What kind of scam is "Virus/Malware Infections Have Been Recognized"?
"Virus/Malware Infections Have Been Recognized" is a technical support scam that our researchers found while inspecting rogue websites. This scheme aims to deceive users into calling fake Microsoft Support by claiming that their device is infected.
"Virus/Malware Infections Have Been Recognized" scam overview
The "Virus/Malware Infections Have Been Recognized" scam is run on pages presented as Microsoft's official website. It displays multiple pop-up windows warning of threats on users' devices and urging them to call the provided telephone numbers.
It must be emphasized that all the information provided by this scam is false, and it is not associated with the Microsoft Corporation or any of its products/services.
The scam starts when the user calls the fake helpline. Throughout the scheme, scammers pretend to be "expert technicians" offering support such as malware removal, security installation, subscription renewal, etc.
In most cases, tech support scams involve scammers requesting remote access to users' devices. The connection can be facilitated through legitimate software like TeamViewer, UltraViewer, AnyDesk, or others.
Threats posed by tech support scammers
Criminals may disable or remove genuine security tools, install fake anti-viruses, extract data, obtain funds, and/or infect the system with malware.
Targeted information may include usernames/passwords (e.g., emails, social networking, data storage, e-commerce, online banking, cryptocurrency wallets, etc.), personally identifiable info (e.g., ID card details, passport scans/photos, etc.), and finance-related data (e.g., banking account details, credit card numbers, etc.).
Aside from acquiring data over the phone, scammers can instruct victims to enter it into phishing sites/files or use information-stealing malware.
Furthermore, the "services" of cyber criminals can be exorbitantly priced. Cryptocurrencies, pre-paid vouchers, gift cards, cash hidden in packages, and similar difficult-to-trace methods are preferred by scammers since that decreases the chances of persecution and victims retrieving their money. What is more, successfully scammed users can get targeted repeatedly.
In summary, victims of scams like "Virus/Malware Infections Have Been Recognized" may experience system infections, serious privacy issues, financial losses, and identity theft.
If you cannot exit a deceptive webpage – end the browser's process using Windows Task Manager. When re-accessing the browser, start a new browsing session since restoring the old one will reopen the scam site.
If you have allowed cyber criminals to access your device remotely – disconnect it from the Internet and uninstall the remote software used, as the scammers may not need your permission to reconnect. Afterwards, perform a complete system scan with an anti-virus and eliminate all detected threats.
If you have provided scammers with your log-in credentials – change the passwords of all possibly compromised accounts. In case the disclosed data was of a different personal nature (e.g., ID card details, credit card numbers, etc.) – immediately contact the corresponding authorities.
|Name||"Virus/Malware Infections Have Been Recognized" tech support scam|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Device is with infected viruses/malware and sensitive data is at risk.|
|Tech Support Scammer Phone Number||+1-888-447-0024, +1-844-694-4857|
|Symptoms||Fake error messages, fake system warnings, pop-up errors, hoax computer scan.|
|Distribution methods||Compromised websites, rogue online pop-up ads, potentially unwanted applications.|
|Damage||Loss of sensitive private information, monetary loss, identity theft, possible malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Technical support scam examples
The Internet is full of various scams, e.g., support, threat/error alerts, software updates, package delivery issues, lotteries, giveaways, etc. Regardless of what this content warns, demands, offers, or promises – the end goal is the same: to generate revenue at victims' expense.
How did I open a scam website?
Rogue pages can force-open deceptive websites upon access or when hosted content is clicked (e.g., buttons, text input fields, ads, etc.). Adware may display advertisements that promote scams or force-open sites that run them.
Scams are also endorsed through spam in general (e.g., emails, PMs/DMs, SMSes, forum/ social media posts, notifications, etc.).
How to avoid visiting scam websites?
It is paramount to be careful while browsing since fraudulent and malicious online content typically appears genuine and harmless. For example, intrusive ads and spam browser notifications may look innocuous – however, they redirect to highly questionable websites (e.g., scam-promoting, gambling, pornography, etc.).
We advise against using sites that offer pirated software/media or other dubious services (e.g., illegal streaming or downloading, Torrenting, etc.) since these webpages usually utilize rogue advertising networks.
Another recommendation is to always mind URLs and enter them with care. Do not open attachments or links found in suspicious/irrelevant mail, as they can be harmful.
To avoid receiving unwanted browser notifications – do not permit suspect websites to deliver them (i.e., do not click "Allow", "Allow Notifications", etc.). Instead, ignore or deny notification requests from such pages (i.e., press "Block", "Block Notifications", etc.).
To prevent bundled/hazardous software from infiltrating the system – download only from official/verified sources and treat installations with caution (e.g., read terms, use "Custom/Advanced" settings, and opt out of supplementary apps, extensions, tools, etc.).
If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.
Text presented in "Virus/Malware Infections Have Been Recognized" scam's topmost pop-up:
Microsoft Windows Security Center
(5) Virus/Malware infections have been recognized on your device.
Address IP: - 10/25/2023, 10:15:18 AM
Your personal data, banking information and web login credentials saved on this PC are at risk due to a major security breach.
Call Microsoft Windows Support: +1-888-447-0024 (Helpline USA)
The appearance of "Virus/Malware Infections Have Been Recognized" pop-up scam (GIF):
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "Virus/Malware Infections Have Been Recognized" tech support scam?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Essentially, pop-up scams are deceptive messages that trick users into performing specific actions. For example, users may be lured into calling fake support lines, allowing cyber criminals to access devices remotely, disclosing information, making monetary transactions, downloading/installing software, and so forth.
What is the purpose of a pop-up scam?
Pop-up scams are used for profit. Cyber criminals can gain revenue by obtaining funds through deception, selling or abusing private data, promoting content, and proliferating malware.
Why do I encounter fake pop-ups?
Pop-up scams are run on deceptive sites. Most visitors access these webpages via redirects generated by mistyped URLs, websites using rogue advertising networks, spam browser notifications, intrusive ads, or installed adware.
I cannot exit a scam page, how do I close it?
End the browser's process with Task Manager. When re-accessing the browser, do not restore the previous browsing session since that would reopen the scam page.
I have allowed cyber criminals to remotely access my computer, what should I do?
Disconnect the device from the Internet and remove the software used to establish remote access (e.g., UltraViewer, TeamViewer, AnyDesk, etc.), as the cyber criminals may not need your consent to reconnect. Lastly, perform a full system scan with an anti-virus and remove all detected threats.
I have provided my personal information when tricked by a pop-up scam, what should I do?
If you have disclosed your log-in credentials – immediately change the passwords of all potentially compromised accounts and inform their official support. However, if you have provided other private data (e.g., ID card details, passport photos/scans, credit card numbers, etc.) – contact relevant authorities without delay.
Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?
Combo Cleaner can scan visited sites and detect scam-running and malicious ones. Additionally, it can deny further access to such websites. Combo Cleaner can scan computers and eliminate nearly all known malware infections. Keep in mind that since sophisticated malicious software typically hides deep within systems – performing a complete system scan is crucial.