How to Fix: Your Computer is Infected, Call This Number (Scam)

Dennis Faas's picture

Infopackets Reader John P. writes:

" I just upgraded to Windows 10. Yesterday I went to go use the Edge browser, but it immediately opened with window stating that my computer has a serious virus and then asked me to call 866-628-4936 to remove the virus. The whole time the window was open, there was a computer-generated voice speaking to me. I realize this is a scam, but there is no close button to shut it off. [Other numbers associated with this scam include: 1-866-928-0684, 1-866-436-9418, 1-866-978-1337, 1-866-560-5093, 1-866-362-8280, 1-866-453-2895, 1-866-594-0204, and 1-866-582-6865]. I have tried using ccleaner to clear my browser history, ran virus scans, and even used malwarebytes antimalware - but nothing was found out of the ordinary. I have checked several forums but no one apparently has had their browser locked down this tight. Can you help? "

My response:

What you're describing is a scam that is run by a very large criminal organization in India. These people are pure evil and will do everything they can to take your money with or without your authorization! The scam goes way beyond losing money for fake tech support - they will scam you for thousands of dollars, delete all your files / lock you out of the machine / wire your money to a bank overseas. Read here for more info!

READ VERY CAREFULLY:

  1. If you did not call the phone number and you did not let the scammers into your machine, keep reading. I will describe how to forcefully close these fake virus alert windows so that you can keep using your PC. That said, if the alerts keep re-appearing, it likely means that your machine is infected. Click here to contact me now if you need help removing the infection. Based on my experience, 99.99% of all antivirus and antimalware will not remove these persistent infections - but feel free to try!
     
  2. If you called the 1-800 number, you are at major risk of identity theft / having your bank accounts drained. Please read this article for the most up to date information, as it contains critical information about the scam.

    Update 20200116
    : I'm getting a lot of emails from folks asking for help on this.
    If you want this problem fixed ASAP, send me an email and don't forget to leave your phone number. I will call you back as soon as possible.

Step #1: Forcefully Close the Scam Window

If you didn't call the 1-800 number and you didn't let the scammers into your machine, but you are still seeing the "virus warning" message appear on your computer, there is a way to get around the "warning" message. Note that if your machine is infected, you will likely see these warnings re-appear. In this case, the fix I'm about to describe is only a temporary workaround.

As I mentioned earlier, once these scam website pages are displayed, the close or minimize / maximize buttons are removed from the browser page. To close the "Your Computer is Infected" window, do the following:

  1. Press CTRL + ALT + DEL on the keyboard to bring up the Windows Task Manager.
     
  2. Once Task Manager has started, go to the Details tab on Windows 8 and 10 (or Processes tab on Windows 7 and earlier) and click on the Name heading so that the processes are sorted by Name.
     
  3. Look for the name of your web browser in the Names column. If you are using Firefox, then the task name would be firefox.exe; if you were using Chrome, then the task(s) would be labeled as chrome.exe; for Edge the task would be labeled as MicrosoftEdge.exe; for Internet Explorer, the task would be labeled as iexplorer.exe.
     
  4. Using your mouse, left click over top of the browser task name to highlight it, then right click over top of the highlighted task and select "End task". There may be more than one browser task listed; in this case you will need to end them all in order to uninstall any rogue software associated with the browser (described in Step #2 below).

Step #2: Attempt to Remove the "Your Computer is Infected" Scam from your Browser

Now that the browser window has been forcefully closed, you can attempt to remove the infection using automated software yourself. If this doesn't solve your problem, consider contacting me for help as I can connect to your machine and remove it for you. I can also provide a free 15 minute phone call to discuss and to prove my remote desktop service is legit.

Here are the steps:

  1. Click Start and type in "control panel"; when Control Panel appears in the list, click it.
     
  2. Set the View to Large Icons (if it isn't already), then look for Programs and Features in the list. Double left click Programs and Features to launch it.
     
  3. Maximize the Programs and Features window; look for the heading labeled "Installed on" and click the heading. The most recent programs should now be displayed at the top. If it is not, click the "Installed on" headings again to re-sort the list.
     
  4. Look for any programs that were installed recently in the last week or so. If you see any programs you don't recognize as something you specifically requested as being installed, chances are it is a rogue program. In that case, you can uninstall it. Proceed through the list of installed programs and remove and potentially unwanted software.

    OPTIONAL: If you have any questions as to whether or not one of your installed programs is trustworthy, use another web browser (either installed on your computer or using another computer) and go to Google's website and type in the name of the questionable program, then click the Search button. If you see a lot of pages reporting "how to remove [name of program]", then chances are you have found the rogue program causing the problem.
     
  5. At this point the program causing your browser to become hijacked should be removed from the system. Next, launch your web browser; do not be alarmed if the scam site appears again; this time you should be able to get inside the browser settings to remove the scam site from your home page.

    If you're not sure how to reset the home page for your particular browser, go to Google.com and search for "[name of browser] set homepage" or similar. In this case you can press CTRL + T to open a new tab on the browser to perform the search; if that does not work, then launch another web browser on the computer (if you have one installed). If that doesn't work, then you will have to use another computer to perform the search.
     
  6. Next, go to the browser's add-ons or extensions and disable any add-ons / extensions that you don't recognize. In Firefox (for example), click Tools -> Add-ons, then review both the Extensions and Plugins menus (on the left of the screen) and disable anything that looks suspicious. If in doubt, search Google for the name of the extension / add-on, followed by the name of the browser.
     
  7. You may also want to perform a malware scan of your system, though based on my experience in dealing with this scam for the last 6 years, this may not be effective. Malwarebytes antimalware is one of my personal favorites for removing malware, and it's free. Tip: don't enable the Pro version of the program if don't intend to pay for it within 30 days, otherwise the program will report itself as being 'unregistered' once the trial expires.

Hope that helps.

IMPORTANT: If you keep receiving the scam virus alert popups despite what I've mentioned above, your system may be infected with hard-to-remove malware. If that is the case, you are welcome to contact me for additional 1-on-1 support.

Additional 1-on-1 Help: From Dennis

If all of this is over your head, or if you have a severe malware infection, you can contact me for remote desktop support. I can connect to your computer using the Internet and fix the problem for you automatically. You can read more about my remote desktop support service here.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 4.4 (32 votes)

Comments

pdriddell_4818's picture

Excellent write up Dennis. Thanks

swreynolds's picture

The Edge browser default is to open the last window it had open if it was shut down abnormally. So the next time you open it, you will be right back where you started. I had a customer with that problem and it took a registry edit (non trivial) to stop that behavior.

CMDD's picture

On a number of systems I found that the only thing it did was change the default home page to theirs.

So in addition to the fine instructions Dennis gave, be sure to check the default home page.

pm.norris_5513's picture

If your main browser has become infected you'll be in a fix since you can't access Google like you suggest! This backs up the need to have at least two browsers on your machine!

Dennis Faas's picture

If you remove the malware which prevents the browser from being modified then you should be able to control the browser afterward, as suggest in the article. Hint: CTRL + T usually opens up a new tab, allowing you to navigate normally even if you can't access parts of the browser. And yes, having more than one browser is a good idea for cases like this.