FacebookTwitterLinkedIn

Avoid getting scammed by websites displaying "Firewall Spyware Alert"

Also Known As: Firewall Spyware Alert tech support scam
Damage level: Medium

What is the "Firewall Spyware Alert"?

"Firewall Spyware Alert" is the name of a technical support scam, which is promoted through various highly untrustworthy sites. There are several versions of this online scheme, yet thematically they are identical. The primary differences are visual, and there are slight variations on the fake messages.

Essentially, these scams claim that users' devices have been infected with spyware and/or other viruses, and urge them to establish contact with the scammers by calling the provided telephone numbers. The "Firewall Spyware Alert" scam is disguised as an alert from Microsoft (or its products).

It must be emphasized that none of the information provided by this scheme is true, and it is in no way associated with the real Microsoft Corporation. Tech support scams aim to gain and subsequently abuse victims' trust - to generate profit at their expense.

These schemes pose a serious threat to device and user safety. Typically, users enter deceptive websites via mistyped URLs, or redirects caused by intrusive advertisements or installed PUAs (Potentially Unwanted Applications).

Firewall Spyware Alert scam

When users access webpages running the "Firewall Spyware Alert" scam, they are presented with multiple pop-up windows. The text in the pop-ups claims that the system has been infected with firewall/trojan spyware, and as a result - the device is currently blocked.

The nonexistent threat can be specified as error "#0x268d3(x7)", "#x00082dfo09d", or something similar.

These windows can include brief infection/virus descriptions, results of fake system scams, potential threat lists (e.g., exposed email credentials, banking passwords, social media accounts, stored pictures and documents, etc.), and so on.

Throughout the messages, users are told to call the fake "helplines" in order to remove the alleged threats and recover access to their device.

Technical support scams begin when the numbers they promote are called, yet how they progress from that point differs. The main source of revenue are the exorbitant fees for the scammers' "services". Typically, they attempt to gain remote access to the victims' devices.

From then on, they can run fake system scans, perform bogus malware removal processes, uninstall genuine protection tools, install fraudulent anti-viruses (which require purchase), infect the system with real malware (e.g., trojans, ransomware, cryptominers, etc.), extract sensitive/private information, and so forth.

Scammers often infiltrate Remote Access Trojans (RATs) into their victims' systems, through which they can ensure (potentially indefinite) remote access and control over the computers.

Vulnerable data can be extracted from the victims by tricking them into revealing it, entering the information into phishing websites (e.g., disguised as online banking log-in pages, fake payment gateways, etc.), or via data-stealing malware.

Information of interest includes (but is not limited to): names, addresses, telephone numbers, emails, various account/service/platform log-in credentials (i.e., IDs, usernames, and passwords), banking account details, credit card numbers, etc. Scammers usually request the victims to pay in digital currencies (e.g., cryptocurrencies, pre-paid vouchers, gift cards, etc.), which are difficult/impossible to trace and/or refund.

In many cases, successfully scammed victims are targeted repeatedly.

To summarize, by trusting the "Firewall Spyware Alert" scam, users can experience system infections, severe privacy issues, significant financial losses, and even identity theft. Should it be impossible to close a scam webpage - the Windows Task Manager must be used to end the browser's process.

Additionally, upon the browser's reopening, it is important not to restore the previous browsing session - as that will also reopen the deceptive website.

As mentioned in the introduction, scam sites can be force-opened by PUAs infiltrated into the system. These applications can have different heinous functionalities, and these functions can be in varied combinations. Adware-type PUAs run intrusive advertisement campaigns.

The delivered ads promote untrustworthy/malicious websites and stealthily download/install software - when they are clicked on. Another type of PUA called browser hijacker - modifies browser settings and restricts/denies access to them in order to promote fake search engines.

The promoted web searchers are usually cannot provide search results, so they redirect to Google, Bing, Yahoo, and other legitimate search engines. What is more, most PUAs have data tracking abilities.

They monitor browsing activity (browsing and search engine histories) and collect sensitive information extracted from it (IP addresses, geolocations, and personally identifiable details). The collected data is then monetized by being sold to third-parties.

Therefore, to protect device and user safety, it is crucial to remove all suspicious applications and browser extensions/plug-ins immediately upon detection.

Threat Summary:
Name Firewall Spyware Alert tech support scam
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Scam claims users devices have been infected and blocked.
Disguise Alert from Microsoft
Tech Support Scammer Phone Number +1-585-205-7786 and +1-888-308-5768
Related Domains badlyf[.]xyz
Detection Names (badlyf[.]xyz) Fortinet (Phishing), Google Safebrowsing (Phishing), Kaspersky (Malware), SCUMWARE.org (Malware), Trustwave (Malicious), Full List Of Detections (VirusTotal)
Serving IP Address (badlyf[.]xyz) 157.230.233.245
Symptoms Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"McAfee Tollfree", "Code #007d3Cx0d", "Error Code: #0x564897", "Microsoft Security Essentials Alert", and "Suspicious Movement Distinguished On You IP" are some examples of tech support scams. The Internet is rife with misleading, deceptive, and malicious content.

Popular scam models are: warnings that the system is infected or at risk, alerts that an essential piece of software is outdated or missing, ludicrous offers and deals, fake prize giveaways and raffles, etc.

Regardless of what the schemes offer, promise, request, or demand, the end-goal is the same - to generate revenue for the scammers/ cyber criminals behind them. Due to how prevalent online scams are, it is strongly advised to exercise caution when browsing.

How did potentially unwanted applications install on my computer?

PUAs are distributed through download/installation setups of other programs. This false marketing method of packing regular software with unwanted or malicious additions - is called "bundling".

Rushed download/installation processes (e.g., ignored terms, skipped steps and sections, etc.) increase the risk of inadvertently allowing bundled content into the system. Intrusive advertisements are used to spread PUAs as well.

Once clicked on, the ads can execute scripts to download/install these applications without user consent. PUAs may also have "official" promotional/download webpages.

How to avoid installation of potentially unwanted applications?

It is recommended to research software prior to download/installation and/or purchase. Additionally, all downloads must be performed from official and verified sources.

Untrustworthy download channels, e.g., unofficial and free file-hosting websites, Peer-to-Peer sharing networks, and other third-party downloaders - commonly offer harmful and bundled content.

When downloading/installing, it is important to read terms, study possible options, use the "Custom/Advanced" settings and opt-out from additional apps, tools, features, etc. Intrusive advertisements appear legitimate and innocuous; however, they redirect to various unreliable and questionable sites (e.g., gambling, pornography, adult-dating, and so on).

In case of encounters with ads and/or redirects of this kind, the system must be inspected and all dubious applications and browser extensions/plug-in detected - removed from it without delay.

If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Text presented in the "Firewall Spyware Alert" scam:

Main pop-up:

 

Windows_Firewall_protection
Microsoft
Firewall Alert - Error Code: #0x268d3(x7)
Access to this PC has been blocked for security reasons.
Contact Windows Support: +1-585-205-7786
Threat_Detected - Trojan Spyware
App: Ads.financetrack(1).exe
[Quick Support] [Go Back Safety]

 

-------------------------

 

Background pop-ups:

 

1:

 

Microsoft-Windows-Defender-Alert : Call +1-585-205-7786     (USA-Toll-Free)
You Are Protected
Protection Updates: Current
Last Scan: Not available | Quick Scan
Licenses Used: 1 of 5 | Install on Another Device
Security Identity Performance Firewall
Disabled At Risk Optimized Turned Off

 

STATUS : Your PC is at Risk!

 

2:

 

Quick Scan
Done
Working
Scanning commonly infected areas and startup files...
C:Program FilesWindows_DefenderMSASCuiL.exe

 

Results Summary
[+] Total items scanned:
[+] Total security risks detected:
[+] Total security risks resolved:
Total security risks requiring attention:
Microsoft [Pause][Stop]

 

3:

 

Windows_Defender - Security Warning
** ACCESS TO THIS PC HAS BEEN BLOCKED FOR SECURITY REASONS **
Your computer has alerted us that it has been infected with a Trojan Spyware. The following data has been compromised.
> Email Credentials
> Banking Passwords
> Facebook Login
> Pictures & Documents
Windows_Defender Scan has found potentially unwanted Adware on this device that can steal your passwords, online identity, financial information, personal files, pictures or documents.
You must contact us immediately so that our engineers can walk you through the removal process over the phone.
Call Microsoft Support immediately to report this threat, prevent identity theft and unlock access to this device.
Closing this window will put your personal information at risk and lead to a suspension of your Windows Registration.
Call Microsoft Support: +1-585-205-7786     (USA-Toll-Free)
[Cancel] [OK]

The appearance of "Firewall Spyware Alert" pop-up scam (GIF):

Appearance of Firewall Spyware Alert scam (GIF)

Screenshot of the "Firewall Spyware Alert" scam's alternative variant:

Firewall Spyware Alert tech support scam alternative variant

Text presented in this variant's main pop-up window:

Firewall-Protection-Alert !!

 

Microsoft

 

Firewall-Spyware-Alert - Error Code: #x00082dfo09d
Access to this PC has been blocked for security reasons.
Firewall Helpline: +1-888-308-5768

 

Threat-Detected - Firewall-Spyware
App: Ads.financetrack(1).exe
[Quick Support]

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Removal of potentially unwanted applications:

Windows 11 users:

Accessing Apps and Features in Windows 11

Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.

Windows 10 users:

Accessing Programs and Features (uninstall) in Windows 8

Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.

Windows 7 users:

Accessing Programs and Features (uninstall) in Windows 7

Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.

macOS (OSX) users:

Uninstall app in OSX (Mac)

Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.

PUAs uninstall via Control Panel

In the uninstall programs window, look for any suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".

After uninstalling the potentially unwanted application, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.

Remove rogue extensions from Internet browsers:

Video showing how to remove potentially unwanted browser add-ons:

Google Chrome logoRemove malicious extensions from Google Chrome:

Removing rogue extensions from Google Chrome step 1

Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome), select "More tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons and remove them.

Removing rogue extensions from Google Chrome step 2

Optional method:

If you continue to have problems with removal of the firewall spyware alert tech support scam, reset your Google Chrome browser settings. Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.

Google Chrome settings reset step 1

After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.

Google Chrome settings reset step 2

In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.

Google Chrome settings reset step 3

Mozilla Firefox logoRemove malicious plugins from Mozilla Firefox:

Removing rogue extensions from Mozilla Firefox step 1

Click the Firefox menu firefox menu icon (at the top right corner of the main window), select "Add-ons". Click on "Extensions", in the opened window remove all recently-installed suspicious browser plug-ins.

Removing rogue extensions from Mozilla Firefox step 2

Optional method:

Computer users who have problems with firewall spyware alert tech support scam removal can reset their Mozilla Firefox settings.

Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, firefox menu icon in the opened menu, click Help.

Accessing settings (Reset Firefox to default settings step 1)

Select Troubleshooting Information.

Accessing Troubleshooting Information (Reset Firefox to default settings step 2)

In the opened window, click the Refresh Firefox button.

Clicking on Refresh Firefox button (Reset Firefox to default settings step 3)

In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.

Confirm your want to reset Firefox settings to default (Reset Firefox to default settings step 4)

safari browser logoRemove malicious extensions from Safari:

removing adware from safari step 1 - accessing preferences

Make sure your Safari browser is active, click Safari menu, and select Preferences....

removing adware from safari step 2 - removing extensions

In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.

Optional method:

Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...

resetting safari step 1

In the opened window select all history and click the Clear History button.

resetting safari step 2

Microsoft Edge (Chromium) logoRemove malicious extensions from Microsoft Edge:

Removing adware from Microsoft Edge step 1

Click the Edge menu icon Microsoft Edge (chromium) menu icon (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.

Removing adware from Microsoft Edge step 2

Optional method:

If you continue to have problems with removal of the firewall spyware alert tech support scam, reset your Microsoft Edge browser settings. Click the Edge menu icon Microsoft Edge (chromium) menu icon (at the top right corner of Microsoft Edge) and select Settings.

Microsoft Edge (Chromium) reset step 1

In the opened settings menu select Reset settings.

Microsoft Edge (Chromium) reset step 2

Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.

Microsoft Edge (Chromium) reset step 3

  • If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.

Internet Explorer logoRemove malicious add-ons from Internet Explorer:

Removing rogue extensions from Internet Explorer step 1

Click the "gear" icon Internet Explorer options icon (at the top right corner of Internet Explorer), select "Manage Add-ons". Look for any recently-installed suspicious browser extensions, select these entries and click "Remove".

Removing rogue extensions from Internet Explorer step 2

Optional method:

If you continue to have problems with removal of the firewall spyware alert tech support scam, reset your Internet Explorer settings to default.

Windows XP users: Click Start, click Run, in the opened window type inetcpl.cpl In the opened window click the Advanced tab, then click Reset.

Resetting Internet Explorer settings to default on Windows XP

Windows Vista and Windows 7 users: Click the Windows logo, in the start search box type inetcpl.cpl and click enter. In the opened window click the Advanced tab, then click Reset.

Resetting Internet Explorer settings to default on Windows 7

Windows 8 users: Open Internet Explorer and click the gear icon. Select Internet Options.

Reseting Internet Explorer settings to default in Windows 8 - accessing

In the opened window, select the Advanced tab.

Resetting Internet Explorer settings to default on Windows 8 - Internet options advanced tab

Click the Reset button.

Resetting Internet Explorer settings to default on Windows 8 - click the Reset button in the Internet options advanced tab

Confirm that you wish to reset Internet Explorer settings to default by clicking the Reset button.

Resetting Internet Explorer settings to default on Windows 8 - confirm settings reset to default by clicking the reset button

Summary:

declining installation of adware while downloading free software sampleCommonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.

Removal assistance:
If you are experiencing problems while trying to remove firewall spyware alert tech support scam from your computer, please ask for assistance in our malware support forum.

Post a comment:
If you have additional information on firewall spyware alert tech support scam or it's removal please share your knowledge in the comments section below.

Click to post a comment

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Firewall Spyware Alert tech support scam QR code
Scan this QR code to have an easy access removal guide of Firewall Spyware Alert tech support scam on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.