'Windows Defender Alert: Zeus Virus' Tech Support Scam

'Windows Defender Alert: Zeus Virus' Tech Support Scam Description

When computer security experts are discussing the 'Windows Defender Alert: Zeus Virus' Tech Support Scam they refer to fake computer support agents whose "services" are advertised on unreliable sites. The campaign associated with the 'Windows Defender Alert: Zeus Virus' Tech Support Scam is based on sites registered recently that have random names and may appear to be gibberish and refer to a virus detected on the system. The 'Windows Defender Alert: Zeus Virus' messages are reported to be hosted on sites registered to the IP address. Numerous domains are being used to deliver the 'Windows Defender Alert: Zeus Virus' pop-ups to users across the globe and some of the domains include:

  • ransomewaredetected[.]xyz
  • malwarethreatdetect[.]xyz
  • rasagulsdasdeaa[.]xyz
  • palkovasdareadas[.]xyz
  • othavirusda[.]xyz
  • omalavirusdadsad[.]xyz
  • panampanam[.]xyz
  • virusthreatdetect[.]xyz
  • dizlac-xvrumc[.]xyz
  • opafarusadjafa[.]xyz

You should keep in mind that the companies behind the 'Windows Defender Alert: Zeus Virus' hoax register dozens of new domains almost every day. Additionally, the 'Windows Defender Alert: Zeus Virus' pop-ups may invite users to call toll-free phone lines like:

  • 844-313-7003
  • 888-383-6325
  • 844-745-1521
  • 844-310-3403

As mentioned above, the list of phone numbers is expanding every day. The fake computer support agents take advantage of VoIP services and register new accounts to avoid Web filtering services and reach out to users. Cyber security experts recommend users to explore browser extensions like Web of Trust and incorporate a browser extension that filters online content marked as phishing. Open-access services like SCUMWARE.org and Websense ThreatSeeker might help users determine if a site is unsafe or has a bad reputation. Web surfers that experience the 'Windows Defender Alert: Zeus Virus' notifications may notice that their browser transitions into full-screen mode and an audio recording is played in the background. The pages that display the 'Windows Defender Alert: Zeus Virus' alerts are not powered by legitimate security tools and may offer misleading information. PC users should consider installing a trusted anti-malware utility on their systems as a way to block insecure connections to the IP and phishing pages. You will find samples of the 'Windows Defender Alert: Zeus Virus' pop-ups below:

  • Sample 1:
  • 'Your recent activity on the internet or wifi network caused you a severe threat on the Operating system.The opearting system file Kernel32.dll has been crashed and it has be fixed immediately to retrieve the operating system . The operating system has got corrupted which caused all the functions of the computer to get stopped. You have attempted to access a unsecured website which indeed caused this problem

    The viruses has entered into your computer through Unreliable websites , blogs or when you download any free softwares or when you watch videos/movies on any third party websites without a proper browser protection. The computer has also been suspected with too much p*rnographic content and illegal (not to use ) softwares downloads too many times Please call for assistance for fixing the problem immediately. (Toll-FREE (1-844-313-7003), High Priority Call Line)

    Please do not try to restart or shut down the computer as it may lead to operating system failure. Restarting the computer is not a solution for this problem and if you try to restart the computer all of your personal informations and operating system information can not be retrieved back'

  • Sample 2:
  • 'Windows Defender Alert : Zeus Virus Detected In Your Computer !!
    Please Do Not Shut Down or Reset Your Computer.
    The following data will be compromised if you continue:
    1. Passwords
    2. Browser History
    3. Banking Information
    4. Credit Card Information
    5. Local Hard Disk Files.
    This virus is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
    Call Technical Support Immediately at 1-844-313-7003'

  • Sample 3:
  • 'Your computer has been Locked
    Call Now 888-383-6325
    Your computer with the IP: [YOUR REAL IP ADDRESS] may be infected Because System Activation KEY has expired & Your information (for example, passwords, messages, and credit cards) have been stolen.
    Call Now 888-383-6325
    System Error Activation Error Code: 0x44578 Call Help Desk to prevent data lose
    please call Toll free 888-383-6325'