virus

Microsoft Scam


How irritating is this problem? (5 votes, average: 5.00)

Loading...

This page aims to help you identify and remove any Microsoft Scam. Our Microsoft Scam removal instructions work for every version of Windows.

The Microsoft Scam is an umbrella term used to refer to any type of online scam, in which the scammer tries to trick their victim, by making the latter believe that their computer has been infected, and that a Microsoft representative offers them help.

In the lines below, we will go over the most common Microsoft Scam types, and we will tell you how to recognize, and avoid them. In many cases, such scams may be related to Trojan Horses, which may have entered the system. Because of that, the article, you will find a removal guide, which will aid you with the removal of any Trojan that a Microsoft scam may have gotten in your machine.

Microsoft Scam Call

The Microsoft Scam Call is one of the most commonly encountered types of Microsoft-related scams. The gist of the Microsoft Scam Call is that you receive a call from a crook, who tells you he/she is a Microsoft representative.

Microsoft Scam Call

The Microsoft Scam Call is supposed to make you believe a Microsoft official has contacted you.

The scammers would typically claim that there is some kind of issue with your system, and would offer to help you solve it.

After gaining your trust, the perpetrators may ask for your usernames, passwords, and other similar sensitive details. Also, the people behind this scam may direct you to a legitimate site, from which you are supposed to download a software tool that would allow the “Microsoft representative” to remotely access your computer under the premise that they need to do that in order to fix the purported system problem.

If you submit to any of the scammer’s demands, you’d be putting your system, and virtual privacy in serious jeopardy.

Microsoft Phone Scam

The Microsoft Phone scam is fortunately easy to figure out – Microsoft officials would never directly contact you via a phone call. So, a Microsoft Phone scam is any unexpected call from a person presenting themselves as a Microsoft official, and warning you about issues in your system.

Microsoft Phone Scam

The Microsoft Phone Scam is easy to avoid if you are careful.

If you are wondering how they got your number, the scammers usually use publicly available phone databases, which is why they may also know your name, location, and other personal details.

Microsoft Support Scam

The Microsoft Support Scam is another flavor of the Microsoft scams, which could be quite convincing to the less experienced users. Here is how the Microsoft support scam functions: some unsafe and misleading malvertising ad lands the user on a phishing page that looks exactly like Microsoft’s support site.

Microsoft Support Scam

The Microsoft Support Scam uses shock and intimidation to trick the users.

As soon as the page opens, two pop-ups appear on the screen. One of them is designed as a warning, telling the user there’s a malware in their computer, and giving them a fake Microsoft support team number. The other pop-up is designed as a sign-in form, and the user is asked to provide their username and password.

The reason this scam works is because the two pop-ups basically block the browser. If you get on such a Microsoft Support scam-page, you won’t be able to close the pop-ups, the current tab, or the browser itself, by clicking on the X buttons. You will also not be able to switch to another tab or window. This may instill panic in the less experienced users, and intimidate them enough for them to call the fake support number, and provide their login details. There, however, is an easy way to unblock the browser – use the Ctrl + Shift + Esc key combo to open the Task Manager, go to the Processes tab, find the browser processes, right-click on the one corresponding to the tab of the phishing page, and select End Process. If the Task Manager has also been blocked, you can always simply shut-down your machine through its power button, and then turn it back on.

Microsoft Scam Email 

The Microsoft Scam Email is another scam scheme similar to the ones we’ve already mentioned above. In the case of the Microsoft Scam Email scheme, the user is contacted via an e-mail letter, and is told that their Microsoft account would be deactivated unless the instructions from the message are followed.

Microsoft Scam Email

To avoid the Microsoft Scam Email, never trust random questionable emails. 

The user may be required to provide a username and a password, to call a fake support number, or to pay a fee. In any case, make sure to never respond to such emails – Microsoft would never contact you in this way, asking you to do any of those things.

Microsoft Account Scam

The Microsoft Account Scam is any type of a scam related to Microsoft, in which the user is threatened that they may lose access to their account unless they complete the demands of the scammer (who is impersonating a Microsoft official). A Microsoft Account Scam, for example, is the email scam we told you about in the previous paragraph.

Microsoft Account Scam

The Microsoft Account Scam tries to make you believe your account will be deactivated.

Microsoft Account scams could also be conducted not only through e-mail, but also via phone, phishing pages, and even through fake optimization software.

What gives this type of scam away is the warning that you’d lose access to your account if you don’t do as you are told – Microsoft wouldn’t ever contact you under such a premise.

Microsoft Virus Scam

The Microsoft Virus Scam is the kind of scam that uses a scareware program, which is presented to the user as a seemingly legitimate security tool. In reality, the Microsoft Virus Scam program is actually closer to a malware. It displays a fake warning message on the screen, telling the user their machine has been infected.

Microsoft Virus Scam

Fake security software is usually used in Microsoft Virus Scam schemes.

This scam is similar to the Microsoft support scam, but the difference is that the fake warning comes from a program in your computer, and not from a website. The text in the warning may tell you to contact a certain number, or provide some personal details like usernames and passwords in order to receive help with the removal of a non-existent virus.

This scam is potentially one of the most problematic ones as it may be difficult to recognize. The best precaution against it is to never install unverified software in your computer, and to only use trusted and popular security tools. If somehow, some purported security tool has gotten in your computer without you having deliberately installed it, it’s better to remove it from your computer, and not trust any warnings it may show you.

Securing your computer

It is highly likely that a Trojan Horse virus may have entered your computer if you have followed any of the scammers’ instructions. In some cases, the scam itself is made possible by the presence of a malware program in your computer (see the Microsoft Virus Scam). This is why we urge you to visit the removal guide you will see below, and follow its steps in case you have become the target of any type of a scam, similar to the ones explored in this article.

SUMMARY:

Name Microsoft Scam
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms The symptoms of a Trojan infection may vary, but if you have been targeted by a Microsoft scam, you should definitely check your PC for malware.
Distribution Method Scams like the ones we told you about may be used to spread Trojans. Other methods are malvertising, illegal software downloads, fake software update requests, various kinds of spam, and more.
Detection Tool

How to Remove a Microsoft Scam

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet


After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Step3

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

virus-removal1

Step4

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Step5

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


Leave a Comment