Persistent Microsoft Defender Subscription Scam Popup Keeps Appearing

BCAdmin

Dealing with Persistent Microsoft Defender Subscription Scam Pop-ups

If you’ve recently encountered an unsettling pop-up on your computer claiming that your Windows Defender antivirus has been upgraded to a Pro plan for a hefty $299.00, you’re not alone. Many users have reported similar experiences with this deceptive notification, which seems almost impossible to eliminate.

Understanding the Scam

The alarming message typically indicates that your credit card will be charged on a specific date, often with an air of urgency that aims to provoke hasty action. It may impersonate legitimate software, but it’s a common type of phishing scam designed to trick users into providing personal and financial information.

Comprehensive Scanning Yet Persistent Issues

Despite performing various diagnostic scans, including a quick scan, full scan, and offline scan with Microsoft Defender, the pop-up continues to reappear. This can be particularly troubling, as you might wonder if your system has been compromised.

Notable Findings: Conhost.exe

An intriguing detail is the presence of a file named “conhost.exe” within your system32 folder. While this file is typically associated with legitimate Windows processes, its repeated activity in conjunction with the pop-up warrants caution. Users have reported that this file sometimes runs under PowerShell whenever the invasive pop-up appears, raising concerns about potential malware.

What Can You Do?

If you’re facing this issue, here are some steps you can take to regain control of your computer:

  1. Force Close Suspicious Processes: Use Task Manager to end processes associated with the pop-up, particularly those linked to PowerShell.

  2. Run Anti-Malware Software: Consider downloading a reputable anti-malware tool beyond Microsoft Defender for additional scanning capabilities. Programs like Malwarebytes or Bitdefender can offer a more thorough examination.

  3. Check Startup Programs: Sometimes, malicious software can set itself to launch at startup. Review your startup programs in Task Manager and disable anything unfamiliar.

  4. Clear Browser Data: Make sure to clear your browser cache, cookies, and history. This can help eliminate any traces of the scam.

  5. Update or Reinstall Browsers: If the problem persists, reinstalling your web browsers can sometimes dislodge unwanted extensions or adware.

  6. Consider System Restore: If possible, reverting your system to a point before the issue began may resolve the problem.

  7. Take Precautions: Finally, ensure your operating system and antivirus software are always up-to

Share this content:

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *