Get rid of the Microsoft Warning Virus scam issue, which is on the rise with fake threat detection reports and recommendations to call an impostor technician.
Tech support scams have always been a goldmine for ne’er-do-wells who seek easy gain. These manipulative campaigns revolve around the use of browser hijackers, screen lockers or popup viruses that report inexistent threats on a computer. We dealt with Zeus Virus fake alert earlier this year. The Microsoft Warning Virus scam is one of the biggest ongoing waves of this type of fraud. There are several variants of said infection. One affects a victim’s web browsers and recurrently displays deceptive popup alerts stating that spyware or riskware has been detected and instructing the user to call a toll-free telephone number for troubleshooting. The other type, a less widespread one, generates a lock screen that appears before Windows boots up, reading, “Microsoft has detected some suspicious activity on this computer.” Similarly, the rogue message tries to dupe the user into calling a “Microsoft certified technician”.
The edition of the Microsoft Warning Virus that hits browsers typically triggers the redirect routine by modifying the Hosts file. For those who aren’t aware, what the Hosts file does is it correlates such values as hostnames and IP addresses. In other words, it makes sure a random URL entered in the browser’s address field matches the correct Internet Protocol parameters. In case this binding goes broken, a specific website can be forcibly resolved in browsers when the target person wishes to visit a totally different page. Virus creators are smart enough to comprehend the amount of privileges they can get on a system if they somehow modify the Hosts file. This is what the Microsoft Warning Virus tends to do. It overwrites the original preset so that the victim goes to a certain page other than the desired one. As a result, the infected users will be recurrently routed to so-called landing pages that display recommendations to reach rogue support agents for assistance.
The misleading alert accompanying this hoax says, “Malicious Pornographic Spyware/Riskware Detected. Error # 0x80072ee7.” This part is followed by a persistent recommendation to call the self-proclaimed Microsoft tech representatives at a certain phone number. A few widely reported examples include 0-800-046-5729 and 0-800-046-5211. It’s strongly recommended to refrain from contacting whoever is behind these numbers, otherwise users will run the risk of getting their privacy violated. Another possible side effect of such an imprudent action is that the crooks may request details that will allow them to gain remote access to the plagued computer. In this case, the threat actors are able to plant arbitrary malicious code onto the PC directly. In the least adverse scenario, a hefty amount of money will be withdrawn from the caller’s phone account.
The issue with the Microsoft Warning Virus isn’t in the realm of detection most of the time – quite a few AV programs across the board are able to spot it. The hurdle has to do with persistence of this code, hence removal difficulties. The instructions that you are about to follow fully address this snag.
Automated removal of Microsoft Warning Virus
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
Use Control Panel to get rid of Microsoft Warning Virus
• Open up the Control Panel from your Start menu in Windows and select Uninstall a program
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find some other unfamiliar entry under the Name column, click Uninstall and follow further directions to get the removal done.
Restore web browser settings to their original defaults
In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the Microsoft Warning Virus.
Reset Mozilla Firefox
• Open Firefox, type about:support in the URL area and press Enter
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
• Follow subsequent directions to reset Firefox to its original settings
• Restart the browser.
Reset Google Chrome
• Open Chrome, click the icon for Chrome menu and choose Settings
• Scroll down the settings screen and click Show advanced settings
• Click Reset settings
• Finally, confirm the restoration by clicking Reset on the warning message
• Restart Chrome.
Reset Internet Explorer
• Select Internet options under IE’s Tools
• Proceed by clicking on Advanced tab, then select Reset
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
• Reboot the machine to fully implement the fix.
Revise your security status
Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.
- Petya ransomware removal and system recovery (upd. June 27)
- Sorebrect ransomware – fileless malware exploits PsExec utility
- Remove MOLE02 ransomware virus and decrypt .mole02 files (upd. June 15)
- Erebus ransomware infects Linux web servers in South Korea
- Decrypt .master ransomware files – BTCWare virus variant