Is Windows Firewall Protection Alert a Scam?
Windows Firewall Protection Alert is a technical support scam. Technical support scam is a type of fraud that uses malicious websites, spam email, fake security alerts and system scan results to lure victims into calling a fraudulent phone number or visiting phishing websites. Scammers try to trick people by claiming to be a professional organization (Microsoft, Apple, etc) – a technical service which helps people fix their computers. According to the FTC, technical support scams can appear as online ads, phishing pages, and pop-up messages.
In this particular case, scammers are posing as tech support specialists from Microsoft. They are attempting to gain control of the computer and with that, they can steal user IDs and passwords, delete or change data, infect the computer with malware, and much more nastiness.
Here’s an example of a technical support scam disguised as Microsoft Windows Security:
QUICK LINKS
- Is Windows Firewall Protection Alert a Scam?
- How to Spot Scams That Mimic the Windows Security?
- Protection
- Removal
The “Windows Firewall Protection Alert” scam in detail
The scam is presented as legitimate, as it resembles the official Microsoft Windows website and the Windows Security interface. Scammers have gone as far as to create a fake Microsoft Windows Spyware Warning in order to add further legitimacy to the scam. It states that “access to this PC has been blocked for security reasons”, the system is infected by a Threat: Trojan Spyware and encourages users to immediately contact Windows Support to report this threat, prevent identity theft and unlock access to this device.
Text presented in the scam:
Windows Firewall Protection Alert
Windows Defender Firewall has blocked some features of Ads.financetrack(1).exe on all public and private networks.! Ads.financetrack(1)exe
Publisher: Unknown
Windows has blocked access to your device for security reasons. Contact Windows Support:
+1 (838)-386-8817
To remedy the issue, the pop-up message encourages victims to call a phone number controlled by scammers. The scammers are trying to trick victims into purchasing fake support services or installing a remote control tool, which they pretend to be a program to diagnose a computer.
VirusTotal flagged a “Windows Firewall Protection Alert” page as malicious:
Technical support scams are designed to abuse users’ trust. Scammers trick users into buying unnecessary software, paying for ‘technical support’, and so on. Under the guise of Microsoft Support, scammers can bring a lot of trouble. For example: steal private information, uninstall legitimate antiviruses and install fake ones, or even malware like trojans, ransomware and spyware.
Attackers can also use this technique to gain bank account details, or passwords to personal accounts such as social media and email. The collected data can be used to make fraudulent purchases and unauthorized transfers. Moreover, the criminals can use stolen email addresses and phone numbers to send spam and malspam (spam emails containing malware or links to malware).
In summary, Windows Firewall Protection Alert is a SCAM! The scam can lead to malware infection, loss of personal data, disclosure of confidential information, financial losses and other serious problems.
Examples of such scams
There are a lot of Technical support scams circulating online. TROJAN_2022 and other viruses detected, Windows Defender Security Center, Pirated Windows Software detected in this Computer, Windows Defender – Security Warning, McAfee Tollfree are other examples of tech support scams.
How to Spot Scams That Mimic the Windows Security?
There are always a few details that can give away a scam. Make sure you know what to look out for.
- If something raises suspicion, it’s better not to click on any links and buttons. Fake Windows Firewall Protection Alert pop-ups have malicious intentions, and you should avoid clicking them at any cost. Scammers use them to trick you into installing malware or harvest your personal information.
- The most obvious way how to spot a fake Microsoft Windows Security alert is finding inconsistencies in domain names. If the alert claims to be from Microsoft, but but the message contains a domain other than Microsoft.com, it’s probably a scam.
- Copy the Microsoft Windows Security alert and search the Internet to see what others say about it.
- If you have the slightest suspicion an alert may be a scam, do not click on the links you see.
- If a pop-up (Windows Firewall Protection Alert) claims that you have a virus and you need to click a link or call to get support, it’s definitely a scam. Be suspicious of alerts that claim you must call or click a link immediately.
Threat Summary
Name | Windows Firewall Protection Alert Scam |
Type | phishing, scam, fake alerts |
Fake claims | Windows has blocked access to your device for security reasons; Windows Defender Firewall has blocked some features of Ads.financetrack(1).exe |
Scammers Phone Numbers | (838)-386-8817, (838)-300-0795 |
Associated web-sites | qlil41.csb.app, 7e0eiw.csb.app |
Distribution | social engineering attack, fake alerts within visited websites, rogue ad networks, PUPs, adware |
Damage | serious privacy issues, financial losses, identity theft, additional malware infections |
Symptoms |
|
Removal | Windows Firewall Protection Alert removal guide |
Where did “Windows Firewall Protection Alert” pop-ups come from?
Usually, such scams are promoted by aggressive and malicious push notifications, shady websites, misleading advertisements, potentially unwanted programs (PUPs) and Adware. Adware is a term that originates from ‘ad software’. In many cases, ‘adware’ is considered by many to be synonymous with ‘malware’. Its purpose is to generate profit for its developer by serving unwanted advertisements to a user while the user is browsing the Internet. These ads are often shown as in-text links, unclosable windows or various offers and deals, push notifications and even fake virus alerts. Adware can work like Spyware, since it sends sensitive information such as searches and trends to advertisers.
Push notifications are originally developed to alert the user of recently published news. Cyber criminals abuse ‘push notifications’ to display unwanted ads. These ads are displayed in the lower right corner of the screen urges users to play online games, visit questionable web-pages, install web browser add-ons & so on.
Here are some examples of the scam notifications:
How to protect against the Windows Firewall Protection Alert scam
To avoid becoming a victim of scammers, it is important to always keep in mind:
- There are no sites capable of detecting security threats.
- Windows Security will never ask you to call a phone number.
- Windows tech support will never ask you to pay for support with gift cards or cryptocurrency.
- Never install software promoted by scam sites and aggressive push notifications, as it can be useless, and besides, it can be dangerous for you and your computer.
- Close the “Windows Firewall Protection Alert” pop-up as soon as it appears on your computer screen. Scammers can prevent you from closing it in various ways. In such cases, close your browser using Task Manager or restart your computer. If the next time you launch the browser, it prompts you to restore the previous session, abandon it, otherwise this scam will reopen on your screen.
- If you think your computer has a virus, install trusted antivirus software, or update your computer’s security software and run a system scan.
- Use an ad blocker when browsing the internet. It can block known scam sites and protect you from scammers.
How to remove Windows Firewall Protection Alert pop-ups
In order to remove scam pop-ups, start by closing any applications and pop ups that are open. If a pop up won’t close, then close your browser (Microsoft Internet Explorer, Google Chrome, Firefox and Edge). If a program won’t close then please restart your PC. Next, follow the steps below.
Remove spam push notifications
As mentioned above, in some cases the source of the Windows Firewall Protection Alert scam is push notifications. You may have accidentally pressed the ALLOW button on one of the scam sites and thus allowed the scammers to send spam notifications to your computer. Below we will show you how to get rid of these notifications.
Google Chrome:
- Click the Menu button (three dots) on the top right hand corner of the Chrome window
- Select ‘Settings’, scroll down to the bottom and click ‘Advanced’.
- In the ‘Privacy and Security’ section, click on ‘Site settings’.
- Go to Notifications settings.
- Find a scam site and click the three vertical dots button next to it, then click on ‘Remove’.
Android:
- Open Chrome.
- In the top right corner, find and tap the Google Chrome menu (three dots).
- In the menu tap ‘Settings’, scroll down to ‘Advanced’.
- Tap on ‘Site settings’ and then ‘Notifications’. In the opened window, locate suspicious URLs and tap on them one-by-one.
- Tap the ‘Clean & Reset’ button and confirm.
Mozilla Firefox:
- In the top-right corner, click the Firefox menu (three horizontal stripes).
- In the drop-down menu select ‘Options’. In the left side select ‘Privacy & Security’.
- Scroll down to ‘Permissions’ section and click ‘Settings…’ button next to ‘Notifications’.
- Find sites you down’t want to see notifications from, click on drop-down menu next to each and select ‘Block’.
- Save changes.
Edge:
- In the top right hand corner, click the Edge menu button (three dots).
- Scroll down, locate and click ‘Settings’. In the left side select ‘Advanced’.
- In the ‘Website permissions’ section click ‘Manage permissions’.
- Click the switch under a scam URL so that it turns off.
Internet Explorer:
- Click the Gear button on the top-right corner of the screen.
- When the drop-down menu appears, click on ‘Internet Options’.
- Click on the ‘Privacy’ tab and select ‘Settings’ in the pop-up blockers section.
- Locate a susupicious URL and click the ‘Remove’ button to delete the domain.
Safari:
- Go to ‘Preferences’ in the Safari menu.
- Open ‘Websites’ tab, then in the left menu click on ‘Notifications’.
- Locate a malicious domain and select it, click the ‘Deny’ button.
Uninstall Adware using Windows Control Panel
In order to remove adware, open Control Panel and check the list of installed applications. For the ones you do not know, run an Internet search to see if they are adware, hijacker or PUPs. If yes, delete them off. Even if they are just a apps that you do not use, then removing them off will increase your computer start up time and speed dramatically.
Windows 7 | Windows 8 |
---|---|
|
|
Windows 10 | Mac OS |
|
|
Remove scam pop ups from Google Chrome
Another solution to get rid of Windows Firewall Protection Alert pop-ups from Chrome is “Reset Google Chrome settings”. This will disable harmful extensions and reset Chrome settings to default values. Keep in mind that resetting your internet browser will not remove your history, bookmarks, passwords, and other saved data.
Open the Google Chrome menu by clicking on the button in the form of three horizontal dotes (). It will open the drop-down menu. Choose More Tools, then click Extensions. You can also type chrome://extensions into Chrome’s address bar.
Examine your list of installed extensions, any that you don’t recognize, you know are malicious or simply want to remove. Click the “Remove” button below the extensions you want to remove. In the pop-up that comes up, click “Remove” once again. The extension box and icon should disappear from the screen.
Open the Google Chrome main menu again, click “Settings”. Click Reset settings and then “Restore settings to their original defaults”.
You need to confirm your action, press the “Reset” button.
Remove scam pop-ups from Firefox
If Firefox settings are hijacked by the adware, your web-browser shows the scam pop-ups, then ‘Reset Mozilla Firefox’ could solve these problems. However, your saved bookmarks and passwords will not be lost. This will not affect your history, passwords, bookmarks, and other saved data.
Start the Mozilla Firefox and click the menu button (it looks like three stacked lines) at the top right of the browser screen. Next, click the question-mark icon at the bottom of the drop-down menu. It will display the slide-out menu.
Select the “Troubleshooting information”. If you’re unable to access the Help menu, then type “about:support” in your address bar and press Enter. It bring up the “Troubleshooting Information” page as displayed on the image below.
Click the “Refresh Firefox” button at the top right of the Troubleshooting Information page. Select “Refresh Firefox” in the confirmation dialog box. The Mozilla Firefox will begin a procedure to fix your problems that caused by adware. When, it is done, click the “Finish” button.
Automatic Removal of Adware
The perfect way to scan your computer for adware is to run a manual virus scan of your system with Malwarebytes, Zemana Anti-Malware or Hitman Pro. These malware scanners can find and remove harmful files and applications on your computer or browser. They have malware protection for your computer. These malware removal tools work in combination with the other security features that Windows OS offers.
Use MalwareBytes AntiMalware to remove Adware
We recommend using MalwareBytes that will completely remove Adware and help you get rid of the Windows Firewall Protection Alert pop-ups. Moreover, this antivirus program can block attacks that use malicious payloads and scripts, detect and uninstall spyware, trojans, PUPs, toolbars browser hijackers that your computer can be infected too.
- Visit the following page to download MalwareBytes. Save it directly to your Windows Desktop.
Malwarebytes Anti-malware
326462 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- Once the download is complete, close all applications and windows on your computer. Open the file location. Double-click the icon named MBsetup.
- Choose “Personal computer” option and click Install button. Follow the prompts.
- Once the installation is complete, click on the “Scan” button to search for adware related to the Windows Firewall Protection Alert scam. This process can take quite a while, so be patient.
- After the scan, make sure all of detected threats are checked and click “Quarantine”. Your PC may need to reboot.
The following video demonstrates how to use MalwareBytes to remove adware, browser hijackers and other malware.
Use Zemana Anti-Malware to remove Adware
Zemana Anti-Malware is a malware removal tool designed for Windows OS. This utility will help you remove adware, various types of malware (including hijackers and PUPs) from your PC for free. It has simple and user friendly interface. While the Zemana AntiMalware does its job, your PC will run smoothly.
- Visit the page linked below to download the latest version of Zemana for Microsoft Windows. Save it directly to your Desktop.
Zemana AntiMalware
164112 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- Once you have downloaded the install file, make sure to double click on the Zemana.AntiMalware.Setup. This would start the Zemana installation on your personal computer.
- Select install language and click ‘OK’ button.
- On the next screen ‘Setup Wizard’ simply press the ‘Next’ button and follow the prompts.
- Finally, once the install is complete, Zemana will run automatically. Else, if does not then double-click on the Zemana icon on your desktop.
- After you have opened the Zemana Anti-Malware, you will see a window as on the image below, just press ‘Scan’ button to detect adware.
- Now pay attention to the screen while Zemana scans your computer.
- When that process is done, Zemana Anti-Malware will display you the scan results. Review the results once the utility has done the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click ‘Next’ button.
- Zemana AntiMalware may require a reboot computer in order to complete the adware removal procedure.
- If you want to permanently delete adware from your personal computer, then press ‘Quarantine’ icon, select all malicious software, adware, potentially unwanted software and other threats and press Delete.
- Reboot your PC to complete the adware removal procedure.
Remove adware and malicious extensions with HitmanPro
If the “Windows Firewall Protection Alert” pop-ups issue persists, run the Hitman Pro and check if your computer is infected by adware. Hitman Pro is a downloadable security utility that provides on-demand scanning and helps remove adware, potentially unwanted software, and other malicious software. It works with your existing anti-virus.
First, visit the following page, then click the ‘Download’ button in order to download the latest version of Hitman Pro.
Download and use Hitman Pro on your computer. Once started, click “Next” button for scanning your personal computer for the adware software related to the Windows Firewall Protection Alert pop-ups. A scan may take anywhere from 10 to 30 minutes, depending on the number of files on your PC and the speed of your computer. When a malware, adware or PUPs are detected, the number of the security threats will change accordingly. Wait until the the scanning is done..
After the scan is done, Hitman Pro will open you the results.
When you are ready, click “Next” button. It will display a prompt, click the “Activate free license” button to start the free 30 days trial to remove all malware found.
How to stop Windows Firewall Protection Alert pop-ups
By installing an ad blocking program such as AdGuard, you are able to block the Windows Firewall Protection Alert pop-ups, stop autoplaying video ads and remove a huge count of distracting and unwanted ads on web-sites.
AdGuard can be downloaded from the following link. Save it on your Desktop.
26658 downloads
Version: 6.4
Author: © Adguard
Category: Security tools
Update: November 15, 2018
After downloading it, start the downloaded file. You will see the “Setup Wizard” screen as shown in the figure below.
Follow the prompts. When the installation is done, you will see a window as on the image below.
You can press “Skip” to close the install program and use the default settings, or click “Get Started” button to see an quick tutorial that will allow you get to know AdGuard better.
In most cases, the default settings are enough and you do not need to change anything. Each time, when you launch your personal computer, AdGuard will start automatically and stop unwanted ads, block the Windows Firewall Protection Alert scam, as well as block harmful or misleading web-sites. For an overview of all the features of the program, or to change its settings you can simply double-click on the AdGuard icon, that can be found on your desktop.
Finish Words
We hope this article helped you learn more about the Windows Firewall Protection Alert Scam and avoid the scammers. If you have questions or additional information for our readers, please leave a comment.