Fake Microsoft Pop Up

sbarkan · Apr 3, 2017

So I just got a pop up page with an audio warning and a screen that looked like a pretty good replica of a microsoft screen telling me that my computer had been BLOCKED because it was infected, etc., etc. and to call this . I couldn't close the pop up window or click on any of the other windows that were open on my computer. I assumed it was a scam, so wrote the number down and did a forced shutdown. I have no intention of calling that number.

I used my phone's browser to look up the phone number, and yes, all signs point to a scam. But should I be worried about any bad stuff on my computer now? I ask especially because one of the of the top results of a search of that number is to " and recommends something called "Plumbytes" to "Remove Pop up!" Do I need to do anything? Scam on top of scam??

Thanks, and please be kind. Thanks.

Dark Lord of Tech · Apr 3, 2017

Yes those are 100% SCAMS , JUST LIKE THE PHONE CALLS PEOPLE RECEIVE.

Avast-Team · Apr 5, 2017

Definitely a scam. The only thing you need to do is get yourself some security software (both Avast and AVG have free options) and do a "Full Scan," remove any malware you find -- you may also need to disconnect the machine from the Internet and do a boot-time scan first. Many of these malware processes automatically perpetuate themselves when you attempt to remove them.

sbarkan · Apr 6, 2017

Avast-Team :

sbarkan · Apr 6, 2017

Thank you. I do have a free version of Avast, and will do a Full Scan and a Boot-Time scan.

Paul NZ · Apr 6, 2017

Get adwcleaner.It'll probably do a better job

jmart14 · Apr 6, 2017

sbarkan :

I just got one today ; first experienced it last month. I had done a forced shutdown last time; this time, I noticed there was a checkbox in the corner of the popup that would prevent future dialogs. I checked it and the popup did close after that, but came right back. So I again checked the box, but went this time went up to the tab and was able to close it. Didn't come back. I checked my Norton, no access attempts during that time. I think this scam depends upon people being too scared to turn off the computer if they can't close the window, and they panic and call the number.
So, to summarize, check the box in the pop-up, then close the tab it rode in on.
Also be careful when researching answers; I did that right after it happened , and a site called helpmeremovemalware.blogspot launched Fake Scan webpage 12; Norton blocked it. Norton's pretty good, even this basic version that comes free with Xfinity.

sbarkan · Apr 7, 2017

Paul NZ :

PaulNWZ: If I already have Malwarebytes-Free, is adwcleaner part of it, and if so would it run automatically during daily scan? Thanks.

Dark Lord of Tech · Apr 7, 2017

ADW is a separate tool.
https/www.bleepingcomputer.com/download/adwcleaner/

It needs to be run manually.

sbarkan · Apr 7, 2017

Paul NZ :

Sorry, Paul NZ! Don't know where the random 'W' came from!

EjWestVirginia · Apr 19, 2017

I just got the same pop up. I quickly sent a message on another device to Malwarebytes while running a scan. Nothing popped up in scan so I researched the number and got here. Glad I did coz I was not calling that number. I did a forced shutdown and am now running a deep scan too. So far nothing. Now just need to warn the hub if he gets one on his laptop. So glad I got directed here.

I hate Pop Ups · Apr 20, 2017

It's a scam "pop up" that probably froze your browser, correct?

The easy fix is to "end task" your browser.

Quickly press on your keyboard at the same time your control, alt, and delete buttons.

It should pull up a screen that allows you to get to "task manager".

Hit Task Manager. You screen will display all active programs.

Click on the browser you wish to terminate and hit "end task".

You will also lose anything you had up in your browser, but it was frozen, right?

Also, when you restart your browser, it may prompt you to go to your most recently visited sights, DO NOT GO THERE, right? It's where you were frozen...

Meir__Elazar · May 4, 2017

Open a DOS window and identify the URL of the offending site generating the malicious fake popup. Now take the URL of the site which in this case is accesserror9075x014.com but this is true of any such malicious site. In the DOS window type "Ping accesserror9075x014.com" or NSLOOKUP and the URL or Tracert and the URL. One way or another you will get the actual IP address of the site. Now google how to block an IP address in windows (Windows key + R) and type fw.msc. Now follow the instructions to create a custom rule to block that IP address. Next run notepad with administrator privileges and edit the file C:\windows\system32\drivers\etc\hosts. Note that their is no extension and you should not add .txt which is the default of Notepad. Look at examples in the file and add 127.0.0.1 followed by the url which you wish to block. In our example this would be

127.0.0.1 accesserror9075x014.com # Blocked by <your name> on <this date> because <your reasons>

Note that you must only use notepad and not any fancy wordprocessor and it is a good idea to add a comment as shown but substitute you information for the generic field in the <>.

Save the file as hosts. From now on this site will be totally blocked from your computer.

You may also use this for any other sites that you wish to block.

Good Luck

Meir Elazar

Computer_Alternatives · Aug 1, 2017

Avast-Team :

Computer_Alternatives · Aug 1, 2017

I'm a Network Security Engineer, and I have analyzed this over and over. So you really are not getting infected. What is happening, is that an invisible i-frame, with a border width of zero is actually inserting itself over the rest of the browser. In it, it is running a Java Script. There are a few ways to defeat this, since these pop-ups are getting prevalent. One way is to simple CTRL-SHIFT-ESC, bringing up task manger, then finding your browser Firefox.exe, Chrome.exe, etc, and ending the task. This however has the unwanted affect of closing all open pages. Another way, I have found in Chrome that works nicely is this. Click the lock icon, or http icon in the address bar. A drop down will show you the currently enabled permissions allowed to run on the site. Simply block cookies, and block Java Script from running. Then the page will close, just like normal, and not close any other pages you might have open. Since this is not actually a virus, there really is no reason to panic, and run a full system scan with AV software. If the AV makers, would come out with a better script blocker for such sites, like Noscript it might help.

adriansafar · Jan 30, 2018

SO I made a bad decision and called the number, paid the money and allowed them to access my computer. I have since requested a refund from the ms-itsupport company and that process is underway. I am want my computer to be secure again. How do I fix this?

USAFRet · Jan 30, 2018

adriansafar :

1. Unplug this from the internet.
2. From a different PC, change ALL your passwords.
3. On this PC, you do a FULL wipe and reinstall of the OS.

adriansafar · Jan 31, 2018

understood.

Fake Microsoft Pop Up

Distinguished

Retired Moderator

Estimable

Distinguished

Distinguished

Admirable

Prominent

Distinguished

Retired Moderator

Distinguished

Prominent

Prominent

Prominent

Prominent

Prominent

Prominent

Illustrious

Prominent

Similar threads

Share this page