Explained: Does Microsoft Send Virus Alerts?

Dennis Faas's picture

Infopackets Reader Jamil S. writes:

" Dear Dennis,

Lately I have been inundated with Microsoft virus alerts in my web browser claiming that my PC is infected and to call a 1-800 number to fix the problem. There is no way to dismiss the window. The Microsoft virus alerts appear suddenly and without warning, even if I'm on Amazon.com (for example). Sometimes the alerts have a very loud verbal pronouncement of a virus and insist that I call the number on the screen. Does Microsoft send virus alerts? Or is this fake? I have scanned my PC and it says no viruses. What gives? "

My response:

Does Microsoft Send Virus Alerts? Short answer: No.

Long answer:

What you are describing is a fake Microsoft virus alert scam often used by tech support scammers in India.

If you were to call the 1-800 number, the scammers would ask to remotely connect to your computer and then claim that your PC is in fact infected, and will cost (typically) $199 or more to "fix" the "problem". The scammers will then call you back in a few days / weeks / months, then claim your PC is being hacked and will ask for more money (usually $350-$1200, depending). The scam will repeat indefinitely until you either run out of money or wise up. The scammers will also install remote access backdoors and delete your files and/or lock you out of the machine if you don't pay them money or if you cancel your payment.

Related: Scammed by PC / Web Network Experts? Here's What to Do

Why am I receiving receiving Microsoft Virus Alerts?

You are receiving these fake Microsoft virus alerts because of one of three possibilities.

Possibility #1: Your System is Infected with Malware

If your system is infected, the malware will send fake Microsoft virus alerts in hopes of scaring you into calling the 1-800 for fake tech support. The fake virus alerts will appear in the browser, or even if the browser isn't loaded.

In this case, the fake Microsoft virus alerts will keep popping up indefinitely. In one particular case, a user was infected with these fake virus alerts for a few days, then the malware turned into ransomware and all files were encrypted. A ransomware note was left demanding $300 to unlock the files.

In less-severe cases it may be possible to remove the malware by scanning the system with antivirus or antimalware. However, depending on the malware strain it may simply reinstall itself repeatedly, especially if it is a rootkit infection.

To clear the infection you can try using Malwarebytes Antimalware free or antivirus of your choice, but there are no guarantees the malware will be found or removed. If you are still facing issues, you are welcome to contact me and I can remove the infection for you manually using my remote desktop support service.

Possibility #2: Your Browser is Infected

Another reason for fake Microsoft virus alerts is due to a web browser infection. The alerts can come from a malicious browser toolbar, browser helper object (BHO), or third-party bundled crap that was installed when you downloaded and installed something recently.

It may be possible to remove the malware by scanning the system with antivirus or antimalware. However, depending on the malware strain it may simply reinstall itself repeatedly.

To clear the infection you can try using Malwarebytes Antimalware free or antivirus of your choice, but there are no guarantees the malware will be found or removed. If you are still facing issues, you are welcome to contact me and I can remove the infection for you manually using my remote desktop support service.

Possibility #3: Malvertising

Another reason for fake Microsoft virus alerts appearing is due to "malvertising" (malicious advertising).

Malvertising can come in one of three ways:

  • (a) via malicious cookies or scripts that have been downloaded to your browser. Technically your browser is "infected," though the scripts will lie dormant until they are activated by an server which may or may not be malicious. This is how the fake Microsoft virus alerts can appear even if you are visiting a legitimate website like Amazon.com or even Google.com.
     
  • (b) visiting a nefarious website (for example: to obtain illegal copyrighted files via the pirate bay), and the website you are visiting serves up malicious ads directly to your system.
     
  • (c) a legitimate website is hacked by cyber criminals, then the web site's ad engine gets switched from serving legitimate ads to malicious ad server (to benefit the criminals), then these malicious advertisements are sent directly to users via the web browser.

In the latter two cases a good pop-up blocker may help to prevent the malicious ads from appearing. In the former case, scanning the system for malware and resetting the browser may work, but based on my experience it is a 50-50 craps shoot as to whether this will be effective. In both cases you will need to be very careful about what sites you're visiting in order to minimize exposure to malicious ad servers.

To clear the infection you can try using Malwarebytes Antimalware free or antivirus of your choice, but there are no guarantees the malware will be found or removed. If you are still facing issues, you are welcome to contact me and I can remove the infection for you manually using my remote desktop support service.

Got a Computer Question or Problem? Ask Dennis!

I need more questions. If you have a question - or even a computer problem that needs fixing - please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (6 votes)

Comments

DLStoehner's picture

Hey Dennis, you could have offered a program URL to check for the malware that you are speaking about - like Malwarebytes or Rogue Killer or some other such software. I know you need income to support your website, but sometimes a little goodwill can go a long way.

The bottom line is: there are some free tools and some paid tools to check a computer and get things straightened out. Some of the free tools work really well.

Dennis Faas's picture

Yes, Malwarebytes and most antivirus will work fine, but there are no guarantees the infections will be cleared. I've included URLs.