Topics Map > SCS Computing

How to Remove Fake Virus and Malware Warnings on Windows Browsers

This article explains how to handle fake virus scams that appear in your web browser. If you see one, do not click on anything. Use the Task Manager to force-close the browser, then clear its cache and remove any suspicious extensions or notification permissions.

1. Purpose

This article provides a guide for Windows users on how to identify and remove fake virus and malware warnings that appear within web browsers. These misleading alerts are a common tactic used by scammers to frighten users into taking unnecessary and potentially harmful actions.

2. What Are Fake Browser Warnings?

Fake virus and malware warnings are deceptive pop-up messages or full-page alerts that appear in your web browser (e.g, Google Chrome, Mozilla Firefox, Microsoft Edge). These warnings are designed to look like legitimate notifications from your operating system or a well-known antivirus company.

Common characteristics of these fake warnings include:

Urgent and alarming language (e.g. "Your computer is infected!", "Immediate action required!").
Logos of reputable tech companies like Microsoft or major antivirus vendors.
A phone number to call for "technical support."
Prompts to download and install "removal" software.
The inability to easily close the browser tab or window.
Loud noises or alarms.

These are a form of "scareware" created to trick you into paying for useless services, downloading actual malware, or providing scammers with remote access to your computer.

3. Immediate Actions to Take

If you encounter a fake virus warning, it is crucial to remain calm and follow these steps:

Do Not Click Anything: Avoid interacting with the pop-up in any way. Do not click on any buttons, links, or "X" to close the window within the alert itself.
Force-Close Your Browser: If you cannot close the browser tab or window normally, use the Task Manager to force-quit the browser application.
- Press Ctrl + Shift + Esc to open the Windows Task Manager.
- In the "Processes" tab, find your web browser (e.g, msedge.exe, chrome.exe, firefox.exe).
- Select the browser and click the "End task" button.
Do Not Call the Provided Phone Number: The phone number is a direct line to scammers who will attempt to extract payment or personal information from you.

4. Removing the Source of the Fake Warnings

After successfully closing the browser, you need to address the root cause to prevent the warnings from reappearing. This usually involves clearing Browse data, removing malicious extensions, reviewing notification permissions, and resetting your browser settings.

4.1. Clear Browse Data

Malicious code can be stored in your browser's cache. Clearing this data is an essential first step. When your browser re-opens after being force-closed, do not restore the previous session if prompted.

Google Chrome:
1. Open Chrome and go to Settings > Privacy and security > Clear Browse data.
2. Select "All time" for the time range.
3. Check the boxes for "Cookies and other site data" and "Cached images and files."
4. Click "Clear data."
Mozilla Firefox:
1. Open Firefox and go to Settings > Privacy & Security.
2. Scroll down to "Cookies and Site Data" and click "Clear Data...".
3. Ensure both "Cookies and Site Data" and "Cached Web Content" are checked, then click "Clear."
Microsoft Edge:
1. Open Edge and go to Settings > Privacy, search, and services.
2. Under "Clear Browse data," click "Choose what to clear."
3. Select "All time" from the time range dropdown.
4. Check "Cookies and other site data" and "Cached images and files."
5. Click "Clear now."

4.2. Remove Suspicious Browser Extensions

Unwanted browser extensions are a common source of fake warnings. Review your installed extensions and remove any you don't recognize or that seem suspicious.

Google Chrome:
1. Go to Settings > Extensions.
2. For any suspicious extension, click "Remove."
Mozilla Firefox:
1. Go to Settings > Add-ons and Themes.
2. Select "Extensions" and for any unfamiliar add-on, click the three-dot menu and choose "Remove."
Microsoft Edge:
1. Go to Settings > Extensions.
2. For any suspicious extension, click "Remove."

4.3. Review Notification Permissions

Sometimes, websites trick you into allowing notifications, which then appear as system alerts. You should remove any unknown or suspicious URLs from this list.

Google Chrome:
1. Go to Settings > Privacy and security > Site Settings > Notifications.
2. Under the "Allowed to send notifications" section, look for any websites you do not recognize.
3. Click the three-dot menu next to the suspicious site and select "Remove" or "Block."
Mozilla Firefox:
1. Go to Settings > Privacy & Security.
2. Scroll to the "Permissions" section and click the "Settings..." button next to "Notifications."
3. In the list of websites, select any you do not recognize and click "Remove Website."
4. Click "Save Changes."
Microsoft Edge:
1. Go to Settings > Cookies and site permissions > Notifications.
2. Under the "Allow" section, look for any websites you do not recognize.
3. Click the three-dot menu next to the suspicious site and select "Remove" or "Block."

4.4. Reset Browser Settings

If the issue persists, resetting your browser to its default settings can be an effective solution. This will disable all extensions, clear temporary data, and reset your homepage and search engine. Note: Your bookmarks and saved passwords will typically not be cleared.

Google Chrome:
1. Go to Settings > Reset settings.
2. Click "Restore settings to their original defaults" and confirm.
Mozilla Firefox:
1. Go to Help > More troubleshooting information.
2. Click "Refresh Firefox..." and confirm.
Microsoft Edge:
1. Go to Settings > Reset settings.
2. Click "Restore settings to their default values" and confirm.

5. Scan for Malware with Falcon CrowdStrike

The University uses Falcon CrowdStrike to protect all endpoint devices. While CrowdStrike provides continuous real-time protection, follow these steps if you suspect an issue after cleaning your browser.

If your device allows you to initiate a manual scan with the CrowdStrike sensor, you can do so. Please be aware that this action, as well as any automatic detection, will send an alert to the IT Department via the CrowdStrike console.
Whether you run a scan or not, and especially if any threats are detected, you must contact the IT Department immediately to report the incident.
Do not assume any detection is a false positive. Always allow the IT Department to investigate and confirm the status of any security alert.

6. How to Prevent Future Fake Warnings

Keep Your Browser and OS Updated: Regularly install updates for your browser and Windows operating system to benefit from the latest security patches and enhancements.
Use a Pop-up Blocker: Most modern browsers have built-in pop-up blockers. Ensure this feature is enabled.
Be Cautious of Unfamiliar Websites: Avoid visiting websites known for illegal content or with a poor reputation, as they are more likely to host malicious ads.
Do Not Click on Suspicious Links: Be wary of links in unsolicited emails or on social media that promise something that seems too good to be true.
Install Reputable Ad-Blocking Extensions: Consider using a well-regarded ad-blocking extension to reduce the number of ads you encounter.
Notification Permissions: Ensure you understand which service, website, or application you're granting notification permissions to. Those permissions will stay in place until they are removed.

Keywords:

windows os virus warning popup adware malware urgent scary microsoft alert tech support download browser scan remove lock hijack desktop infected

Doc ID:

151721

Owned by:

Francis M. in School of Chemical Sciences
UIUC

Created:

2025-06-13

Updated:

2025-06-13

Sites:

University of Illinois School of Chemical Sciences

0 0 Comment Suggest new doc Subscribe to changes