Solved

Microsoft Edge Virus/Spyware Issue

  • 2 February 2016
  • 4 replies
  • 185 views

 
Has anyone had an issue with Microsoft Edge contracting a Virus'Spyware in which a page appears and locks you ot and a voice comes over the speakers stating you have a virus and you must call 1-844-229-8903 claiming it is microsoft support?
 
Webroot did not stop it.  I need help!!
 
Thanks
icon

Best answer by Jasper_The_Rasper 29 October 2017, 19:43

View original

4 replies

Userlevel 7
Badge +62
Hello tbeau003,
 
Welcome to the Webroot Community,
 
THIS IS A SCAM!!  Neither Microsoft nor any other company sends emails, pop ups, or phone calls of any kind advising that you may have a problem.
 
If you are seeing random a “Your Computer May Have (3) Virus” pop-up and asking you to call a phone number to fix your PC, then your computer is infected with an adware.
 
What you are seeing and describing sounds like it may be what we on the Community refer to as a PUA. (Potentially Unwanted Application) These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
For those that are not detected by WSA, please see this KB Article. It has some easy to follow directions on locating and removing PUA's. You may also want to submit a Trouble Ticket, especially if you cannot remove it easily from the directions in the KB Article.
 
For those that ARE detected by WSA, but cannot be removed automatically, you can submit a Trouble Ticket.  Webroot Support will help you get these annoying 'crapware' off your computer at no extra charge, and the additional examples may help to better automatic removal of that particular PUA for all users in the future.
 
 
Hope thgis helps!
 
 
I have the same problem and its saying in a computer generated voice, that the error number is 2836D
Userlevel 7
Badge +54
Welcome the Community @
 
If you want to you can get Support to check over your system which is free for current subscription holders  here  Support.
 
In the mean time there is good advice here:
 
 


 
THIS IS A SCAM!!  Neither Microsoft nor any other company sends emails, pop ups, or phone calls of any kind advising that you may have a problem.
 
If you clicked on any links, allowed them to remote into your computer, or went to any websites please Submit a Support Ticket ASAP.  (Now would be a good idea....)
 
If you would like more information, read on (After submitting that Trouble Ticket.....)
 
NEWS ARTICLE: Tech Support Scams are on the rise.
 
 
Microsoft never issues this type of warning or email or anything of a sort!  Please see the following link for Microsoft's official word on this: https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams.aspx
 
"Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
 
Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
 
Once they've gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable."
 
Also see Avoid scams that use the Microsoft name fraudulently: https://www.microsoft.com/en-us/safety/online-privacy/msname.aspx

 
 For more information here's what the United States Federal Trade Commission has to say on the subject::
http://www.consumer.ftc.gov/articles/0346-tech-support-scams
 
"In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they've detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don't need.
 
These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it's important to install security software. But the purpose behind their elaborate scheme isn't to protect your computer; it's to make money."
 
This scam is common and has been around for quite a while.  Here is a good Webroot Blog article from April 2013 by Threat Researcher Roy Tobin.
http://www.webroot.com/blog/2013/04/30/fake-microsoft-security-scam/
 
Also add a good free Ad Blocker like the ones suggested below:
 
For Internet Explorer Ad Block Plus: https://adblockplus.org/
 
For Firefox uBlock Origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=ss or Privacy Badger: https://addons.mozilla.org/en-us/firefox/addon/privacy-badger-firefox/

 
Google Chrome uBlock Origin: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en or Privacy Badger: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
 
Thanks,
JtR
Its not an issue with microsoft edge. You getting this messages due to an installed malware on your pc that connects to a C2server giving controls to access this malicious link, it's a social engineering skills adopted by attacker whereby the attacker acts like a microsoft agent/system support seeking to help you remove this adware. If you call this numbers which is mostly received by female indians, this fake microsoft corps tend to fix your pc. As a tech guy, most of the acts they display seems stupid to me as they request to connect remotely via a RDpWebPortal, then they do some event logging showing your some events tagged as dangerous. They suggest you need a malware removal or Os cleanup which costs some amount of money, in some cases dey install ransomeware malware into your system which encrypts your file. 

Reply