What is Windows Defender – Security Warning SCAM?
Windows Defender – Security Warning is a technical support scam in which cybercriminals use social engineering tactics to trick users into unnecessary technical support services to supposedly fix computer or Windows OS problems that don’t exist. Victims are encouraged to pay for unnecessary services and software, or even provide remote access to their computer. Most often, scammers ask victims to pay by wire transfer, put money on a gift card, prepaid card or use a money transfer app because such payments are difficult to reverse.
Users can stumble onto sites with the Windows Defender – Security Warning scam just by entering a misspelled web address. Users can also be redirected to such scams by malvertising (malicious advertisements), Adware and potentially unwanted programs (PUPs). The technical support scam is often hosted using Google, Amazon, CloudFront and other cloud services. This is not the first time that scammers/cyber criminals have used legitimate cloud services for malicious purposes.
When users land on the sites running the “Windows Defender – Security Warning” scam, a pop-up window opens informing that access to the computer is blocked because it is infected with a Trojan-Spyware. Personal information (mail credentials, banking passwords, facebook logins, pictures & documents) has been compromised.
To restore access to the computer, the scam requires users to call the specified number. The scammers behind this scam try to trick users into purchasing fake support services or installing a remote control tool, which they pretend to be a program to diagnose a computer. It is important to understand that having access to a computer, scammers can steal private information and personal files, install malware (spyware, ransomware or Trojan horses), make fraudulent purchases.
Text presented in the scam:
Windows-Defender – Security Warning
** ACCESS TO THIS PC HAS BEEN BLOCKED FOR SECURITY REASONS **
Your computer has alerted us that it has been infected with a Trojan Spyware. The following data has been compromised.
> Email Credentials
> Banking Passwords
> Facebook Login
> Pictures & Documents
Windows-Defender Scan has found potentially unwanted Adware on this device that can steal your passwords, online identity, financial information, personal files, pictures or documents.
You must contact us immediately so that our engineers can walk you through the removal process over the phone.
Call Windows Support immediately to report this threat, prevent identity theft and unlock access to this device.
Closing this window will put your personal information at risk and lead to a suspension of your Windows Registration.
Call Windows Support: +1-571-385-1696 (Security Helpline)
Technical support scams can be used to gain bank account details, or passwords to personal accounts such as social media and email. The collected data can be used to make fraudulent purchases and unauthorized transfers. Moreover, the criminals can use stolen email addresses and phone numbers to send spam and malspam (spam emails containing malware or links to malware).
In summary, the scam can lead to malware infection, loss of personal data, disclosure of confidential information, financial losses and other serious problems.
“Windows Defender – Security Warning” Scam Examples
“Windows Defender – Security Warning” Fake Alerts
A fake alert (Windows Defender Security Center):
Text presented in the fake alert:
Windows Defender Security Center
Threat Detected: Trojan Spyware
Access to this PC has been blocked for security reasons.
Contact Windows Support: +1-571-385-1696 (Security Helpline)
A fake alert (Windows Firewall Protection):
Windows Firewall Protection
Trojan Spyware Alert – Error Code: #0x898778
Access to this PC has been blocked for security reasons.
Contact Windows Support: +1-(888)-351-4098
Threat Detected – Trojan Spyware
Run Anyway Back to Safety
|Name||Windows Defender – Security Warning|
|Type||technical support scam, phishing, fake alerts|
|Fake claims||Trojan Spyware Alert – Error Code: #0x898778, Access to this PC has been blocked for security reasons, Your computer has alerted us that it has been infected with a Trojan Spyware, Ads.BrowserObject(2).dll Threat Detected|
|Scammers Phone Numbers||+1 (571) 385-1696, +1 (888) 351-4098, +1 (888) 608-2509, +1 (877) 768-8844, +1-(888)-351-4098, +1-(833)-930-2284, +1-(805)-510-7708|
|Scammers websites||notification-book-subs.xyz, support-helpline-online-xyz-dot23.info, aycbbcs.tk, ur25bundling.ga, vigorous-driscoll.206-189-132-43.plesk.page|
|Removal||Windows Defender – Security Warning removal guide|
Where did Windows Defender – Security Warning pop-ups come from?
Usually, users end up on “Windows Defender – Security Warning” and similar scams by going to a misspelled URL or, clicking on a fake link from push notifications and spam emails. In addition, they can be redirected to this scam by malicious advertisements (malvertising) and Adware.
Push notifications are originally developed to alert the user of recently published news. Cyber criminals abuse ‘push notifications’ to display annoying ads. These ads are displayed in the lower right corner of the screen urges users to play online games, visit questionable web-pages, install web browser add-ons & so on.
Adware also known as ‘adware software’ covers malicious programs which are specifically designed to display unwanted ads in form of pop ups, discount offers, promos or even fake alerts on the computer. Adware can seriously affect your privacy, your computer’s performance and security. Adware can be installed onto your computer without your knowledge.
Most of unwanted advertisements and pop-ups come from browser toolbars and/or addons, BHOs (browser helper objects) and optional software. Most often, these items claim itself as applications which improve your experience on the World Wide Web by providing a fast and interactive startpage or a search provider that does not track you. Remember, how to avoid unwanted programs. Be cautious, run only reputable programs which download from reputable sources. NEVER install any unknown and questionable apps.
Technical Support Scam examples
Microsoft Windows Virus Alert, Firewall Spyware Alert, McAfee Tollfree, YOU ARE USING WINDOWS With Pre-installed Norton are other technical support scams. There are many sites on the Internet that promote technical support scams. The “technical support scam” sites should never be trusted, they should be closed as soon as they appear on the screen.
How to protect against “Windows Defender – Security Warning” scam
To avoid becoming a victim of scammers, it is important to always keep in mind:
- There are no websites that can detect security problems.
- Windows Defender Security pop-up warnings will never ask you to call a phone number.
- Microsoft tech support will never ask you to pay for support with gift cards or cryptocurrency.
- Never install software promoted by scam sites, as it can be useless, and besides, it can be dangerous for you and your computer.
- Close “Windows Defender – Security Warning” as soon as it appears on your computer screen. Scammers can prevent you from closing it in various ways. In such cases, close your browser using Task Manager or restart your computer. If the next time you launch the browser, it prompts you to restore the previous session, abandon it, otherwise this scam will reopen on your screen.
- Use an ad blocker when browsing the internet. It can block known scam sites and protect you from scammers.
- If you think your computer has a virus, install trusted antivirus software, or update your computer’s security software and run a system scan.
How to remove Windows Defender – Security Warning pop-ups (Removal guide)
Fortunately, we have an effective method to help you manually and/or automatically get rid of the Windows Defender – Security Warning pop-up scam and bring your Internet browser settings to normal. Below you will find a removal guide with all the steps you may need to successfully get rid of adware and its traces. Some of the steps below may require you to close this website. So please read the steps carefully, then bookmark it or open it on your smartphone for later reference.
To remove Windows Defender – Security Warning, execute the steps below:
- Uninstall adware software through the Windows Control Panel
- Reset Mozilla Firefox settings
- Reset Chrome settings
- Automatic Removal of Windows Defender – Security Warning pop-ups
- How to Stop Windows Defender – Security Warning pop-ups
Looking for a way to remove scam pop-ups manually without installing any removal tools? Then this section of the blog post is just for you. Below are a few simple steps you can take. Performing these steps requires basic knowledge of Internet browser and Windows setup. If you are in doubt that you can follow them, it is better to use the free software listed below, which can help you remove adware and get rid of scam pop-ups.
Uninstall adware software through the Windows Control Panel
First of all, check the list of installed apps on your computer and uninstall all unknown and recently installed applications. If you see an unknown app with incorrect spelling or varying capital letters, it was most likely installed by malware and you should first remove it with a malware removal tool such as Zemana Anti- Malware.
|Windows 7||Windows 8|
|Windows 10||Windows 11|
Reset Mozilla Firefox settings
If the Firefox browser is redirected to the Windows Defender – Security Warning scam and you want to restore the Firefox settings back to their original state, then you should follow the steps below. Your saved bookmarks, form auto-fill information and passwords won’t be cleared or changed.
Start the Mozilla Firefox and press the menu button (it looks like three stacked lines) at the top right of the internet browser screen. Next, click the question-mark icon at the bottom of the drop-down menu. It will show the slide-out menu.
Select the “Troubleshooting information”. If you’re unable to access the Help menu, then type “about:support” in your address bar and press Enter. It bring up the “Troubleshooting Information” page as shown on the screen below.
Click the “Refresh Firefox” button at the top right of the Troubleshooting Information page. Select “Refresh Firefox” in the confirmation dialog box. The Mozilla Firefox will begin a process to fix your problems that caused by the adware. After, it’s finished, press the “Finish” button.
Reset Chrome settings
This step will show you how to reset Google Chrome browser settings to default values. This can help to get rid of the Windows Defender – Security Warning pop-ups and fix some browsing issues, especially after adware infection. When using the reset feature, your personal information like passwords, bookmarks, browsing history and web form auto-fill data will be saved.
First launch the Google Chrome. Next, click the button in the form of three horizontal dots ().
It will open the Chrome menu. Select More Tools, then click Extensions. Carefully browse through the list of installed add-ons. If the list has the addon signed with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following steps: Remove Google Chrome extensions installed by enterprise policy.
Open the Chrome menu once again. Further, press the option called “Settings”.
The web browser will show the settings screen. Another way to display the Chrome’s settings – type chrome://settings in the browser adress bar and press Enter
Scroll down to the bottom of the page and click the “Advanced” link. Now scroll down until the “Reset” section is visible, as on the image below and click the “Reset settings to their original defaults” button.
The Chrome will show the confirmation dialog box like below.
You need to confirm your action, press the “Reset” button. The browser will run the task of cleaning. When it is done, the web-browser’s settings including new tab, start page and search provider by default back to the values that have been when the Google Chrome was first installed on your computer.
Automatic Removal of Windows Defender – Security Warning pop-ups
If the Windows Defender – Security Warning popups are still there, the situation is more serious. But do not worry. There are several tools which are created to detect and remove adware from your browser and computer. If you are searching for a free way to remove adware, then MalwareBytes Anti-Malware (MBAM) is a good option. Also you can get Hitman Pro and Zemana AntiMalware. Both programs also available for free unlimited scanning and for removal of found malicious software, adware software and potentially unwanted apps.
MalwareBytes AntiMalware is a malware scanner that is very effective at detecting and removing adware that causes the Windows Defender – Security Warning pop-ups in your browser. The steps below explain how to download, install, and use MalwareBytes to scan and remove malicious software, spyware, adware, potentially unwanted applications, hijackers from your computer for free.
First, click the link below, then click the ‘Download’ button in order to download the latest version of MalwareBytes Anti-Malware.
Category: Security tools
Update: April 15, 2020
Once the downloading process is done, run it and follow the prompts. Once installed, MalwareBytes AntiMalware will try to update itself and when this procedure is finished, press the “Scan” button to perform a system scan with this tool for the adware related to the Windows Defender – Security Warning scam. Depending on your computer, the scan may take anywhere from a few minutes to close to an hour. When a threat is detected, the number of the security threats will change accordingly. Wait until the the scanning is done. You can remove items (move to Quarantine) by simply press “Quarantine” button.
MalwareBytes Anti Malware is a free removal tool that you can use to remove all detected folders, files, services, registry entries and so on. To learn more about this malicious software removal tool, we recommend you to read and follow the guide or the video guide below.
If you’re having trouble removing the Windows Defender – Security Warning pop-ups, try Zemana. This is a malware removal tool that can help clean up your computer and improve its speed for free. Find out more below.
- Installing Zemana is simple. First you will need to download it by clicking on the following link. Save Zemana to your Desktop so that you can access the file easily.
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- At the download page, click on the Download button. Your web-browser will show the “Save as” dialog box. Please save it onto your Windows desktop.
- Once downloading is done, please close all programs and open windows on your computer. Next, launch a file named Zemana.AntiMalware.Setup.
- This will launch the “Setup wizard” of Zemana AntiMalware onto your computer. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the Zemana AntiMalware will open and display the main window.
- Further, click the “Scan” button to locate adware related to the Windows Defender – Security Warning scam. A scan may take anywhere from 10 to 30 minutes, depending on the number of files on your computer and its speed. When a threat is detected, the number of the security threats will change accordingly. Wait until the the scanning is finished.
- Once the scan is finished, Zemana Anti-Malware will produce a list of unwanted apps and adware.
- Next, you need to click the “Next” button. The utility will start to remove adware which causes scam pop-ups. After disinfection is finished, you may be prompted to restart the PC.
- Close Zemana and continue with the next step.
How to Stop Windows Defender – Security Warning pop-ups
If you want to remove intrusive ads, browser redirects and pop-ups, then install an ad-blocker program such as AdGuard. It can block Windows Defender – Security Warning scam, stop unwanted advertisements, pop-ups and block web-sites from tracking your online activities when using Google Chrome, Microsoft Edge, Microsoft Internet Explorer and Firefox. So, if you like surf the Internet, but you don’t like unwanted advertisements and want to protect your PC from malicious web-pages, then AdGuard is your best choice.
- First, click the link below, then click the ‘Download’ button in order to download the latest version of AdGuard.
Author: © Adguard
Category: Security tools
Update: November 15, 2018
- After downloading it, launch the downloaded file. You will see the “Setup Wizard” program window. Follow the prompts.
- Once the installation is finished, press “Skip” to close the installation program and use the default settings, or click “Get Started” to see an quick tutorial which will allow you get to know AdGuard better.
- In most cases, the default settings are enough and you don’t need to change anything. Each time, when you start your device, AdGuard will launch automatically and stop unwanted ads, block the Windows Defender – Security Warning scam, as well as other harmful or misleading webpages. For an overview of all the features of the program, or to change its settings you can simply double-click on the icon called AdGuard, which is located on your desktop.
We hope this article helped you learn more about the Windows Defender – Security Warning Scam and avoid the scammers’ tricks. If you have questions or additional information for our readers, please leave a comment.