PUBLIC DEFENDER By Brian Livingston My readers are reporting a new wave of fraudulent “security warnings” that freeze the screen, threaten to auto-del
[See the full post at: Watch out for fake ‘Windows Defender’ scare]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Watch out for fake ‘Windows Defender’ scare
Home » Forums » Newsletter and Homepage topics » Watch out for fake ‘Windows Defender’ scare
- This topic has 20 replies, 16 voices, and was last updated 1 month, 1 week ago.
AuthorTopicB. Livingston
AskWoody MVPViewing 11 reply threadsAuthorReplies-
Alex5723
AskWoody Plus -
jamesmhebert
AskWoody PlusI have this and found a few more ways to get past it:
- press ESC to restore the browser tabs and controls. Then you can close the browser window, or the offending tab.
- Hold ALT and press F4 for every one of the pop up windows. Each press will close the “frontmost” window. Press in quick succession to close all pop ups and, ultimately, the browser. (This works as long as your system defaults to traditional function key operations; on some systems you may have to employ the key that shifts to the alternate function key activation.)
2 users thanked author for this post.
-
WSbellboy
AskWoody Plus -
Ben Myers
AskWoody PlusBrian, This article is right on target and right on time. I get computers from clients regularly to fumigate them. The computers, not the clients.
I’ve usually used Ctrl-Alt-Delete and Task Manager to kill the browser used for these deceptively dangerous messages. And a manual remove of the threat is often enough.
3 users thanked author for this post.
-
George S. Augustas
AskWoody Plus -
rc primak
AskWoody_MVPGoogle search “dothrakiz website” without the quotes. Reject the Google Search suggestion of “dothraki website”. Look for the link to https://www.cubdomain.com/domains-registered-by-date/2021-11-19/9 Scroll through this list. It’s there.
-- rc primak
-
dvhirst865
AskWoody PlusTimely, useful, and very much on target. Thanks.
I’m in full agreement with @Ben Meyers about using TM to kill the offending browser instance, and would suggest that starting the browser in safe mode is the way to go for clearing cache/history, suggested revision to your text: “Clear your cache and cookies, reset your browser, or uninstall/reinstall it. Start your browser in safe mode after your AV scan”.
DVH
1 user thanked author for this post.
-
rc primak
AskWoody_MVP -
Just another Forum Poster
AskWoody Lounger -
Still Anonymous
AskWoody Plus
-
-
WCHS
AskWoody PlusI got this pop-up on my iPad, where I have ONLY the Safari browser working. First off, it says “Access to this PC”?? How could the warning be coming from Windows Defender, when the device isn’t even a Windows device???
The screen was frozen, so it wasn’t even possible to press any buttons or links. I restarted the iPad.
Was there any malware that got installed?? If so, how would I know?
-
Alex5723
AskWoody Plus -
WCHS
AskWoody Plus‘Defender’ is a hoax’ you got that message from a visited site via Safari.
I know that. All I am saying is that the hoax message, hoax that it was, didn’t even make sense, because the hoax message about about a PC and the device the message was on was an iOS.
-
geekdom
AskWoody_MVPHoaxes are not designed to make sense. Hoaxes are designed to provoke an immediate reaction. The hoax message is to fix this computer invasion now, now, now by clicking on this button that will solve all your problems.
On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
-
-
rc primak
AskWoody_MVPThis is Windows-specific malware, AFAIK. I use Linux and have never seen anything like this. But Mac and iPad may be targets, as well as Android and Apple phones. Since this comes in through the web browser, I would not put it past the malicious parties to target Linux browsers as well. I just highly doubt they would successfully infect a device running Linux. But assume NOTHING when it comes to malware!
Linux cleanup is similar to Windows cleanup, if anything might happen. Except, I am much more willing to run a clean install of my Linux distros than my Windows OSes. I find it much easier to get back up and running under Linux, provided the correct precautions are taken before anything malicious happens. Software reinstallation for example, can be much more centralized in Linux — one-stop shopping if you save the markings from your software manager. Linux has Bleachbit for cleaning the kinds of things which can mess up web browsers.
-- rc primak
Arctic_Eddie
AskWoody Loungersudo
AskWoody PlusI remember years ago using a program call Sandboxie, that would stop this kind of malware from getting its claws into your PC. You just had to close the browser and would start fresh again when re opening your browser. Looks like this program is still around, but I have not used it for quite some time.
-
rc primak
AskWoody_MVPDepending on where the popover message screens come from, sandboxing the browser would not necessarily prevent the computer from being unable to function. And making the screen go away would still require killing all processes which are operating within the infected sandbox. You would still have to clean up all of this, and to do that, you need to be able to get rid of the full-screen popover message.
-- rc primak
cesmart4122
AskWoody Plusibe98765
AskWoody PlusI don’t understand. People must be clicking on bad links and visiting some website to pick up this infection. In nearly 30 years of using Windows I have never been infected. The article didn’t explain how machines are getting infected. I’d wager that 90% are from visiting pörn sites.
I’ve used Comodo firewall and AV for many years. I also use an old version of FF as my primary browser where scripts are auto blocked until I allow them to run using NoScript.
Still Anonymous
AskWoody PlusThis is good stuff, although I’m going to differ on nuance of a couple of the suggested steps:
- Write down as many browser tabs as you can remember.
You may also be able to get some of that info with the Windows Snipping tool or Snip and Sketch, although if you have more tabs open than are visible on the screen, you won’t get everything.
- If you had to shut down, restart Windows but don’t open your browser.
At least, don’t open your primary browser. Although it’s OK to prefer to do everything in Chrome, Firefox or anything else, there’s nothing that requires you to do that, and there are times when you need to interact through a different browser. This is one of those times. Whatever alternate you have, make sure that you’ve reviewed it and tuned settings to your preferences, as if you were using that as your normal browser. That way, when you’re using the alternate in an emergency, you know that it’s configured for your preferences. There’s nothing wrong with using something like Edge for a one-off thing, but it is worth making sure you’ve reviewed all of Edge’s preferences (especially security and privacy).
With Firefox, there is an option to use multiple profiles (where you set it to allow which profile you want on startup). In this situation, launch Firefox and choose the alternate profile. As with an alternate browser, you need to have the alternate profile configured and tuned to personal taste (although perhaps not as extensively).
- Run Windows Defender or your preferred antivirus program.
- Clear your cache and cookies, reset your browser, or uninstall/reinstall it.
Good steps to do, but I would use the reverse order, of clearing data first. If this exploit is blocking your ability to get to config settings, then you won’t be able to clear content from inside the browser. CCleaner works well for this (although you should not choose the registry cleaning options), as does BleachBit (which does not offer cleaning).
If the problem persists after clearing cache and cookies, then move on to AV scanning.
I also recommend against uninstall/reinstall of browser, at least for Firefox. With Firefox, the only reason to do that is if you have concrete reason to believe that program binaries or the Windows registry has been compromised. Since the time of Windows Vista, that’s unusual, and performance issues are almost always specific to data in the user profile. If you have a second profile, that’s a fast confirmation that problems are profile-specific.
Also, it’s worth noting that if you uninstall Firefox, there is an option to choose whether or not to delete user data (that is, your profile(s)). If you delete your profiles, then you lose all your personal data (especially config preferences, bookmarks, history, stored passwords, etc.) If the problem is in your profile and you don’t delete the profile, then the problem will persist, and a reinstall accomplishes nothing.
With Chromium-based browsers, there is a single profile where user data is stored, although I don’t know the geography well enough to suggest where to find data. But the same principle applies that if you kill content in the profile, then you also remove your personal data, as well.
Viewing 11 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Skype cancels loopback audio
by
Steven
32 minutes ago -
Python re-installation
by
WSepzcaw
54 minutes ago -
Finally updated to Thunderbird 115
by
EricB
5 hours, 35 minutes ago -
Hard drive boot up problem in Windows AND Linux
by
rkacmar
8 hours, 32 minutes ago -
WSUS fails to download monthly Cumulative Update for Windows 11 Version 22H2
by
Bruce23
10 hours, 59 minutes ago -
Excel tone
by
WSmmi16
10 hours, 17 minutes ago -
Wait for the bugs to be worked out
by
Susan Bradley
3 hours, 5 minutes ago -
What Windows Really Needs [Pure OPINION]
by
RetiredGeek
2 hours, 34 minutes ago -
“Winmail.dat” attachments when email is sent from Outlook to Thunderbird
by
MrJimPhelps
11 hours, 28 minutes ago -
win 11 22H2 Memory itegrity error
by
krism
18 hours, 52 minutes ago -
McLaren Health Care 6TB data breach
by
Microfix
8 hours, 45 minutes ago -
Long Live the Red Envelope Era | Farewell to DVDs | Netflix
by
Alex5723
21 hours, 42 minutes ago -
Faststone Image Viewer updates
by
Alex5723
2 days ago -
Malicious ad served inside Bing’s AI chatbot
by
Alex5723
2 days ago -
win10 pro 22H2 current minus 1 mo,to, win11. suggestions…
by
krism
1 day, 12 hours ago -
Microsoft entered negotiations to sell Bing to Apple in 2020
by
Alex5723
2 days, 9 hours ago -
X CEO shows her iPhone’s Home Screen – and X isn’t there
by
Alex5723
2 days, 10 hours ago -
Keeping an older Mac secure
by
Susan Bradley
2 days, 10 hours ago -
Thunderbird – problem ”setting up existing email address”
by
stajourneyman
2 hours, 15 minutes ago -
Windows 11 Insider Preview build 23555 released to DEV
by
joep517
2 days, 21 hours ago -
Something didn’t go as planned KB5030310, KB 5030219
by
Donald Wyllie
1 day, 10 hours ago -
“Enhanced” search box
by
WSraysig
2 days, 22 hours ago -
Windows Ends Installation Path for Free Windows 7/8 Upgrade
by
Alex5723
2 days, 23 hours ago -
Icon text drop shadows latest Win 11 update
by
kenlcarter50
2 days, 17 hours ago -
Group Policy to change context menu to Win10 version?
by
HATech19
3 days, 1 hour ago -
You can no longer activate newer Windows 11 builds with Windows 7/8/8.1 keys
by
joep517
3 hours, 53 minutes ago -
Reddit is removing the option to prevent Reddit from tracking ..
by
Alex5723
3 days, 8 hours ago -
Vivaldi for iOS and iPadOS released
by
Alex5723
3 days, 8 hours ago -
Windows 11 attempted update to 22H2 results in Error Code 0x8024001e
by
Tiernan
2 days, 22 hours ago -
lock screen goes black after ~ 25-30 secs.
by
krism
2 days, 17 hours ago
Recent blog posts
- Wait for the bugs to be worked out
- MS-DEFCON 4: Is Windows 11 really a disaster?
- Windows 11, Surface, and Windows Copilot
- Why File Explorer keeps me on Windows
- Uninstalr — “World’s best cup of coffee”
- Locked out of your refurbished computer?
- What happened to the manual?
- Apple zero days out – September 2023
Key Links
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.