{"id":26414,"date":"2024-08-23T17:32:14","date_gmt":"2024-08-23T17:32:14","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=26414"},"modified":"2024-09-05T05:39:06","modified_gmt":"2024-09-05T05:39:06","slug":"virus-alert-05261-scam","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/virus-alert-05261-scam\/","title":{"rendered":"Virus Alert (05261) Scam"},"content":{"rendered":"

“Virus Alert (05261)” is a scam pop-up message you can see on a website that looks like a Microsoft page, but with a strange URL. It tries convincing people about their system being in trouble. As proof of it, they show a banner saying about outdated apps, incorrect privacy settings, and more critical problems. The banner eventually demands calling a helpline, which appears to be a contact of fake tech support.<\/p>\n

Fake Microsoft support is a rather popular fraudulent scheme, where victims are lured into a phone call with a scammer by the means of social engineering. Successful attack results in compromising users\u2019 privacy<\/strong>, installation of unwanted apps or even malware. In this post, I will explain how to avoid such sites in the future. Also, you will see all the social engineering tricks that the frauds use to force the user into this trap.<\/p>\n

Virus Alert (05261)<\/h2>\n

Virus Alert (05261) is the title of a banner you can encounter on a scam website. It tries to copy the appearance of a genuine Microsoft Office 365 page, but also adds several banners on top of the background. This banner says about your system being \u201clocked due to unusual activity. Error Ox800xdfy\u201d. Below, there is a pitiful infographic showing critical troubles like \u201cbrowser cookies\u201d, \u201cslow startup apps\u201d and \u201cregistry entries\u201d. Lower, under the \u201cFix issues\u201d, there is a phone number, that the user should allegedly call to solve the issue.<\/p>\n

\"Virus <\/p>\n

Typically for such scam websites, it plays a scary sound alert<\/strong>, and switches to full-screen mode after a click on the website. It does not matter where exactly the click has happened \u2013 the website will intercept it either way and go fullscreen. The latter may happen randomly, and with the fullscreen, all things start looking like the system is really locked. This is, in fact, a starting point of the scam.<\/p>\n

Key target of the Virus Alert (05261) scam site<\/strong> is to make the user call the helpline phone, listed at the bottom part of both banners. This number leads to the fake Microsoft tech support \u2013 a part of a rather popular scam network that attacked users from Europe and both Americas. Even though the FBI once disrupted a large part of that network, it keeps rolling at the same scale.<\/p>\n

“Virus Alert (05261)” Overview<\/h3>\n
\n\n\n\n\n\n
Website<\/td>\nFirewall-alert-windows-hlslj.ondigitalocean.app (scan report<\/a>)<\/td>\n<\/tr>\n
Threat type<\/td>\nFake Tech Support Scam<\/td>\n<\/tr>\n
Source<\/td>\nRedirect from a shady page, adware activity, pop-up notifications spam<\/td>\n<\/tr>\n
Risk<\/td>\nInstallation of unwanted applications, personal information exposure<\/td>\n<\/tr>\n<\/table>\n<\/div>\n

The content in “Virus Alert (05261)” scam pop-up:<\/p>\n

\r\nVirus Alert (05261) !!\r\nMicrosoft Windows locked due to unusual activity. Error: 0x800xdfy\r\nSecurity\r\nNetworks are safe\r\nVirus free\r\n14 outdated apps\r\nPrivacy\r\n19 privacy settings to fix\r\n434 browser cookies\r\nPerformance\r\n10.4 GB to free up\r\n21 slow startup apps\r\n377 registry entries\r\nFix Issues Show details\r\n\r\nYour system has been reported to be infected with Trojan-type spyware.\r\nFor assistance, contact Microsoft Support\r\n+1-844-216-9800 (Helpline)\r\n<\/pre>\n
Fake Microsoft Tech Support Scam Risks<\/h2>\n
Upon calling the said number, the user will face a pseudo-support manager<\/a> that will continue convincing the user about their PC being full of problems. Bugs, outdated software, lack of free space, or malware \u2013 they can choose almost any pressure point. While on the line, the user gets the instructions to download TeamViewer, UltraViewer, or another remote connection tool, and grant the scammers access to the device. After that, they are free to do anything with the device: access sensitive data, download or upload files, and even read messages.<\/p>\n
But what that connection is used for is the installation of unwanted applications, presented as a \u201cprofessional PC help\u201d<\/strong>. The latter is of a specific kind: usually, they offer \u201csystem cleaners\u201d, \u201cPC speed-up utilities\u201d or things like that. Either way, this software will once again show you a myriad of problems, only to ask you to pay for solving them. As you may have guessed, all the troubles are one big mystification.<\/p>\n
Social Engineering Tricks and Mistakes of “Virus Alert (05261)” Scam<\/h2>\n
Now, let\u2019s talk about methods that con actors use to make the scam work. The main thing that allows for all this to happen is users\u2019 low awareness about malware, PC issues, and how Microsoft handles them. A tech giant from Redmond physically cannot reach out to every single user who has a problem. For malware-related issues, they have Microsoft Defender \u2013 an antivirus that is built into every Windows installation. However, privacy issues, outdated apps, and performance issues are not in their scope. Therefore, the existence of such websites is a scam alert<\/strong> by itself.<\/p>\n
 The Banner on the top layer of the page contains a bunch of technical terms, which have low to no correlation nonetheless. It says about systems being locked, creating fear, shows error codes and \u201cscan results\u201d, making the page look like some genuine Microsoft alert.<\/p>\n
Aforementioned full-screen mode and a scary beeper sound add even more intimidation to the page. One careless click on the page \u2013 and the victim feels trapped inside. Combine it with a sound alert repeating lines about the PC being locked and all the data being in danger \u2013 and you just got the handbook definition of fear mongering<\/strong>. That adds just another layer of fear, making the user even more malleable for further demands.<\/p>\n
So, in summary, things that scams ride on are fear of technologies, fear of being hacked, and low level of PC knowledge. One can’t help but notice the skillful application of social engineering \u2013 frauds really put effort into making it<\/strong>. It\u2019s a good thing they\u2019ve decided to put almost no effort in the rest of the elements of the scam.<\/p>\n
Mistakes and More Nonsense<\/h3>\n
Even having just a tiny bit of computer skills and knowledge puts the majority of contents of the scam website in question. First is the error code displayed on top of the \u201cmain\u201d banner \u2013 Ox800xdfy. Aside from the fact that this code does not exist \u2013 why would the unusual activity ever lead to an error code? And why does it start with \u201cO\u201d, the letter, instead of 0 (zero)?<\/p>\n
The deeper a tech savvy person gets into the site, the more questions will surface. It lists outdated apps as a problem \u2013 fair enough, but how could the website know the apps are out of date? Why won’t Microsoft just show a notification in the Settings app? Same story is about privacy settings to fix. And those were the only things that somewhat correspond to the \u201cvirus alert\u201d title.<\/p>\n
Other points of the banner say about \u201cbrowser cookies\u201d, \u201cspace to free up\u201d, \u201cslow startup apps\u201d and \u201cregistry entries\u201d. This, in turn, is not even remotely close to the claimed virus problems or unusual activity<\/strong>. And for any tech savvy person, each of these claims are just ridiculous, and look like a set of randomly picked names of system elements. Once again, fraudsters did not put a lot of effort into creating a trustworthy look for the scam page, sticking to buzzwords instead.<\/p>\n
Where did it appear from?<\/h2>\n
There are several ways for the Virus Alert (05261) scam to appear in the browser. All of them, however, hint at the unwanted activity that is happening in the system.<\/p>\n
First and the most widespread one is the redirection from a dodgy website<\/strong>. Pages with pirated games, programs or movies often have the redirect links injected into buttons on the website. Typically, site masters choose popular ones, like \u201cdownload\u201d or \u201cplay\u201d. The scam page will open shall the user click on the link (which they definitely will).<\/p>\n
Another reason is the pop-up ads from a different scam site. There is a whole category of browser infections<\/a> that parasite on push notification functionality of modern browsers. It is not hard for the user to get into one, and after that, they start receiving dozens of pop-up notifications. Clicking on one typically throws the person to a scam page, with the subject of this article being among them.<\/p>\n
Third, but still a highly possible occasion, is the malware activity. Akin to push ads that I\u2019ve just described, adware and browser hijackers can open random websites in the browser. As a result, the user gets exposed to a whole bunch of different scam pages. This is actually more dangerous than the other situations, as the actual malware may collect a lot of user information.<\/p>\n
How to protect against online scams?<\/h2>\n
Despite how different they are, it is rather easy to secure yourself<\/strong> against the majority of online scams<\/a>. One key rule is staying critical about what you see. If it is too good to be true (awards from Google for being a billionth user) or telling nonsense (like Virus Alert (05261)), they should not be taken for granted. Never call the number such websites say to call and never share your personal information with them \u2013 that will be enough to mimimize the potential damage.<\/p>\n
Aside from your own attention, a reliable anti-malware software will come in handy. GridinSoft Anti-Malware comes with a network protection system<\/strong> that will intercept and block the malicious website before it can do any harm. And it is effective against regular malware, too, so your device will have excellent protection from all malware injection vectors.<\/p>\n\"GridinSoft\n
Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.<\/p>\n
Download Anti-Malware<\/a><\/div>\n
After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click \"Advanced mode\" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.<\/p>\n\"Scan\n
Click \"Clean Now\" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.<\/p>\n\"Removal\n","protected":false},"excerpt":{"rendered":"
“Virus Alert (05261)” is a scam pop-up message you can see on a website that looks like a Microsoft page, but with a strange URL. It tries convincing people about their system being in trouble. As proof of it, they show a banner saying about outdated apps, incorrect privacy settings, and more critical problems. The […]<\/p>\n","protected":false},"author":7,"featured_media":26421,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[17],"tags":[348,1510],"class_list":{"0":"post-26414","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-labs","8":"tag-online-fraud","9":"tag-tech-support-scam"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2024\/08\/virus-alert-05261-scam-featured.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/26414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=26414"}],"version-history":[{"count":12,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/26414\/revisions"}],"predecessor-version":[{"id":26833,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/26414\/revisions\/26833"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/26421"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=26414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=26414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=26414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}