The Steel Guitar Forum Store 

Post new topic Windows Defender alert--real or phony?
Reply to topic
Author Topic:  Windows Defender alert--real or phony?
Brint Hannay

 

From:
Maryland, USA
Post  Posted 23 Jan 2019 5:37 pm    
Reply with quote

I just encountered a very real-looking "Windows Defender Security Center" alert claiming my computer is infected with 5 viruses. It alleges that my "anti-virus software subscription has expired." I have Trend Micro Maximum Security and, checking with the main TM console, it has NOT expired.

My understanding is that activating TM automatically disables Windows Defender, and I have checked and WD says it is disabled.

What am I to make of this? I am very skeptical, to put it mildly.

I attach a screenshot of the alert screen. I have not clicked on the "Renew Now" button!
View user's profile Send private message Send e-mail

Mitch Drumm

 

From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 5:59 pm    
Reply with quote

I say it's bogus.

Grammatical errors are a common indicator of a fake.

Windows is NOT capitalized where it should be if it were legitimately from Microsoft/Windows Defender.

Likewise, exclamation points to heighten your anxiety is another reason to question it!!!!!!!!

You'd think they'd have these "warnings" proofread by a native English speaker with some sense of proper usage, but they never seem to get to that point.

I'm willing to be proven wrong here, but I've got major doubts.
View user's profile Send private message

Brint Hannay

 

From:
Maryland, USA
Post  Posted 23 Jan 2019 6:07 pm    
Reply with quote

Me too.
note url below. "securitys-shieldso"? and all that other stuff
http://windowsappcenter.securitys-shieldso.pw/3/?utm_source=dhara1&utm_pubid=d4908ba5-c683-48e4-9324-4a755d8a986c&x-context=wQ2LKQ8MSNM7QHSJ1B6T0VJA&xm=fska.frekxtron.space
View user's profile Send private message Send e-mail

Mitch Drumm

 

From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 6:13 pm    
Reply with quote

Run some other stuff to see if you can find any malware.

Malwarebytes maybe.

Malwarebytes.org

https://www.eset.com/int/home/online-scanner/
View user's profile Send private message

Mitch Drumm

 

From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 6:14 pm    
Reply with quote

Brint Hannay wrote:
Me too.
note url below. "securitys-shieldso"? and all that other stuff
http://windowsappcenter.securitys-shieldso.pw/3/?utm_source=dhara1&utm_pubid=d4908ba5-c683-48e4-9324-4a755d8a986c&x-context=wQ2LKQ8MSNM7QHSJ1B6T0VJA&xm=fska.frekxtron.space


Yeah, even more bogus looking.
View user's profile Send private message

Brint Hannay

 

From:
Maryland, USA
Post  Posted 23 Jan 2019 6:19 pm    
Reply with quote

I'm running TM full scan right now. I have MBAM paid version also, and will run that next.
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 23 Jan 2019 6:39 pm    
Reply with quote

That pop-up is for what's known as a Fake Anti-Virus Alert. It is an ad to goad the unsuspecting user into paying to remove the listed viruses. The only virus is that program that launches the pop-up alert. Malwarebytes will find and terminate it. You will need to reboot and scan again to get all of it out.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Mitch Drumm

 

From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 6:45 pm    
Reply with quote

I wouldn't be amused that the paid version of Malwarebytes apparently did not prevent it.
View user's profile Send private message

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 23 Jan 2019 8:26 pm    
Reply with quote

Mitch Drumm wrote:
I wouldn't be amused that the paid version of Malwarebytes apparently did not prevent it.


Some variants of these fake AV alerts are well disguised. In fact, there is a new trick being employed by scammers using Desktop Notifications over the System Tray to peddle crapware and fake security programs. This may even be one of those.

Desktop notifications can be disabled in your browser. It is an advanced option. You normally see a pop-up requesting permission to show these notifications. You can disallow them on a one to one basis, or all at once.

If it is just a browser pop-over alert, it is driven by JavaScript. Disabling JavaScript with the NoScript Add-on puts the kibosh on that crap. Blocking JavaScript is also an option with the uBlock Origin Add-on.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Brint Hannay

 

From:
Maryland, USA
Post  Posted 24 Jan 2019 10:25 am    
Reply with quote

Thanks, Wiz. I have rebooted and run both MBAM and Trend Micro scans, and both came up with 0 threats detected.

I looked into the settings in Firefox (my browser), and found options relating to what they call "Web Push" notifications. Is that what you're referring to as desktop notifications?
View user's profile Send private message Send e-mail


All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories

www.SteelGuitarShopper.com

Please review our Forum Rules and Policies

Steel Guitar Forum LLC
PO Box 237
Mount Horeb, WI 53572 USA


Click Here to Send a Donation

Email admin@steelguitarforum.com for technical support.


BIAB Styles
Ray Price Shuffles for
Band-in-a-Box

by Jim Baron
HTTP