| Visit Our Catalog at SteelGuitarShopper.com |

Post new topic Windows Defender alert--real or phony?
Reply to topic
Author Topic:  Windows Defender alert--real or phony?
Brint Hannay


From:
Maryland, USA
Post  Posted 23 Jan 2019 5:37 pm    
Reply with quote

I just encountered a very real-looking "Windows Defender Security Center" alert claiming my computer is infected with 5 viruses. It alleges that my "anti-virus software subscription has expired." I have Trend Micro Maximum Security and, checking with the main TM console, it has NOT expired.

My understanding is that activating TM automatically disables Windows Defender, and I have checked and WD says it is disabled.

What am I to make of this? I am very skeptical, to put it mildly.

I attach a screenshot of the alert screen. I have not clicked on the "Renew Now" button!
View user's profile Send private message Send e-mail
Mitch Drumm


From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 5:59 pm    
Reply with quote

I say it's bogus.

Grammatical errors are a common indicator of a fake.

Windows is NOT capitalized where it should be if it were legitimately from Microsoft/Windows Defender.

Likewise, exclamation points to heighten your anxiety is another reason to question it!!!!!!!!

You'd think they'd have these "warnings" proofread by a native English speaker with some sense of proper usage, but they never seem to get to that point.

I'm willing to be proven wrong here, but I've got major doubts.
View user's profile Send private message
Brint Hannay


From:
Maryland, USA
Post  Posted 23 Jan 2019 6:07 pm    
Reply with quote

Me too.
note url below. "securitys-shieldso"? and all that other stuff
http://windowsappcenter.securitys-shieldso.pw/3/?utm_source=dhara1&utm_pubid=d4908ba5-c683-48e4-9324-4a755d8a986c&x-context=wQ2LKQ8MSNM7QHSJ1B6T0VJA&xm=fska.frekxtron.space
View user's profile Send private message Send e-mail
Mitch Drumm


From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 6:13 pm    
Reply with quote

Run some other stuff to see if you can find any malware.

Malwarebytes maybe.

Malwarebytes.org

https://www.eset.com/int/home/online-scanner/
View user's profile Send private message
Mitch Drumm


From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 6:14 pm    
Reply with quote

Brint Hannay wrote:
Me too.
note url below. "securitys-shieldso"? and all that other stuff
http://windowsappcenter.securitys-shieldso.pw/3/?utm_source=dhara1&utm_pubid=d4908ba5-c683-48e4-9324-4a755d8a986c&x-context=wQ2LKQ8MSNM7QHSJ1B6T0VJA&xm=fska.frekxtron.space


Yeah, even more bogus looking.
View user's profile Send private message
Brint Hannay


From:
Maryland, USA
Post  Posted 23 Jan 2019 6:19 pm    
Reply with quote

I'm running TM full scan right now. I have MBAM paid version also, and will run that next.
View user's profile Send private message Send e-mail
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 23 Jan 2019 6:39 pm    
Reply with quote

That pop-up is for what's known as a Fake Anti-Virus Alert. It is an ad to goad the unsuspecting user into paying to remove the listed viruses. The only virus is that program that launches the pop-up alert. Malwarebytes will find and terminate it. You will need to reboot and scan again to get all of it out.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Mitch Drumm


From:
Frostbite Falls, hard by Veronica Lake
Post  Posted 23 Jan 2019 6:45 pm    
Reply with quote

I wouldn't be amused that the paid version of Malwarebytes apparently did not prevent it.
View user's profile Send private message
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 23 Jan 2019 8:26 pm    
Reply with quote

Mitch Drumm wrote:
I wouldn't be amused that the paid version of Malwarebytes apparently did not prevent it.


Some variants of these fake AV alerts are well disguised. In fact, there is a new trick being employed by scammers using Desktop Notifications over the System Tray to peddle crapware and fake security programs. This may even be one of those.

Desktop notifications can be disabled in your browser. It is an advanced option. You normally see a pop-up requesting permission to show these notifications. You can disallow them on a one to one basis, or all at once.

If it is just a browser pop-over alert, it is driven by JavaScript. Disabling JavaScript with the NoScript Add-on puts the kibosh on that crap. Blocking JavaScript is also an option with the uBlock Origin Add-on.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Brint Hannay


From:
Maryland, USA
Post  Posted 24 Jan 2019 10:25 am    
Reply with quote

Thanks, Wiz. I have rebooted and run both MBAM and Trend Micro scans, and both came up with 0 threats detected.

I looked into the settings in Firefox (my browser), and found options relating to what they call "Web Push" notifications. Is that what you're referring to as desktop notifications?
View user's profile Send private message Send e-mail

All times are GMT - 8 Hours
Jump to:  
Please review our Forum Rules and Policies
Our Online Catalog
Strings, CDs, instruction, and steel guitar accessories
www.SteelGuitarShopper.com

The Steel Guitar Forum
148 S. Cloverdale Blvd.
Cloverdale, CA 95425 USA

Support This Forum



BIAB Styles
Ray Price Shuffles for Band-in-a-Box
by Jim Baron