How to Fix: Your Computer is Infected, Call This Number (Scam)

Dennis Faas's picture

Infopackets Reader John P. writes:

" I just upgraded to Windows 10. Yesterday I went to go use the Edge browser, but it immediately opened with window stating that my computer has a serious virus and then asked me to call 866-628-4936 to remove the virus. The whole time the window was open, there was a computer-generated voice speaking to me. I realize this is a scam, but there is no close button to shut it off. I have tried using ccleaner to clear my browser history, ran virus scans, and even used malwarebytes antimalware - but nothing was found out of the ordinary. I have checked several forums but no one apparently has had their browser locked down this tight. Can you help? "

My response:

What you're describing is a very typical website scam. The malware authors purposely make it difficult to close the browser window so it stays open longer than normal, which then scares users into making the call to remove the supposed "virus". The fact is that there is no such virus on your computer and you should certainly not make the phone call, nor hand over your credit card number to "remove" the supposed virus.

Other phone numbers associated with this scam include 1-866-928-0684, 1-866-436-9418, 1-866-978-1337, 1-866-560-5093, 1-866-362-8280, 1-866-453-2895, 1-866-594-0204, and 1-866-582-6865. It's worth noting that the 1-800 number will change as the scam gets shut down by authorities and then starts up again using a new number, but the strategy of the scam itself will remain pretty much the same for whichever 1-800 number it falls under.

Below, I'll explain what to do if you fell for the scam, including how the "Your Computer is Infected" scam got on your computer, and how to remove it from your browser. Also note that the steps I've outlined are a generic approach when resolving an issue like this; additional action may be necessary in severely malware-infected machines.

Did You Call the 1-800 Number? If So, Read This!

If you fell for the scam and already gave out your credit card number, then you should call your credit card company immediately and tell them what happened and attempt to reverse the charges; you can even reference this page to the credit card company if you need to. It is also advisable to have the credit card company issue you a new credit card (with a new PIN number) so that the scammers can't attempt to rack up more charges on your card later. Note that the phone number to your credit card company is usually printed on the back of your credit card.

Update 20180908: The scammers have now upped the ante and will install remote access backdoors if you called the 1-800 number and agreed to let them in to "remove the virus" on your machine. If you don't agree to pay them their ransom to "fix" your PC, they will either lock you out of your computer or delete all your files using the remote access backdoors. Also worth noting: if you pay the scammers then reverse the charge with your bank, the scammers are likely going to harass you by phone and if you still don't pay up, they will punish you remotely. Therefore it is critical that these backdoors be removed! I have written an in-depth article on this latest scam, which you can read here. If you need help removing the remote access backdoors, please contact me for assistance.

Update 20190412: After much research (and having been hired by many clients) it seems that Smart PC Experts (, Web Network Experts (, PC Network Experts (, and Right PC Experts ( - which are all the same scam company with different 1-800 numbers - are responsible for pushing many of the fake virus warnings on PCs. If you have let these scammers into your PC, please contact me ASAP or you are going to be at serious risk of having your bank account drained / identity theft / your files deleted, etc. Feel free to read my article explaining the scam in detail.

How the "Your Computer Is Infected" Scam Gets Onto Your Computer

Oftentimes the "Your Computer is Infected" scam will pop up at random, even if you are on a trustworthy website such as

The reason this happens is because the web browser is infected with malware. The infection can come from multiple sources such as malware-laced downloads, or by simply visiting a website that serves up malvertising. Once the web browser becomes infected and will randomly place the fake virus warning on the screen, effectively locking the user out. The only choice to "fix" this (or so it seems) is to call the 1-800 number, where scammers are standing by 24/7 to swindle you out of your hard earned cash.


The instructions below will ONLY tell you how to remove the "Your computer is infected, call this number" popup / voice / warning / fake error message. It does NOT remove the remote access backdoors if you let the scammers into your machine! If you let the scammers into your machine, they can steal your financial information, lock you out of the computer, delete your files, etc. These remote access backdoors MUST BE REMOVED - you have been warned! If that is the case, you are welcome to contact me to remove the remote access backdoors for you. I have already helped over 50 people with this scam and know where to look.

Step #1: Forcefully Close the Scam Window

If you didn't call the 1-800 number and you didn't let the scammers into your machine, but you are still seeing the "virus warning" message appear on your computer, there is a way to get around the "warning" message.

As I mentioned earlier, once these scam website pages are displayed, the close or minimize / maximize buttons are removed from the browser page. To close the "Your Computer is Infected" window, do the following:

  1. Press CTRL + ALT + DEL on the keyboard to bring up the Windows Task Manager.
  2. Once Task Manager has started, go to the Details tab on Windows 8 and 10 (or Processes tab on Windows 7 and earlier) and click on the Name heading so that the processes are sorted by Name.
  3. Look for the name of your web browser in the Names column. If you are using Firefox, then the task name would be firefox.exe; if you were using Chrome, then the task(s) would be labeled as chrome.exe; for Edge the task would be labeled as MicrosoftEdge.exe; for Internet Explorer, the task would be labeled as iexplorer.exe.
  4. Using your mouse, left click over top of the browser task name to highlight it, then right click over top of the highlighted task and select "End task". There may be more than one browser task listed; in this case you will need to end them all in order to uninstall any rogue software associated with the browser (described in Step #2 below).

Step #2: Remove the "Your Computer is Infected" Scam from your Browser

Now that the browser window has been forcefully closed, you are now ready to uninstall any potentially unwanted programs (PUPs). It's these programs that are responsible for hijacking your web browser, which also make it impossible to modify your home page settings so that you can prevent the scam site from appearing in the first place. Here are the steps:

  1. Click Start and type in "control panel"; when Control Panel appears in the list, click it.
  2. Set the View to Large Icons (if it isn't already), then look for Programs and Features in the list. Double left click Programs and Features to launch it.
  3. Maximize the Programs and Features window; look for the heading labeled "Installed on" and click the heading. The most recent programs should now be displayed at the top. If it is not, click the "Installed on" headings again to re-sort the list.
  4. Look for any programs that were installed recently in the last week or so. If you see any programs you don't recognize as something you specifically requested as being installed, chances are it is a rogue program. In that case, you can uninstall it. Proceed through the list of installed programs and remove and potentially unwanted software.

    OPTIONAL: If you have any questions as to whether or not one of your installed programs is trustworthy, use another web browser (either installed on your computer or using another computer) and go to Google's website and type in the name of the questionable program, then click the Search button. If you see a lot of pages reporting "how to remove [name of program]", then chances are you have found the rogue program causing the problem.
  5. At this point the program causing your browser to become hijacked should be removed from the system. Next, launch your web browser; do not be alarmed if the scam site appears again; this time you should be able to get inside the browser settings to remove the scam site from your home page.

    If you're not sure how to reset the home page for your particular browser, go to and search for "[name of browser] set homepage" or similar. In this case you can press CTRL + T to open a new tab on the browser to perform the search; if that does not work, then launch another web browser on the computer (if you have one installed). If that doesn't work, then you will have to use another computer to perform the search.
  6. Next, go to the browser's add-ons or extensions and disable any add-ons / extensions that you don't recognize. In Firefox (for example), click Tools -> Add-ons, then review both the Extensions and Plugins menus (on the left of the screen) and disable anything that looks suspicious. If in doubt, search Google for the name of the extension / add-on, followed by the name of the browser.
  7. You may also want to perform a malware scan of your system. Malwarebytes antimalware is one of my personal favorites for removing malware, and it's free. Tip: don't enable the Pro version of the program if don't intend to pay for it within 30 days, otherwise the program will report itself as being 'unregistered' once the trial expires.

Hope that helps.

Important reminder: if you let the scammers into your machine, you are at SERIOUS risk of: financial or identity theft / having your files deleted / being locked out of the machine / having your bank account(s) drained. The reasoning is that once the scammers have connected to your machine, they install multiple remote access backdoors in order to get back in later to do whatever they want.

Oftentimes scammers will also provide fake "follow up" calls (after they've initially gained access) and tell you that there are more "problems" with their machine; if you don't pay up, they will delete your files remotely, or lock you out of the machine - or worse! If you need help removing the remote access backdoors, please contact me for assistance as I have helped over 50 people with this scam.

Additional 1-on-1 Help: From Dennis

If all of this is over your head, or if you have a severe malware infection, you can contact me for remote desktop support. I can connect to your computer using the Internet and fix the problem for you automatically. You can read more about my remote desktop support service here.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 4.4 (32 votes)


pdriddell_4818's picture

Excellent write up Dennis. Thanks

swreynolds's picture

The Edge browser default is to open the last window it had open if it was shut down abnormally. So the next time you open it, you will be right back where you started. I had a customer with that problem and it took a registry edit (non trivial) to stop that behavior.

CMDD's picture

On a number of systems I found that the only thing it did was change the default home page to theirs.

So in addition to the fine instructions Dennis gave, be sure to check the default home page.

pm.norris_5513's picture

If your main browser has become infected you'll be in a fix since you can't access Google like you suggest! This backs up the need to have at least two browsers on your machine!

Dennis Faas's picture

If you remove the malware which prevents the browser from being modified then you should be able to control the browser afterward, as suggest in the article. Hint: CTRL + T usually opens up a new tab, allowing you to navigate normally even if you can't access parts of the browser. And yes, having more than one browser is a good idea for cases like this.