Do not trust Microsoft Protected Your Computer or other scams

What is "Microsoft Protected Your Computer"?

"Microsoft Protected Your Computer" is a notification that is displayed on the website of a technical support scam. This web page is disguised as an official Windows Support website, however, Microsoft has nothing do to with it.

The main purpose of this scam is to trick people into calling scammers who seek to extort money from unsuspecting people. We strongly recommend that you ignore this scam and do not call the number provided.

"Microsoft Protected Your Computer" scam overview

According to this scam website, it has detected spyware, which caused error "0x80092ee9". Visitors are encouraged to call the "+1-833-292-5292" number immediately, otherwise the detected malicious software will cause further damage. It is stated that some information such as passwords, credit card details, and other sensitive details are already stolen.

Visitors are also informed that their computers were infected since the "System Activation KEY" (supposedly, Windows activation key) expired. This tech support scam essentially tricks people into calling scammers immediately. Typically, people who call them are encouraged to purchase software or use their remote 'technical services'.

Their main goal is to extort money from innocent people. Websites of this kind should never be trusted - if your browser opens them, they should be closed and never reopened. This particular website causes high CPU usage and freezes the browser and entire operating system.

To stop this, you must end the browser process through Task Manager. Restoring the previously closed session opens the same website and causes the system to crash again.

Typically, people do not visit such websites intentionally. They are usually opened by potentially unwanted applications (PUAs) installed on the operating system and/or browser. In most cases, these apps are designed to open dubious web pages, collect browsing data, and display ads.

Most PUAs collect details such as users' IP addresses, geolocations, URLs of visited websites, entered search queries, and so on. Developers share them with third parties who misuse private data to generate revenue. Gathered details sometimes include personal, sensitive information.

Furthermore, many PUAs display coupons, banners, surveys, pop-ups and other intrusive ads. If clicked, these open dubious websites or run scripts that download or even install unwanted software.

Threat Summary:

Name	"Microsoft Protected Your Computer" tech support scam
Threat Type	Phishing, Scam, Social Engineering, Fraud.
Fake Claim	According to this scam page the visitor's computer is infected with spyware and a Trojan.
Tech Support Scammer Phone Number	+1-833-292-5292
Detection Names	Full List Of Detections (VirusTotal)
Serving IP Address	198.54.126.24
Symptoms	Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods	Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage	Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Similar scam examples

There are many technical support scams online. Some other examples include "Call Microsoft Helpline", "ERROR 0xC004FC03", and "VIRAL ALARM OF MICROSOFT". Generally, scammers use these to trick people into paying for various services or software.

They claim to be able to help people to solve issues that have occurred, however, all notifications about detected viruses, errors, and so that are displayed on these pages are fake and should never be trusted. The same applies to PUAs. Apps of this type deliver no real value and cause only problems.

People who use PUAs or simply have them installed on their computers/browsers risk becoming victims of identity theft, experiencing problems relating to browsing safety, privacy, and other issues. Apps of this type should be uninstalled immediately.

How did potentially unwanted applications install on my computer?

This usually happens when people click deceptive ads displayed on dubious websites or during download/installation of other programs. Developers distribute PUAs using a deceptive marketing method called "bundling". They use this to trick people into downloading and/or installing PUAs together with regular software by including the unwanted apps into the set-ups.

Typically, information about additional downloads or installations is hidden in "Custom", "Advanced", and other similar settings of the download/installation set-ups. Furthermore, many people fail to check and change these settings, thus allowing PUAs to be downloaded and installed by default.

How to avoid installation of potentially unwanted applications

Do not use various third party downloaders, installers, Peer-to-Peer networks such as torrent clients, eMule, unofficial websites and other channels of this kind to download or install software. The safest way to download programs is using official websites.

Check all settings available in any download or installation setup and dismiss offers to download/install additional apps (otherwise they are downloaded and/or installed by default). Do not click intrusive ads, especially if they are displayed on dubious web pages. For examples, on those relating to gambling, pornography, adult dating, and so on.

These usually lead to other untrustworthy sites or cause download/installation of PUAs (or even malware). To stop the browser from opening dubious web pages and/or showing unwanted ads, uninstall all unwanted extensions, plug-ins, and add-ons. Also remove any such programs from the operating system, then they should be uninstalled too.

If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Text presented in "Microsoft Protected Your Computer" pop-up:

Microsoft protected your PC

Windows SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. Call Microsoft on +1-833-292-5292 (Toll Free).

Publisher: Unknown Publisher
App: windows10manager (1).exe

Screenshot of a second pop-up:

Text in this pop-up:

support.windows.com says:

** Windows Warning Alert **
Malicious Pornographic Spyware/Riskware Detected

Error # 0x80092ee9

Please call us immediately! Call Microsoft at: +1-833-292-5292 (Toll Free)
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a Pornographic Spyware and riskware. The following information is being stolen...
Call Microsoft: +1-833-292-5292 (Toll Free)

Screenshot of a fake CMD window:

Text in fake CMD window:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1982-2001 Microsoft Corp.

C:\Documents and Settings\Administrador>DIR
 El volumen de la unidad C no tiene etiqueta.
 El numero de serie del volumen es: 241B-42B7
 Directorio de C:\Documents and Settings\Administrador
 
30/05/2011 01:24 .
30/05/2011 01:24 ..
25/05/2011 10:51 .Virtual Box
19/04/2007 11:28  1.440.056 BricoPackSplash.bmp
19/05/2011 16:11 Contacts
29/05/2011 10:46 Escritorio
29/05/2011 01:49  33 log.txt
30/05/2011 01:42 Menu Inicio
21/05/2011 13:01 Temp
21/05/2011 11:47 VirtualBox VMs
2 archivos 1.440.089 bytes
8 dirs 3.421.655.040 bytes libres
C:\Documents and Settings\Administrador>

Screenshot of the background page:

Text in the page:

Windows
Call Support +1-833-292-5292
Your computer has been Locked
Call Microsoft : +1-933-292-5292
Your computer with the IP address 192.84.29.40 has been infected by the Trojans -- Because System Activation Key has expired & Your information (for example, passwords, messages, and credit cards) have been stolen. Call Windows +1-833-292-5292 to protect your files and identity from further damage.
Call Microsoft : +1-833-292-5292 (Toll Free)
Automatically report details of possible security incidents to Google. Privacy policy
Call Microsoft : +1-833-292-5292
Back to safety

The appearance of "Microsoft Protected Your Computer" pop-up (GIF):

Screenshot of "Microsoft Protected Your Computer" scam forcing Google Chrome to cause high CPU usage:

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "Microsoft Protected Your Computer" tech support scam?
• How to identify a pop-up scam?
• How do pop-up scams work?
• How to remove fake pop-ups?
• How to prevent fake pop-ups?
• What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

• Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
• Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
• Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
• Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
• Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

• If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
• If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
• If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
• Help other Internet users: report Internet scams to Federal Trade Commission.

Frequently Asked Questions (FAQ)

What is a pop-up scam?

Pop-up scams are deceptive messages intended to trick users into performing certain actions. To elaborate, victims can be enticed into calling fake support lines, allowing cyber criminals to access computers remotely, disclosing private information, making monetary transactions, purchasing products, downloading/installing software, and so on.

What is the purpose of a pop-up scam?

Pop-up scams are designed to generate revenue. Scammers profit primarily by obtaining funds through deception, abusing or selling sensitive information, promoting content (e.g., websites, software, products, services, etc.), and proliferating malware.

Why do I encounter fake pop-ups?

Pop-up scams are promoted on deceptive webpages. Users mainly access them via redirects generated by sites utilizing rogue advertising networks, misspelled URLs, intrusive ads, spam browser notifications, or installed adware.

I cannot exit a scam page, how do I close it?

If it is impossible to exit a deceptive page, end the browser's process using Windows Task Manager. When reopening the browser, do not restore the previous browsing session, as it includes the scam website.

I have allowed cyber criminals to remotely access my computer, what should I do?

If you have allowed cyber criminals to access your device remotely – you must first disconnect it from the Internet. Afterward, uninstall the remote access software that the criminals used (e.g., TeamViewer, UltraViewer, etc.), as they may not need your consent to reconnect. Lastly, perform a full system scan with an anti-virus and remove all detected threats.

I have provided my personal information when tricked by a pop-up scam, what should I do?

If you have provided personally identifiable or finance-related information (e.g., ID card details, passport photos/scans, credit card numbers, etc.) – immediately contact relevant authorities. If you have disclosed your account credentials – change the passwords of all possibly exposed accounts and inform their official support without delay.

Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?

Combo Cleaner is designed to detect and eliminate all manner of threats. Its capabilities include scanning visited websites for rogue, deceptive/scam, and malicious content. Hence, should you enter such a webpage – you will be immediately warned, and further access to it will be blocked.

Additionally, Combo Cleaner is capable of removing practically all known malware infections. Keep in mind that running a full system scan is crucial since sophisticated malicious programs typically hide deep within systems.

▼ Show Discussion