What is "Microsoft detected malicious virus and blocked your computer"?
"Microsoft detected malicious virus and blocked your computer" is one of many technical support scams designed to trick people into believing that their systems are infected. Scammers use them to extort money from unsuspecting people by encouraging them to call the telephone number provided. These scams appear on various dubious, untrustworthy websites.
People do not generally open them intentionally - often, potentially unwanted apps (PUAs) installed on their systems open these web pages. In addition to unwanted redirects, PUAs usually gather information and serve users with intrusive ads.
The website that promotes "Microsoft detected malicious virus and blocked your computer" scam is disguised as an "Official Help Care" page. Once opened, it asks people to enter usernames and passwords of their Windows accounts and prevents the dialog window from being closed. We strongly recommend that you do not provide these details.
Furthermore, the website itself states that Microsoft has detected malware and blocked the visitor's computer. It encourages them not to restart their computers or to close the opened window.
It is stated that the computer registration key is blocked due to one of the following reasons: the key or installed software is illegal; the Windows system is infected and is proliferating viruses over the Internet, or; the operating system is hacked and being used from an undefined location. According to scammers, computers are blocked for safety purposes.
To unblock them, they encourage people to call them via the "1-888-879-3955" number. If this page is opened with Mozilla Firefox, it displays an additional pop-up window stating that the detected virus might allow some hackers to steal various information. Since this is a scam, it should not be taken seriously.
If contacted, scammers try to sell unnecessary technical services or dubious software. This is to extort money from people and has nothing to do with the Microsoft company. If a browser opens this website, it should be closed. If this cannot be done in the normal way, end the entire browser process using Task Manager.
Do not restore the closed browsing session, since this will reopen the deceptive website.
The aforementioned PUAs open various dubious pages, but also gather data and deliver ads. They collect information such as users' IP addresses, geolocations, URLs of visited websites, entered search queries, and so on. Some PUAs might be designed to gather personal details.
Their developers share recorded information with other parties (potentially, cyber criminals) who misuse it to generate revenue. Another issue with these apps is intrusive ads. They display various coupons, banners, surveys, pop-ups, and other unwanted advertisements.
People who click them are usually redirected to untrustworthy websites (such as this technical support scam) or they allow ads to run scripts designed to download/install unwanted apps.
|Name||"Microsoft detected malicious virus and blocked your computer" virus|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||The fake error claims that the system is infected and has been blocked. It also encourages users to contact Microsoft's 'tech support' via the provided phone number (which is fake).|
|Tech Support Scammer Phone Number||1-888-879-3955|
|Serving IP Address (unextinguished[.]site)||184.108.40.206|
|Symptoms||Fake error messages, fake system warnings, pop-up errors, hoax computer scan.|
|Distribution methods||Compromised websites, rogue online pop-up ads, potentially unwanted applications.|
|Damage||Loss of sensitive, private information, monetary loss, identity theft, possible malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
The Internet is full of technical support and other scams, "Enter Windows registration key to unblock", "Error XR01F5" and "Windows protected your PC" are just a few examples. Typically, scammers use them for identical purpose - to extract money from people by encouraging them to pay for unnecessary services or software.
These scam websites should never be trusted. Various PUAs should not be used or installed as well. Even if they are promoted as useful and legitimate, most are not. Usually they cause their users various problems relating to privacy, browsing safety and so on. We recommend to uninstall all installed apps of this type immediately.
How did potentially unwanted applications install on my computer?
Unwanted apps are sometimes promoted on supposedly official websites from which they can be downloaded, however, they are mostly downloaded and installed through intrusive advertisements that people click, or during download/installation processes of other software.
Developers often use a deceptive marketing method called "bundling" to trick people into causing unwanted downloads/installations through other software setups. They achieve this by hiding PUAs in "Custom", "Advanced" and other similar settings of the setups and hope that people will not check or change them.
Leaving them unchanged grants permission for unwanted apps to be downloaded and installed.
How to avoid installation of potentially unwanted applications?
All software should be downloaded from official websites, especially if it is free. Any other sources such as third party downloaders, unofficial, dubious pages, Peer-to-Peer networks and other similar sources cannot be trusted and should not be used. Download and installation processes should be handled properly.
It is important to dismiss offers to download or install additional software that is included into the software set-ups. This can be done simply by checking all available "Advanced", "Custom" and other similar settings. Do not to click intrusive advertisements, especially if they are displayed on dubious websites (i.e., pages relating to gambling, adult dating, pornography, and so on).
They redirect users to other dubious or even malicious websites. These clicks might also cause unwanted downloads/installations. If a browser causes unwanted redirects or ads are displayed on all visited websites, it is likely that this is caused by an installed PUA.
If this is the case, check the list of installed extensions, plug-ins, and add-ons on the browser and remove unwanted, suspicious apps immediately. This also applies to unwanted programs installed on the operating system. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.
Text presented in "Microsoft detected malicious virus and blocked your computer" technical support scam:
The system has been infected with a virus
Attackers might be trying to steal information from your computer. Save your computer by clicking Back to Safety.
Microsoft has detected a malicious virus alert and blocked your computer.
The system has been infected with a virus.
Do not close this window and restart your computer. This computer's registration key is blocked.
Why your system has been blocked?
Illegal window's registration key
This window is sending virus over the Internet.
This window is hacked.
The location is undefined.
Pirated software is used.
We block this computer for your security purpose. Contact Microsoft helpline to reactivate your computer immediately. To unblock your computer, enter security key or call for help. +1-888-879-3955 (Toll Free)
Screenshot of the "Microsoft detected malicious virus and blocked your computer" scam opened with Google Chrome browser:
Screenshot of the "Microsoft detected malicious virus and blocked your computer" scam opened with Mozilla Firefox browser:
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "Microsoft detected malicious virus and blocked your computer" virus?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.