The 'POSSIBLE_VIRUS_DETECTION' pop-up windows are produced by corrupted Web pages and Trojans that promote a toll-free phone line controlled by computer support fraudsters. The 'POSSIBLE_VIRUS_DETECTION' pop-up windows and associated software are often presented to users who are running Internet Explorer as their primary Web browser. Unreliable computer support agents that pose as employees of the Microsoft Corp. use misleading computer security alerts to promote their services. Technical support tactics have been around since Windows became a global leader in personal computing devices. PC users who are surfing the Internet may encounter the 'POSSIBLE_VIRUS_DETECTION' fake security alerts while on sites with adult-rated content and pirated software. The first thing shown to users is a small dialog box that says:
Critical Update Available
Please update your browser immediately
Without this update your computer is at a serious risk of infection.
Your financial and personal information may NOT be secure.
Download this update now by pressing RUN at the bottom of your screen'
Then, the users are rerouted to a random Web page suggesting the installation of a critical update package to your Web browser. If you click on the highlighted button, one of two things may happen. First, your browser loads in full-screen mode and shows what seems like a BSOD (Blue Screen of Death) report, which you can't remove without using the Task Manager. The second scenario is harder to counter since a program is downloaded on your computer and if you run it, a background process loads a full-screen window on your desktop and disables keyboard and mouse input. In both scenarios the users are shown the following text:
'Windows has been stopped to prevent further damage to your PC.
Contact tech support now: +1-866-443-3380
A problem has been detected and windows has been stopped to prevent further damage to your computer.
POSSIBLE VIRUS DETECTION
If this message appears your computer might be infected with a virus or spyware.
Your computer safety is at risk, do not use your computer before you have contacted technical support to prevent stealing of information.
Social media and banking logins might be at risk.
STOP: Ox000000D1 (0x0000000C,0x00000002,0x00000000,0xF86B5A89)
flux.exe - Address F86B5A89 base at F86B5000, DateStamp 3dd9919eb
Beginning dump of physical memory
Physical memory dump complete.
Contact tech support for further assistance
Error code: SDGII
Call Tech Support now:
If you are not careful enough, the program associated with the 'POSSIBLE_VIRUS_DETECTION' notifications may need to be removed by booting Windows in Safe Mode and using a security tool. As long as the 'POSSIBLE_VIRUS_DETECTION' pop-ups remain in the browser, there is no reason to fear for the security of your device. You should not download updates to your browser from questionable sites, and you should not make calls to the '+866-443-3380' phone line. Following the instructions on the 'POSSIBLE_VIRUS_DETECTION' window would lead you to contact a scammer who may request remote desktop access to your device via tools like TeamViewer. Needless to say, PC users should avoid interaction with the people on the other end of the '+866-443-3380' toll-free phone line. AV companies recommend that users report phishing pages and advertisements that may generate the 'POSSIBLE_VIRUS_DETECTION' notifications. A small set of instructions on how to report bad Web pages can be found below:
- Edge: Open the browser's menu and click 'Send Feedback' then choose 'Report site issue,' enter the URL and add a short explanation about your experience.
- Internet Explorer 11: Click on the gear icon, chose 'Safety' and then click 'Report unsafe site,' in the pop-up window mark the category of the site and complete the CAPTCHA challenge.
- Google Chrome: Click on the three dots icon, mark 'Help' and chose 'Report an issue.' You can add a few sentences as a comment and click 'Send'.
- Mozilla Firefox: Open the browser's menu and navigate to 'Help' (the question mark icon) and click on 'Report Deceptive Sit.'
- Opera: Click on the site's badge located in the URL bar and click 'Details' then load the 'Fraud and Malware Protection' tab and click 'Report Site.'