding virus is preventing your security software to start, enter Safe Mode with Networking the following way:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove HM Revenue & Customs Outstanding Amount

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete HM Revenue & Customs Outstanding Amount removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove HM Revenue & Customs Outstanding Amount using System Restore

Eliminate malware using system restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of HM Revenue & Customs Outstanding Amount. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that HM Revenue & Customs Outstanding Amount removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from HM Revenue & Customs Outstanding Amount and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References