How to Fix: Your Computer is Infected, Call This Number (Scam)

Dennis Faas's picture

Infopackets Reader John P. writes:

" I just upgraded to Windows 10. Yesterday I went to go use the Edge browser, but it immediately opened with window stating that my computer has a serious virus and then asked me to call 866-628-4936 to remove the virus. The whole time the window was open, there was a computer-generated voice speaking to me. I realize this is a scam, but there is no close button to shut it off. I have tried using ccleaner to clear my browser history, ran virus scans, and even used malwarebytes antimalware - but nothing was found out of the ordinary. I have checked several forums but no one apparently has had their browser locked down this tight. Can you help? "

My response:

What you're describing is a very typical website scam. The malware authors purposely make it difficult to close the browser window so it stays open longer than normal, which then scares users into making the call to remove the supposed "virus". The fact is that there is no such virus on your computer and you should certainly not make the phone call, nor hand over your credit card number to "remove" the supposed virus.

Other phone numbers associated with this scam include 1-866-928-0684, 1-866-436-9418, 1-866-978-1337, 1-866-560-5093, 1-866-362-8280, 1-866-453-2895, 1-866-594-0204, and 1-866-582-6865. It's worth noting that the 1-800 number will change as the scam gets shut down by authorities and then starts up again using a new number, but the strategy of the scam itself will remain pretty much the same for whichever 1-800 number it falls under.

Below, I'll explain what to do if you fell for the scam, including how the "Your Computer is Infected" scam got on your computer, and how to remove it from your browser. Also note that the steps I've outlined are a generic approach when resolving an issue like this; additional action may be necessary in severely malware-infected machines.

What to do if You Fell for the Scam

If you fell for the scam and already gave out your credit card number, then you should call your credit card company immediately and tell them what happened and attempt to reverse the charges; you can even reference this page to the credit card company if you need to. It is also advisable to have the credit card company issue you a new credit card (with a new PIN number) so that the scammers can't attempt to rack up more charges on your card later. Note that the phone number to your credit card company is usually printed on the back of your credit card.

How the "Your Computer Is Infected" Scam Gets Onto Your Computer

Oftentimes the "Your Computer is Infected" scam will pop up when you are visiting a less-than-trustworthy website. In your case, however, it sounds like the web browser's home page has become hijacked. Oftentimes if you download something off the Internet it will come bundled with "extras" - it's usually the third-party extras that will cause the problems, such as hijacking your web browser home page. In such a case, the hijacked home page will repeatedly display the scam site each and every time you start the browser.

Step #1: Forcefully Close the Scam Window

As I mentioned earlier, once these scam website pages are displayed, the close or minimize / maximize buttons are removed from the browser page. To close the "Your Computer is Infected" window, do the following:

  1. Press CTRL + ALT + DEL on the keyboard to bring up the Windows Task Manager.
     
  2. Once Task Manager has started, go to the Details tab on Windows 8 and 10 (or Processes tab on Windows 7 and earlier) and click on the Name heading so that the processes are sorted by Name.
     
  3. Look for the name of your web browser in the Names column. If you are using Firefox, then the task name would be firefox.exe; if you were using Chrome, then the task(s) would be labeled as chrome.exe; for Edge the task would be labeled as MicrosoftEdge.exe; for Internet Explorer, the task would be labeled as iexplorer.exe.
     
  4. Using your mouse, left click over top of the browser task name to highlight it, then right click over top of the highlighted task and select "End task". There may be more than one browser task listed; in this case you will need to end them all in order to uninstall any rogue software associated with the browser (described in Step #2 below).

Step #2: Remove the "Your Computer is Infected" Scam from your Browser

Now that the browser window has been forcefully closed, you are now ready to uninstall any potentially unwanted programs (PUPs). It's these programs that are responsible for hijacking your web browser, which also make it impossible to modify your home page settings so that you can prevent the scam site from appearing in the first place. Here are the steps:

  1. Click Start and type in "control panel"; when Control Panel appears in the list, click it.
     
  2. Set the View to Large Icons (if it isn't already), then look for Programs and Features in the list. Double left click Programs and Features to launch it.
     
  3. Maximize the Programs and Features window; look for the heading labeled "Installed on" and click the heading. The most recent programs should now be displayed at the top. If it is not, click the "Installed on" headings again to re-sort the list.
     
  4. Look for any programs that were installed recently in the last week or so. If you see any programs you don't recognize as something you specifically requested as being installed, chances are it is a rogue program. In that case, you can uninstall it. Proceed through the list of installed programs and remove and potentially unwanted software.

    OPTIONAL: If you have any questions as to whether or not one of your installed programs is trustworthy, use another web browser (either installed on your computer or using another computer) and go to Google's website and type in the name of the questionable program, then click the Search button. If you see a lot of pages reporting "how to remove [name of program]", then chances are you have found the rogue program causing the problem.
     
  5. At this point the program causing your browser to become hijacked should be removed from the system. Next, launch your web browser; do not be alarmed if the scam site appears again; this time you should be able to get inside the browser settings to remove the scam site from your home page.

    If you're not sure how to reset the home page for your particular browser, go to Google.com and search for "[name of browser] set homepage" or similar. In this case you can press CTRL + T to open a new tab on the browser to perform the search; if that does not work, then launch another web browser on the computer (if you have one installed). If that doesn't work, then you will have to use another computer to perform the search.
     
  6. Next, go to the browser's add-ons or extensions and disable any add-ons / extensions that you don't recognize. In Firefox (for example), click Tools -> Add-ons, then review both the Extensions and Plugins menus (on the left of the screen) and disable anything that looks suspicious. If in doubt, search Google for the name of the extension / add-on, followed by the name of the browser.
     
  7. You may also want to perform a malware scan of your system. Malwarebytes antimalware is one of my personal favorites for removing malware, and it's free. Tip: don't enable the Pro version of the program if don't intend to pay for it within 30 days, otherwise the program will report itself as being 'unregistered' once the trial expires.

Hope that helps.

Additional 1-on-1 Help: From Dennis

If all of this is over your head, or if you have a severe malware infection, you can contact me for remote desktop support. I can connect to your computer using the Internet and fix the problem for you automatically. You can read more about my remote desktop support service here.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 4.7 (20 votes)

Comments

pdriddell_4818's picture

Excellent write up Dennis. Thanks

swreynolds's picture

The Edge browser default is to open the last window it had open if it was shut down abnormally. So the next time you open it, you will be right back where you started. I had a customer with that problem and it took a registry edit (non trivial) to stop that behavior.

CMDD's picture

On a number of systems I found that the only thing it did was change the default home page to theirs.

So in addition to the fine instructions Dennis gave, be sure to check the default home page.

pm.norris_5513's picture

If your main browser has become infected you'll be in a fix since you can't access Google like you suggest! This backs up the need to have at least two browsers on your machine!

Dennis Faas's picture

If you remove the malware which prevents the browser from being modified then you should be able to control the browser afterward, as suggest in the article. Hint: CTRL + T usually opens up a new tab, allowing you to navigate normally even if you can't access parts of the browser. And yes, having more than one browser is a good idea for cases like this.