Do not trust websites displaying the "WIN-8x0007 Error" scam message

What is "WIN-8x0007 Error"?

"WIN-8x0007 Error" is the name of a technical support scam run on deceptive websites. Schemes of this type inform users of nonexistent threats on their systems and urge them to contact fake tech support. The "WIN-8x0007 Error" scam targets German users. It also downloads an audio file that contains the same message in Japanese.

As is common of these scams, "WIN-8x0007 Error" is presented as a Windows support alert issued by Microsoft. Note that no site can detect threats/issues on visitors' devices. Any that makes such claims are scams with no relation to legitimate companies (e.g., Microsoft Corporation).

Typically, untrusted web pages are accessed via mistyped URLs, or redirects caused by intrusive ads or installed Potentially Unwanted Applications (PUAs).

When a website promoting the "WIN-8x0007 Error" scheme is accessed, it presents visitors with a pop-up window and automatically downloads a ZIP archive that contains an MP3 file. The latter contains an audio recording of the deceptive message in Japanese.

According to a rough translation, the text presented in the pop-up claims that the Windows registration key has been blocked, resulting in access to the system being disabled.

The reasons for this are listed as: the registration key is illegal, the system has pirated software installed on it, the device is spreading viruses through the internet connection, the computer has been hacked, etc. To restore access to the device, the scam instructs users to call the fake "Microsoft Security Toll Free" ("Microsoft Sicherheit Gebührenfreie") helpline.

The text presented in the background page reiterates that users must call the listed telephone number. It warns not to ignore this critical alert, as allegedly, the Windows operating system was blocked due to suspicious activity detected on it. As mentioned in the introduction, all of the information provided by "WIN-8x0007 Error" is false.

Trusting scam websites can lead to a broad range of severe problems. Should it be impossible to close a deceptive site, Windows Task Manager must be used to end the browser process. It is important not to restore the previous browsing session when reopening the browser, as this will reopen the scam page.

The aim of all online scams is to generate revenue for their designers, but how they achieve the goal differs, and this applies to "WIN-8x0007 Error" as well.

Firstly, technical support schemes aim to trick victims into calling their phone numbers. Secondly, the scammers attempt to gain remote access to the supposedly infected device (usually, through the use of legitimate software). After these steps, the scam scripts diverge.

Scammers can run fake scans and/or perform bogus malware removal, but leave the computer unharmed. Alternatively, they can uninstall genuine protection tools, install fake anti-viruses (that require purchase), and/or infect the system with real malware.

Scammers also target sensitive/personal information: names, addresses, emails, telephone numbers, account log-in credentials (e.g., of online bank accounts), banking account and/or credit card details, and so on.

They can extract this data through: deception (e.g., by tricking the victims into disclosing it, placing it in a text document that the scammers claim not to see, etc.), phishing websites (e.g., fake bank account sign-in pages, dubious payment gateways, etc.), or via information-stealing malware. Remote Access Trojans (RATs) are a common choice for tech support scammers, as these malicious programs enable (potentially indefinite) stealthy remote access and control over the machine.

Trojan-types can have a wide variety of dangerous functionalities, however, systems may be infected with data-encrypting ransomware, cryptocurrency miners (cryptominers), and other malicious software.

The primary way that these schemes profit is by asking victims to pay for the scammers' "services" (e.g., nonexistent malware elimination, future tech support and protection services, etc.). The fees tend to be exorbitant, and successfully scammed victims are often targeted repeatedly.

To summarize, by trusting the "WIN-8x0007 Error" scam, users can experience system infections, severe privacy issues, significant financial losses, and even identity theft. PUAs are prime suspects behind rogue redirects to misleading, deceptive/scam, and malicious web pages (e.g., ones running "WIN-8x0007 Error").

These applications can have other dangerous functionalities. For example, intrusive advertisement delivery (adware), browser modification in promotion of fake search engines (browser hijackers), and data tracking.

Most PUAs monitor browsing activity (browsing and search engine histories) and collect sensitive information derived from it (IP addresses, geolocations, and even personally identifiable details). The collected data is then monetized by sharing with and/or selling to third-parties.

Therefore, it is crucial to remove all suspect applications and browser extensions/plug-ins immediately upon detection.

Threat Summary:

Name	WIN-8x0007 Error tech support scam
Threat Type	Phishing, Scam, Social Engineering, Fraud
Fake Claim	Scam claims that suspicious activity has been detected on users' devices, and urges them to call the fake helpline.
Disguise	Windows alert from Microsoft
Tech Support Scammer Phone Number	713-1774-9952
Related Domains	winsupport[.]xyz
Detection Names (winsupport[.]xyz)	Fortinet (Malware), Google Safebrowsing (Phishing), Netcraft (Malicious), Sophos (Phishing), Forcepoint ThreatSeeker (Suspicious), Full List Of Detections (VirusTotal)
Serving IP Address (winsupport[.]xyz)	185.92.220.163
Symptoms	Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods	Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage	Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"Suspicious Movement Distinguished On You IP", "WARNING CRITICAL MESSAGE", "Pornographic Alert" and "Killer's IP Address" are some examples of other technical support scams. There are many types of online schemes and thousands of websites that promote them.

Regardless of what the scams warn, claim, offer, request, or demand, the end-goal is always the same: to generate revenue for the scammers/cyber criminals behind them. Due to the widespread nature of this deceptive content on the internet, exercise caution when browsing.

How did potentially unwanted applications install on my computer?

PUAs are often downloaded/installed together with other products. This deceptive marketing technique of pre-packing regular software with unwanted or malicious additions is called "bundling".

By rushing through download/installation of software (e.g. ignoring terms, skipping steps and sections, using "Quick/Express" settings, etc.) many users risk unintentionally allowing bundled content into their devices. Intrusive advertisements proliferate PUAs as well. When clicked, the ads can execute scripts to download/install these applications without users' permission.

Some PUAs have "official" download web pages from which they can be downloaded.

How to avoid installation of potentially unwanted applications

You are advised to research all software before download/installation. Use only official and verified download channels. Unofficial and free file-hosting websites, Peer-to-Peer sharing networks (BitTorrent, Gnutella, eMule), and other third party downloaders commonly offer harmful and bundled content, and are therefore untrusted and should be avoided.

When downloading/installing, read the terms, study all possible options, use the "Custom/Advanced" settings and opt-out of additional apps, tools, features, and so on.

Intrusive advertisements typically seem legitimate, however, they can redirect to dubious and malicious sites (e.g. gambling, pornography, adult-dating, and many others). If you encounter ads or redirects of this kind, inspect the system and remove all dubious applications and browser extensions/plug-ins immediately.

Installed programs must be activated and updated with tools or implemented functions that are provided by the official developers. No other third party, unofficial tools should be used.

Note that it is illegal to activate licensed software with ‘cracking’ tools. Files and programs should be downloaded from official websites and via direct download links. Avoid third party installers and the tools/sources mentioned above.

Do not open website links or files in irrelevant emails that are received from unknown, suspicious addresses. These bogus emails are often disguised as official and important. Regularly, scan your computer with reputable, up-to-date antivirus or anti-spyware software.

If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Text presented in "WIN-8x0007 Error" scam:

Pop-up:

 

** WARNUNG! KRITISCHE MELDUNG! **
Fehler #WIN-8x0007
Ignorieren Sie diese wichtige Warnung nicht
Bitte aufhören und den PC nicht schließen
Der Registrierungsschlüssel Ihres Computers ist gesperrt.
Warum haben wir Ihren Computer blockiert?
Der Windows-Registrierungsschlüssel ist illegal.
Dieser Windows-Desktop wird mit raubkopierter Software.
Dieser Windows-Desktop sendet Viren über das Internet.
Dieser Windows-Desktop wird gehackt
Wir blockieren diesen Computer zu Ihrer Sicherheit.
Kontaktieren Sie microsoft helpline, um Ihren computer zu reaktivieren.
Microsoft Sicherheit Gebührenfreie:
713-1774-9952

 

----------------------

Background:

 

Microsoft Sicherheit Gebührenfreie:
Verhindern Sie, dass diese Seite zusätzliche Dialoge erstellt.
713-1774-9952

 

Geben Sie Windows registration key zu entsperren.
EINGABETASTE:

 

Windows-Unterstützung Alert
Windows wurde aufgrund verdächtiger Aktivitäten blockiert
Ignorieren Sie diese kritische Warnung nicht.
Bitte melden Sie diese Aktivität an
713-1774-9952
[Warnung Ignorieren] [Chat Nun]

The appearance of "WIN-8x0007 Error" pop-up scam (GIF):

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is WIN-8x0007 Error tech support scam?
• How to identify a pop-up scam?
• How do pop-up scams work?
• How to remove fake pop-ups?
• How to prevent fake pop-ups?
• What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

• Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
• Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
• Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
• Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
• Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

• If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
• If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
• If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
• Help other Internet users: report Internet scams to Federal Trade Commission.

▼ Show Discussion