Windows Defender Security System warning - how did it get through

[KPG]

I received a dire warning, accompanied by a recording, on my laptop warning me not to turnoff my computer and to call a 'Windows" number to fix. How was this able to get through my Malwarebytes protection? It's impossible to call you, by the way, for a neophyte like myself. I was attempting to access a website called clockify.me (url screenshot attached).

[KPG]

These are the images I captured while listening to the recorded warning.

[Porthos]

15 minutes ago, KPG said:

How was this able to get through my Malwarebytes protection?

Do you have browser guard installed as well?

 

16 minutes ago, KPG said:

It's impossible to call you, by the way, for a neophyte like myself.

We do not have phone support. 

Please do the following so that we may take a closer look at your system for any possible infections.

Please restart the computer and do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Desktop or on the hidden Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply
  
   

Thank you

[KPG]

mbst-grab-results.zip

[KPG]

Additionally, I was unable to run the support tool because I couldn't gt past the 'do you have an open ticket' window, since there isn't a ticket number. so, I skipped to Advanced to gather the logs.

[Maurice Naggar]

Hello @KPG  I will review your report amd will have more for you, later. The visual and audio recording you encountered are SCAMS. They are engineered ro try to "lure" you into a SCAM. No real legitimate company would have such "displays". And certainly NOT with a request to call by telephone. That is clue # 1 of a fake 'support scam'.

Edited October 26, 2023 by Maurice Naggar

[Maurice Naggar]

• Do these 2 steps so that ALL folders & Files are set to SHOW, plus also, Turn OFF Windows Fast start.
  1. Show-Hidden-Folders-Files-Extensions
  https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/

  2. Disable-Fast-Startup
  https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

3. The last Malwarebytes scan reported no malware present. I would like you to do what follows.

First some housekeeping, and then one Scan.  There will be more later after all this.
Start Malwarebytes. Click Settings ( gear ) icon. Next, let us make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

• now Click the General tab.
• Under Application updates, click the Check for updates button.

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes scan

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

[Maurice Naggar]

The screen-display alleging to be from "Windows Defender Security Center" is a total fake. A complete SCAM. A fake display. Do not be fooled by what it claims. Plus that phone number is for a scammer outfit.

These days, "fake tech support scams" are rare. I am listing a big section of tips on how to deal with this type of scam display. Do yourself a favor, and make a note of all this. 

Cleaning the browser history removes the pop-up. ( tips below ).

Tech support scammers use fake warnings and lie about the state of your computer to frighten you into calling them & then flim-flam you into a so called cleanup or perhaps, some maintenance scam.

Getting rid of bogus screen (s)

 

Look at the very topmost right corner of the browser itself.
I mean the one for Chrome or Firefox or Edge browser itself ( or matter of fact any browser).
Move the mouse pointer over the X at the very far right-top corner and click that.
That will close the browser and its display and the audio too ( if any).

 

You could also use Alt-key + F then click on Exit.

.

Other ways available, if the one above is not a success.
You can easily use keyboard key-press shortcuts to get rid of the false pages displayed. ( see below). And if there is any video with this, it will stop when the page is closed.

 

When this fake is in the foreground and in a web browser, there are many ways to get it off the screen.
I would suggest to do a few keyboard presses to get rid of the windows on-screen.

 

press and hold CTRL key on keyboard and then tap W key. CTRL + W 
 
That should close the Tab page of the web browser in the foreground.
You can repeat as needed.

 

Every web browser will recognize the CTRL+W key-presses as a "close this window" command.

.

.

Other ways to get rid of screen:
Press and hold ALT-key on keyboard and then tap the F4 function key a to get the foreground windows closed and done away with. ( repeat use of ALT + F4 sequence). 


ALT + F4 is especially helpful against the smaller window ( if any) that is up in front.
If your machine is a notebook or laptop, you should depress and hold the ALT + FN (function key) + F4 keys.

ALT + HOME key on the keyboard will put your browser page back onto your prior choice for Home page. That easily deals with the bigger full page displayed.
Then while still in the web browser, press and hold SHIFT + CTRL + DELete keys to start the process to delete all browser cache & history.

---

Other ways to get rid of the bogus display are listed below:

There is always the ability to end the web-browser program thru using Windows' Task Manager applet.
Click the Start button and type: 
taskmgr.exe
and then press Enter. 
( or you can press and hold CTRL-key on keyboard + ALT-key +DELETE key to get Task Manager option).

In the processes tab, find the process for whichever browser you are running: 
_iexplore.exe, firefox.exe, chrome.exe, MicrosoftEdge.exe, MicrosoftEdgeCP.exe_ and then click _End Process_ or _Terminate_.

---

 

[  Clearing all web Cache & History on each web browser  ]

Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* 
and do that for each of your web browser programs.
https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/

Edited October 26, 2023 by Maurice Naggar

[KPG]

Thank you! I've made it through all steps up to & including the scan, reporting no threats. Moving forward with the browsing history.

[KPG]

Maurice, thank you so much for your help and all of the instructions, which I've printed for future use. It's hard to imagine how a person would know to look for a forum like this if their screen is telling them that they can't use their computer. I did end up closing the browser when I had no luck contacting Malwarebytes through my phone web search and decided to try the icon on my laptop....which brought me here. I hope this experience helps others!

[Porthos]

@KPG While you are waiting for Maurice, please consider adding Ublock Origin to your browsers as well. It works well along Malwarebytes Browser Guard and increases protection from the screen you saw.

Edited October 26, 2023 by Porthos

[Maurice Naggar]

@KPG 
AdBlocker Ultimate Sync by AdAvoid Ltd is flagged by the Farbar FRST report-tool.. Needs to be uninstalled.
1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run box-window.
2. Type

appwiz.cpl

and tap Enter.
The Programs and Features window will appear.   Locate on the list "
AdBlocker Ultimate Sync".

Do a right-click on it.  Then choose Uninstall.   Let it proceed.

Exit Programs and Features, when done.
Now do a Windows Restart.

Stick around here, with me. This machine needs extra help as regards Microsoft Windows Update. I can help you later. Stick with me.
Alsp, there are Lots more I can say about "fake scam screens". But look. Get more acquainted with Windows' built-in keyboard shortcuts.
Also, I hope you have learned how to judge windows displayed on a web browser that are total nonsense / total fakes.
Screens on your web browser like you had seen.....totally bogus.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks