Severity scale:  

Remove “Possible Suspicious Activity” virus (Removal Guide) - Oct 2017 update

removal by Ugnius Kiguolis - - | Type: Adware

“Possible Suspicious Activity” alerts come from tech support scammers

The picture of "Possible Suspicious Activity" scam samples

“Possible Suspicious Activity” virus defines a browser-based tech support scam. It is universal as it plagues Chrome, Internet Explorer, Firefox, and Microsoft Edge. This sample of scam is more elaborate. Unlike the majority of online deceptions which terrify users with Zeus virus and Facebook login as well as email account log-in data theft, this time, the crooks tied in more technical details to make the scam more realistic.

When users get redirected to a scam site, first of all, the message pops up stating that:

Customer, your system has detected possible suspicious activity. Please call the toll-free number below for a Microsoft Certified technician to help your resolve the issue:
For your safety, please of not open Internet browser to avoid data corruption to the registry of your operating system.

A couple of other alerts follow the latter. The next is called “Warning! Hyper-V Manager.” The very program, Hyper-V Manager, is a virtualization platform introduced by Microsoft in 2008.[1]

Thus, the racketeers loaded a few definition of real programs to persuade users. Though they crowd the pop-up alert with technical details and definitions, the key thing which reveals the origin of the scam is the phone number.

Despite how realistic the scam might seem, if it includes the phone number or an email address, exit the page and clean the browser. The majority of browser-based tech scams are not destructive.

Claims that your data will be corrupted or lost are just lies. However, some online deceptions may temporarily hijack your browser. Thus, clicking on the button “Prevent this page from creating additional dialogues” may not work.

You will need to force shut-down on the browser. In addition, it is recommended to remove “Possible Suspicious Activity” scripts from the browser. You can do so with the assistance of ReimageIntego or Malwarebytes.

October 2017: “Antivirus Detected Some Suspicious Activity” virus starts spreading online

On October 30th, researchers discovered a brand new scam using “Antivirus Detected Some Suspicious Activity” line to trick unsuspecting users into calling fraudsters via provided “toll-free” number. This time, scammers suggest dialing +1-844-665-6888 number for help directly from “Microsoft Technicians.” Calling the fraudsters won't help to resolve the imaginary issue that the deceptive alert warns you about.

Scammers will simply ask you to follow their commands that can eventually result in data loss or a severe computer infection. The pop-up typically appears on pages that look like Microsoft's Support page or another related site because it is filled with forged company's logos all over. Do not let these cheap tricks fool you and convince you to call scammers. Otherwise, you might end up giving them remote access logins or credit card details to people who will use such data for illegal purposes.

Remove “Antivirus Detected Some Suspicious Activity” virus as soon as you can and make these fake alerts disappear once and for good. You can detect the malware sending you these pop-ups using anti-malware or anti-spyware programs that we mentioned earlier.

Keep your computer safe and learn to identify tech support scams

Browser-based tech support scams scripts might be foisted in a variety of websites. Observing the tendency, most likely, you could get directed to such scam when you browse illegal movie streaming sites or torrent sharing domains.

Likewise, “Possible Suspicious Activity” hijack might have occurred as a result of such technique. On the other hand, even if you are cautious, a tech support page might appear if you click on a legitimate ad or banner.[2]

Note that you should be wary of corrupted apps and extensions. They might be a harbinger of a PC version of a tech support scam. The latter cause more elimination troubles. Now let us review “Possible Suspicious Activity” scam removal options. The image displaying "Possible Suspicious Activity" scam"Possible Suspicious Activity" tech support scam tries to fool users with excessive technical information.

Remove Possible Suspicious Activity virus with ease

First of all, you need to exit the tech support scam site. Click on CTRL+SHIFT+ESC. Find your browser commands in the Task Manager, right-click on them and then choose “End task.”

Now restart the browser. Enter the Settings and clear cookies as well browsing data. In case the redirect page still emerges, reset the browser to remove “Possible Suspicious Activity” virus elements.

It is also advised to scan the browser. The tool will complete “Possible Suspicious Activity” removal procedure. This scam might appear not only in English but in French, Hungarian or Estonian[3] sites.

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove “Possible Suspicious Activity” virus, follow these steps:

Remove “Possible Suspicious Activity” from Windows systems

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall “Possible Suspicious Activity” and related programs
    Here, look for “Possible Suspicious Activity” or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove “Possible Suspicious Activity” from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete '' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Erase “Possible Suspicious Activity” from Mac OS X system

Mac OS users should be wary of “Possible Suspicious Activity”  scam types. Theey might be targeted with the iOS counterparts of this felony.

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove “Possible Suspicious Activity” from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for “Possible Suspicious Activity”-related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove “Possible Suspicious Activity”, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to “Possible Suspicious Activity” and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the “Possible Suspicious Activity”-related entries.Uninstall from Mac 2

Get rid of “Possible Suspicious Activity” from Internet Explorer (IE)

Remove dangerous add-ons:

  1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
  2. Pick Manage Add-ons.
  3. You will see a Manage Add-ons window. Here, look for “Possible Suspicious Activity” and other suspicious plugins. Click on these entries and select Disable.Remove add-ons from Internet Explorer

Change your homepage if it was altered:

  1. Open IE and click on the Gear icon.
  2. Select Internet Options.
  3. In the General tab, delete the Home page address and replace it by your preferred one (for example,
  4. Click Apply and then select OK.Reset IE homepage

Delete temporary files:

  1. Press on the Gear icon and select Internet Options.
  2. Under Browsing history, click Delete…
  3. Select relevant fields and press Delete.Clear temporary files from Internet Explorer

Reset Internet Explorer:

  1. Click on Gear icon > Internet options and select Advanced tab.
  2. Select Reset.
  3. In the new window, check Delete personal settings and select Reset again to complete “Possible Suspicious Activity” removal.Reset Internet Explorer

Uninstall “Possible Suspicious Activity” virus from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the “Possible Suspicious Activity”-related extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Eliminate “Possible Suspicious Activity” from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select “Possible Suspicious Activity” and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete “Possible Suspicious Activity” removal. Click on 'Reset Firefox' button for a couple of times

Delete “Possible Suspicious Activity” from Google Chrome

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select “Possible Suspicious Activity” and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete “Possible Suspicious Activity” removal. Click on 'Reset' button to complete your removal

Remove “Possible Suspicious Activity” from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for “Possible Suspicious Activity” or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by “Possible Suspicious Activity”, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete “Possible Suspicious Activity” removal process. Select all options and click on 'Reset' button

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding “Possible Suspicious Activity” virus