“Threats Detected” Tech support scam (Tutorial) - Free Guide
“Threats Detected” Tech support scam Removal Guide
What is “Threats Detected” Tech support scam?
“Threats Detected” – fake security warning that uses names of legitimate security and IT companies
“Threats Detected” is a fake security alert that might pop-up on your browser unexpectedly. Considering the content of the alert, it may surprise and even frighten you – which is its main objective. According the fraudulent message, Avast!, McAfee or Norton security programs detected dangerous cyber threats on the system, and the only way to resolve this allegedly difficult situation is by calling tech support helpline.
You should never use the provided phone number and contact the “technicians,” as these people are scammers. In fact, it is impossible for a website to detect whether your device is infected with malware, so you should straight out ignore these messages. Nonetheless, you should also check your system for adware, as it could be the reason why you are being redirected to shady websites on Google Chrome or another web browser.
Name | “Threats Detected” scam |
Type | Scam, rogue website, adware |
Distribution | You might end up on scam website after clicking a link on another malicious site or adware could be causing these redirects |
Operation | The pop-up message claims that the system is infected with malware and users need to contact tech support in order to get rid of it; the scammers often use names of legitimate companies, including Microsoft |
Resolution | Close down the tab immediately, do not contact these scammers via the provided phone number, and scan your machine with SpyHunter 5Combo Cleaner to ensure no parasites are running in the background |
Further steps | If you have contacted the crooks, you should change passwords for all your accounts. After malware removal (if such was installed by them), you should also fix damaged system components with FortectIntego |
The message provides technical information about detected threats and copies the interface of the legit security software. Additionally, people are urged to call support immediately and do not try to delete the virus themselves because the computer’s hard drive might fail. The full message of the scam includes the following information:
Microsoft Windows encountered a problem
Action Required
Threats Detected
Threats Detected! Call Toll Free Support: 1-855-615-2468
SYSTEM CRITICALLY INFECTED! CONTACT SUPPORT IMMEDIATLY
DO NOT TRY TO MANUALLY REMOVE THIS VIRUS
HARD DRIVE MIGHT FAIL*
Avast Antivirus alert
Different versions of the tech support scam uses other phone numbers to communicate with users. However, keep in mind that none of these numbers belongs to legit security companies. Thus, you should never call them:
- Fake Avast! support line: 1-855-615-2468
- Fake McAfee support line: 1-855-378-1203
- Fake Norton support line: 1-844-444-9933
Therefore, “Threats Detected” virus belongs to the group of technical support scams that are designed to scare victims. The purpose of this Microsoft scam[1] is to convince people into calling the toll-free support line. We can assure that these “specialists” won’t help you; instead, they might:
- convince you to purchase useless security software;
- trick into installing malicious program to the device;
- give scammer remote access to your PC;
- obtain personally identifiable information, including credit card information.
If you continuously receive the this fake pop-up when browsing the web, you should check if your computer hasn’t been infected with adware. Security specialists from Odstranit Virus[2] tell that you can suspect infiltration of this potentially unwanted program if you notice increased number of ads everywhere you go, suffer from unexpected browser redirects and you recently installed some type of freeware from the internet.
The quickest way to remove the redirect virus from the system is to run a full system scan with SpyHunter 5Combo Cleaner or another anti-malware.[3] Don’t forget to update security software before performing automatic elimination, as only up-to-date tools can delete this cyber threat.
However, you can also follow our prepared manual removal guide and get rid of the adware without additional software, but you have to be careful. If you leave some adware-related entries installed, you might still encounter this fake pop-up. Also, it is very important to clean your web browsers – you can employ FortectIntego for this job or do it manually as well.
Online scams pretend to be security alerts by legit antivirus programs.
Adware programs help scammers to target more Internet users
Fake alerts usually are triggered by adware that may have sneaked inside the PC in a software bundle. We believe that you do not have any idea how this may have happened. However, the situation is simple.
When you install free programs from the Internet, you have to check if you install a single app or a package by choosing Advanced/Custom setup. If you see “optional downloads,” you have to remove the ticks next to them. Meanwhile, Quick/Recommended setup does not have this feature. Thus, if you install freeware using these settings, you might install many undesired apps.
Getting rid of “Threats Detected” support scam
The adware which is responsible for fake security pop-ups should be uninstalled from the system immediately. Keep in mind that if your browsers are vulnerable (i.e., not updated), they might be used to divert you to websites where malicious scripts would download malware automatically without you knowing. Therefore, equip your computer with powerful antivirus software and perform a full system scan. You can also look for PUPs yourself if you desire to – we provide the instructions for that below.
There is more to it if you have already contacted scammers via the phone number. First of all, if they made you pay for anything (usually for some fake security software or for “services” itself), you should contact your bank and explain that you have been scammed – provide as much information as possible, for example, the number you called or how you transferred the money.
You should also change your passwords of all your accounts immediately, as the cybercriminals might have stolen them after gaining access to your PC (if such was provided).
You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
Getting rid of “Threats Detected” Tech support scam. Follow these steps
Uninstall from Windows
Instructions for Windows 10/8 machines:
- Enter Control Panel into Windows search box and hit Enter or click on the search result.
- Under Programs, select Uninstall a program.
- From the list, find the entry of the suspicious program.
- Right-click on the application and select Uninstall.
- If User Account Control shows up, click Yes.
- Wait till uninstallation process is complete and click OK.
If you are Windows 7/XP user, proceed with the following instructions:
- Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
- In Control Panel, select Programs > Uninstall a program.
- Pick the unwanted application by clicking on it once.
- At the top, click Uninstall/Change.
- In the confirmation prompt, pick Yes.
- Click OK once the removal process is finished.
Delete from macOS
Remove items from Applications folder:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for all related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Remove from Microsoft Edge
Follow these steps to recover Microsoft Edge after the hijack:
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Google Chrome
Some of Chrome's extensions might be responsible for the fake security alert. Follow these steps to get rid of this problem:
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Delete from Safari
Remove unwanted extensions from Safari:
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Clear cookies and other website data from Safari:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Reset Safari if the above-mentioned steps did not help you:
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of “Threats Detected” Tech support scam registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting adware
Do not let government spy on you
The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet.
You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.
Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.
- ^ Tech support scams. Microsoft. The official website.
- ^ Odstranit virus. Odstranit virus. Czech security news.
- ^ Wendy Zamora. How does anti-malware work?. Malwarebytes Labs. Security blog.