“Virus Alert (05261)” is a scam pop-up message you can see on a website that looks like a Microsoft page, but with a strange URL. It tries convincing people about their system being in trouble. As proof of it, they show a banner saying about outdated apps, incorrect privacy settings, and more critical problems. The banner eventually demands calling a helpline, which appears to be a contact of fake tech support.
Fake Microsoft support is a rather popular fraudulent scheme, where victims are lured into a phone call with a scammer by the means of social engineering. Successful attack results in compromising users’ privacy, installation of unwanted apps or even malware. In this post, I will explain how to avoid such sites in the future. Also, you will see all the social engineering tricks that the frauds use to force the user into this trap.
Virus Alert (05261)
Virus Alert (05261) is the title of a banner you can encounter on a scam website. It tries to copy the appearance of a genuine Microsoft Office 365 page, but also adds several banners on top of the background. This banner says about your system being “locked due to unusual activity. Error Ox800xdfy”. Below, there is a pitiful infographic showing critical troubles like “browser cookies”, “slow startup apps” and “registry entries”. Lower, under the “Fix issues”, there is a phone number, that the user should allegedly call to solve the issue.
Typically for such scam websites, it plays a scary sound alert, and switches to full-screen mode after a click on the website. It does not matter where exactly the click has happened – the website will intercept it either way and go fullscreen. The latter may happen randomly, and with the fullscreen, all things start looking like the system is really locked. This is, in fact, a starting point of the scam.
Key target of the Virus Alert (05261) scam site is to make the user call the helpline phone, listed at the bottom part of both banners. This number leads to the fake Microsoft tech support – a part of a rather popular scam network that attacked users from Europe and both Americas. Even though the FBI once disrupted a large part of that network, it keeps rolling at the same scale.
“Virus Alert (05261)” Overview
| Website | Firewall-alert-windows-hlslj.ondigitalocean.app (scan report) |
| Threat type | Fake Tech Support Scam |
| Source | Redirect from a shady page, adware activity, pop-up notifications spam |
| Risk | Installation of unwanted applications, personal information exposure |
The content in “Virus Alert (05261)” scam pop-up:
Virus Alert (05261) !! Microsoft Windows locked due to unusual activity. Error: 0x800xdfy Security Networks are safe Virus free 14 outdated apps Privacy 19 privacy settings to fix 434 browser cookies Performance 10.4 GB to free up 21 slow startup apps 377 registry entries Fix Issues Show details Your system has been reported to be infected with Trojan-type spyware. For assistance, contact Microsoft Support +1-844-216-9800 (Helpline)
Fake Microsoft Tech Support Scam Risks
Upon calling the said number, the user will face a pseudo-support manager that will continue convincing the user about their PC being full of problems. Bugs, outdated software, lack of free space, or malware – they can choose almost any pressure point. While on the line, the user gets the instructions to download TeamViewer, UltraViewer, or another remote connection tool, and grant the scammers access to the device. After that, they are free to do anything with the device: access sensitive data, download or upload files, and even read messages.
But what that connection is used for is the installation of unwanted applications, presented as a “professional PC help”. The latter is of a specific kind: usually, they offer “system cleaners”, “PC speed-up utilities” or things like that. Either way, this software will once again show you a myriad of problems, only to ask you to pay for solving them. As you may have guessed, all the troubles are one big mystification.
Social Engineering Tricks and Mistakes of “Virus Alert (05261)” Scam
Now, let’s talk about methods that con actors use to make the scam work. The main thing that allows for all this to happen is users’ low awareness about malware, PC issues, and how Microsoft handles them. A tech giant from Redmond physically cannot reach out to every single user who has a problem. For malware-related issues, they have Microsoft Defender – an antivirus that is built into every Windows installation. However, privacy issues, outdated apps, and performance issues are not in their scope. Therefore, the existence of such websites is a scam alert by itself.
The Banner on the top layer of the page contains a bunch of technical terms, which have low to no correlation nonetheless. It says about systems being locked, creating fear, shows error codes and “scan results”, making the page look like some genuine Microsoft alert.
Aforementioned full-screen mode and a scary beeper sound add even more intimidation to the page. One careless click on the page – and the victim feels trapped inside. Combine it with a sound alert repeating lines about the PC being locked and all the data being in danger – and you just got the handbook definition of fear mongering. That adds just another layer of fear, making the user even more malleable for further demands.
So, in summary, things that scams ride on are fear of technologies, fear of being hacked, and low level of PC knowledge. One can’t help but notice the skillful application of social engineering – frauds really put effort into making it. It’s a good thing they’ve decided to put almost no effort in the rest of the elements of the scam.
Mistakes and More Nonsense
Even having just a tiny bit of computer skills and knowledge puts the majority of contents of the scam website in question. First is the error code displayed on top of the “main” banner – Ox800xdfy. Aside from the fact that this code does not exist – why would the unusual activity ever lead to an error code? And why does it start with “O”, the letter, instead of 0 (zero)?
The deeper a tech savvy person gets into the site, the more questions will surface. It lists outdated apps as a problem – fair enough, but how could the website know the apps are out of date? Why won’t Microsoft just show a notification in the Settings app? Same story is about privacy settings to fix. And those were the only things that somewhat correspond to the “virus alert” title.
Other points of the banner say about “browser cookies”, “space to free up”, “slow startup apps” and “registry entries”. This, in turn, is not even remotely close to the claimed virus problems or unusual activity. And for any tech savvy person, each of these claims are just ridiculous, and look like a set of randomly picked names of system elements. Once again, fraudsters did not put a lot of effort into creating a trustworthy look for the scam page, sticking to buzzwords instead.
Where did it appear from?
There are several ways for the Virus Alert (05261) scam to appear in the browser. All of them, however, hint at the unwanted activity that is happening in the system.
First and the most widespread one is the redirection from a dodgy website. Pages with pirated games, programs or movies often have the redirect links injected into buttons on the website. Typically, site masters choose popular ones, like “download” or “play”. The scam page will open shall the user click on the link (which they definitely will).
Another reason is the pop-up ads from a different scam site. There is a whole category of browser infections that parasite on push notification functionality of modern browsers. It is not hard for the user to get into one, and after that, they start receiving dozens of pop-up notifications. Clicking on one typically throws the person to a scam page, with the subject of this article being among them.
Third, but still a highly possible occasion, is the malware activity. Akin to push ads that I’ve just described, adware and browser hijackers can open random websites in the browser. As a result, the user gets exposed to a whole bunch of different scam pages. This is actually more dangerous than the other situations, as the actual malware may collect a lot of user information.
How to protect against online scams?
Despite how different they are, it is rather easy to secure yourself against the majority of online scams. One key rule is staying critical about what you see. If it is too good to be true (awards from Google for being a billionth user) or telling nonsense (like Virus Alert (05261)), they should not be taken for granted. Never call the number such websites say to call and never share your personal information with them – that will be enough to mimimize the potential damage.
Aside from your own attention, a reliable anti-malware software will come in handy. GridinSoft Anti-Malware comes with a network protection system that will intercept and block the malicious website before it can do any harm. And it is effective against regular malware, too, so your device will have excellent protection from all malware injection vectors.
Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.
After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.
Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.
Thank you! It ask me to call a number 866-532-8878 and it told me not to exit out cause it may compromise all my information and passwords.