| Author |
Topic: Windows Defender alert--real or phony? |
Brint Hannay
From:
Maryland, USA
|
Posted 23 Jan 2019 5:37 pm |
|
I just encountered a very real-looking "Windows Defender Security Center" alert claiming my computer is infected with 5 viruses. It alleges that my "anti-virus software subscription has expired." I have Trend Micro Maximum Security and, checking with the main TM console, it has NOT expired.
My understanding is that activating TM automatically disables Windows Defender, and I have checked and WD says it is disabled.
What am I to make of this? I am very skeptical, to put it mildly.
I attach a screenshot of the alert screen. I have not clicked on the "Renew Now" button!
 |
|
|
|
Mitch Drumm
From:
Frostbite Falls, hard by Veronica Lake
|
Posted 23 Jan 2019 5:59 pm
|
|
I say it's bogus.
Grammatical errors are a common indicator of a fake.
Windows is NOT capitalized where it should be if it were legitimately from Microsoft/Windows Defender.
Likewise, exclamation points to heighten your anxiety is another reason to question it!!!!!!!!
You'd think they'd have these "warnings" proofread by a native English speaker with some sense of proper usage, but they never seem to get to that point.
I'm willing to be proven wrong here, but I've got major doubts. |
|
|
|
Brint Hannay
From:
Maryland, USA
|
|
|
|
Mitch Drumm
From:
Frostbite Falls, hard by Veronica Lake
|
|
|
|
Mitch Drumm
From:
Frostbite Falls, hard by Veronica Lake
|
Posted 23 Jan 2019 6:14 pm
|
|
Yeah, even more bogus looking. |
|
|
|
Brint Hannay
From:
Maryland, USA
|
Posted 23 Jan 2019 6:19 pm
|
|
| I'm running TM full scan right now. I have MBAM paid version also, and will run that next. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 23 Jan 2019 6:39 pm
|
|
That pop-up is for what's known as a Fake Anti-Virus Alert. It is an ad to goad the unsuspecting user into paying to remove the listed viruses. The only virus is that program that launches the pop-up alert. Malwarebytes will find and terminate it. You will need to reboot and scan again to get all of it out.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Mitch Drumm
From:
Frostbite Falls, hard by Veronica Lake
|
Posted 23 Jan 2019 6:45 pm
|
|
| I wouldn't be amused that the paid version of Malwarebytes apparently did not prevent it. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 23 Jan 2019 8:26 pm
|
|
| Mitch Drumm wrote: |
| I wouldn't be amused that the paid version of Malwarebytes apparently did not prevent it. |
Some variants of these fake AV alerts are well disguised. In fact, there is a new trick being employed by scammers using Desktop Notifications over the System Tray to peddle crapware and fake security programs. This may even be one of those.
Desktop notifications can be disabled in your browser. It is an advanced option. You normally see a pop-up requesting permission to show these notifications. You can disallow them on a one to one basis, or all at once.
If it is just a browser pop-over alert, it is driven by JavaScript. Disabling JavaScript with the NoScript Add-on puts the kibosh on that crap. Blocking JavaScript is also an option with the uBlock Origin Add-on.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Brint Hannay
From:
Maryland, USA
|
Posted 24 Jan 2019 10:25 am
|
|
Thanks, Wiz. I have rebooted and run both MBAM and Trend Micro scans, and both came up with 0 threats detected.
I looked into the settings in Firefox (my browser), and found options relating to what they call "Web Push" notifications. Is that what you're referring to as desktop notifications? |
|
|
|
