What are “Re captha version” pop-up virus?

Re captha version virus is a browser notification spam campaign that takes place on an eponymous website. An entire network of such sites has similar names and content. All of them aim at one thing – forcing users to allow notifications, under the guise of anti-robot captcha. This makes possible the main course of this scam – huge numbers of pop-ups that flood both the web browser and system notifications.

List of domains involved in the scam

Websites like “Re captha version” commonly appear after the redirection from another site, or following the click on the suspicious banner somewhere on the Web. If you’d try visiting such websites apart from the malicious redirections, they will likely return a white screen or various error messages. In some cases, they work, but the content is the same as the first time – just the offer to enable pop-up notifications.

But what for all this is running? Promotions that such websites show are extremely cheap, but their volume multiplied by the number of victims gives quite a substantial profit. Considering that these frauds will advertise other malicious actors, the profit may be smeared through several cybercriminal groups. And while there are ways to earn more, and in a legitimate way, pop-up spam campaigns are extremely easy to run. This is what causes these fraudulent sites to keep going.

GridinSoft Anti-Malware offers an advanced network protection feature that is capable of filtering the pop-up scam sites. We start tracking them at the very moment of their appearance, meaning they will not be able to harm you at all. Get your security boosted Gridinsoft.

How dangerous is pop-up notifications spam?

Despite what they look like, pop-ups are a rather dangerous thing, especially when dozens of them appear in a short period. The main effect is distraction: pop-ups will keep appearing even after closing the browser. They clutter the notification tray, making it impossible to find the alerts you need.

But the key danger hides in the content of those promotions. Pages and offers they promote are not even remotely relevant. Moreover, the links these advertisements lead to are often just clickbait websites or outright phishing pages. The longer all this happens, the more likely for the user to accidentally click one and get into a sticky situation.

How to remove Re captha version ads?

Removing pop-ups from the browser involves two steps – disallowing sending notifications to all sites and scanning your system for threats. The first one is manual – you need to go to your browser settings, open the page with notification settings and delete all entries there. Then, reload your browser for the changes to take effect.

Disabling browser pop-ups (scroll images)

For the second step – scanning for threats – I recommend using GridinSoft Anti-Malware. As I said, ads can lead to the installation of unwanted software. But aside from this, the appearance of Re captha version website may be the sign of adware activity. To ensure that your device is clean, run a Standard scan and let it finish – it won’t take long.

The post Re Captha Version Pop-Ups Virus appeared first on Gridinsoft Blog.

What is PUABundler:Win32/FusionCore?

PUABundler:Win32/FusionCore is the detection name for a tool used for bundling additional applications with the main one. Initially, it was used to make the monetization of free software easier. But, nowadays it is mostly used for spreading unwanted software like adware, browser plug-ins, and pseudo-effective apps.

If you see the detection of PUABundler:Win32/FusionCore, it means that a software installer you’ve downloaded is infused with this bundler. Although it is not highly dangerous, having it running in the system is not desirable, and can end up with malware injection. Because of this, and also due to the hidden information about such installation methods, software bundling is considered an unwanted practice.

Is PUABundler:Win32/Fusioncore a false detection?

There is always a possibility for an antivirus detection to be false. Win32/Fusion core is not an exclusion, and it is particularly known to pop up on Android emulators. A particular apps users complain to have problems with is Nox APP Player.

It is not clear whether the app is 100% trustworthy or not. Some users suppose that this detection is due to the way the emulator displays ads. However, the detection itself is related to the operational file, i.e. there can barely be any code corresponding to the FusionCore description.

Win32/FusionCore Threat Analysis

The Win32/FusionCore operates in a unique way as it does not cause direct harm to the system. When executed, it installs additional software without the user’s consent, leading to unwanted changes in system settings or behavior. The symptoms of PUABundler:Win32/FusionCore infection I’ve encountered during the research include:

• A significant increase in the number of pop-ups and banners that appear when browsing the Internet. These ads began appearing on websites where they were previously absent, disrupting the experience. Such a change is typical for adware activity.

• Unwanted software brought by Win32/FusionCore has permanently changed the browser homepage and default search engine settings. We found that the browser now opens to a different homepage or that search queries are redirected through unfamiliar search engines.
• The system’s performance and Internet connection bandwidth become noticeably worse due to the large number of junk apps running on it. This is to be expected on a test system that I set up to correspond a weak computer build.
• Win32/FusionCore itself made unauthorized changes to system settings. In particular, it modified the Windows registry and changed security settings.

How to Remove PUABundler:Win32/FusionCore?

Removing PUABundler:Win32/FusionCore from an infected system requires a comprehensive approach. Here are the steps to effectively remove Bundler FusionCore:

1. Run a full system scan with a reliable antivirus software. We highly recommend Gridinsoft Anti-Malware. It can easily detect and remove PUABundler:Win32/FusionCore and related threats.
2. Reset your browser settings. You can either do this manually through your browser settings or use GridinSoft Anti-Malware to do it for you. With the program, you can reset all your web browsers in just a few clicks, saving you a significant amount of time.
3. It is important to use caution when downloading and installing programs from the Internet to prevent further infection. Always choose official or trusted sources and avoid unreliable or suspicious sites. In addition, choose selective or advanced installation mode whenever possible and avoid any additional or recommended components that could potentially contain PUPs.

The post PUABundler:Win32/FusionCore appeared first on Gridinsoft Blog.

What is the Windows Defender security warning?

Windows Defender security warning is the result of scareware or phishing scam. Its task is to redirect you to a page that looks visually like the official Microsoft website. However, its URL does not correspond to the original. The page can display a message saying that your computer is infected with malware and that you need to contact a support agent by phone to fix the problem.

Unfortunately, the notification looks like a legitimate Windows message, and that’s why it’s so dangerous – many users may not even try to prove it in Google. A common tactic of scammers is to make the pop-up as convincing as possible so that people don’t suspect anything wrong. Either way, the phone number will likely direct you to a fraudulent call center. The agent will either try to get you to install malware to infect your computer, steal your personal information, or demand money for fake services.

Why is the Windows Defender security warning false?

At first glance, you might mistake this as a warning from Windows Defender. However, if you use Windows Defender, you know it differs from genuine notification. Therefore, please don’t call the phone number in the window because it is not a real alert. Why?

• It’s not the Windows Defender interface. Instead, Windows Defender, also known as Windows Security, is a built-in Windows application with a different interface. It will never show you a browser pop-up or page. It prefers system pop-ups instead.
• Strange text and typos. A banner or page that shows you a Microsoft Defender alert commonly contains strange text design and grammatical and stylistic errors. It sharply contrasts with short and informative Defender notifications.
• Microsoft never leaves contact numbers for users. Instead, users can contact Microsoft support using the “Get Help” application if they encounter problems.

This Windows Defender security alert is flawed in both format and content. It’s often a low-level phishing scam that aims to sell said rogue antivirus service, which, in turn, can harm your computer. Although in some cases, you will not be able to close the alert or switch to other applications.

Causes of the Windows Defender security warning

There are several reasons why you see a Windows Defender security warning. Here are the most obvious ones:

• You clicked on an ad that redirected you to a fake site.
• You visited a hacked website that redirected you to a fraudulent page.
• The presence of a malicious program installed on your device. Most often, this thing is an effect of adware activity.

There are also many other ways you could be exposed to fraud, depending on various things, such as the external devices you share with someone. Simply closing the window may not solve the problem, especially when adware is guilty of this. The pop-up message may appear every time you open your browser.

How to remove Windows Defender security warning

Since Windows Defender security warning appears in your browser, most of the actions you must take to get rid of it are related to your browser. These actions can solve the problem of Windows Defender security warning pop-ups.

• Forcibly close and reopen your browser.
• If the problem with redirecting to a fraudulent page persists, reset your browser (more instructions below) or reinstall the browser completely.
• If this is still happening, you may have adware or some PUP (potentially unwanted program) installed on your computer, and you need to remove it.

Suppose you do not know which of the installed applications is causing the pop-up notifications. Then, you can install antivirus software to detect the infection’s source and remove it from your computer.

How to clear the browser from the Windows Defender security warning

Resetting your browser settings is one of the first things you should do to eliminate the Windows Defender security warning scam. The following instructions tell you how to do this in different browsers:

Remove the Windows Defender pop-up from Chrome

1. Click on the three vertical … in the top right corner and Select Settings.

2. Select Reset and Clean up and Restore settings to their originals defaults.

3. Click Reset settings.

Remove the Windows Defender pop-up from Firefox

1. Click the three-line icon in the upper right corner and select Help

2. Select More Troubleshooting Information

3. Select Refresh Firefox… then Refresh Firefox

Remove the Windows Defender pop-up from Microsoft Edge

1. Press the three dots

2. Select Settings

3. Click Reset Settings, then Click Restore settings to their default vaues.

Remove the Windows Defender pop-up from Safari

1. Open the terminal (press ⌘ Command + Spacebar to open the spotlight, type “terminal” and press “Enter”)
Open the terminal in Safari

2. Enter these commands one at a time. Execute each command by pressing “Enter” after copying it into the terminal:


rm -Rf ~/Library/Caches/Metadata/Safari;
rm -Rf ~/Library/Caches/com.apple.Safari;
rm -Rf ~/Library/Caches/com.apple.WebKit.PluginProcess;
rm -Rf ~/Library/Preferences/Apple\ -\ Safari\ -\ Safari\ Extensions\ Gallery
rm -Rf ~/Library/Preferences/com.apple.Safari.LSSharedFileList.plist;
rm -Rf ~/Library/Preferences/com.apple.Safari.RSS.plist;
rm -Rf ~/Library/Preferences/com.apple.Safari.plist;
rm -Rf ~/Library/Preferences/com.apple.WebFoundation.plist;
rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginHost.plist;
rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginProcess.plist;
rm -Rf ~/Library/PubSub/Database;
rm -Rf ~/Library/Safari/*;
rm -Rf ~/Library/Safari/Bookmarks.plist;
rm -Rf ~/Library/Saved\ Application\ State/com.apple.Safari.savedState;


What to do if the problem persists?

If you have done all the above steps and still see this warning every time you use a web browser, it is a clear sign that malware is still on your computer. You can use professional antimalware software such as GridinSoft Anti-Malware to scan your computer and remove viruses and malware found. After taking such drastic measures, Anti-Malware will remove and disarm much more dangerous cyber threats that could cause severe damage to your files.

How to avoid scams like Windows Defender Security Warning

As mentioned earlier, the Windows Defender security warning scam is not the only threat you may encounter on your computer. There is much more severe malware on the Internet, and you, as a prudent user, should take every precaution to avoid them. Here are the basic ones:

• Ensure your OS and apps are up to date
• Only download apps from official websites
• Please don’t click on random links without knowing where they will take you
• Don’t download suspect apps
• Do not open attachments in suspicious emails or attachments
• Use an ad blocker to block malicious ads
• Use an advanced antivirus solution

Your computer should now be clean and free of Windows Defender scams. To prevent this from happening again, follow online hygiene to protect yourself from fraud. Perform frequent scans and use malware protection to stop it before it happens.

The post How to Remove Windows Defender Security Warning Scam appeared first on Gridinsoft Blog.

What are McAfee Popups? Is It McAfee Scam?

McAfee popup notifications can be divided into two types: legitimate ones, which are sent by a browser extension, and fake ones, which are sent by adware installed on the system. But how to stop McAfee pop-ups on Chrome? Suppose you have deliberately installed a McAfee browser extension. In that case, it is expected that you will see popup notifications from it. On the other hand, if you have no McAfee installed as the app or the browser extension in Chrome, these are probably fake McAfee popups. Next, we’ll figure out how to disable McAfee popups in Chrome and solve the problem of fake notifications.

How to Stop McAfee Popups on Chrome?

You can use Incognito mode in Chrome, temporarily removing the pop-up notifications from McAfee. However, if you need to block them completely, you can do so in Chrome’s notification settings. Alternatively, you can restore Chrome’s default settings. However, if you need to keep all your saved data and browser settings, you can use one of the following methods to understand how to get rid of McAfee popups on your computer.

Deny notifications from McAfee

How to get rid of McAfee popups on the computer? You can block push notifications from any site in Chrome, including the McAfee site. This is the most straightforward action you can take to hide all McAfee pop-up notifications.

Click the three vertical dots, then “Settings“.

Click Privacy & Security > Site Settings.

Select the “Notifications” option.

Select “Don’t allow to send notifications”.

Click the “Add” button next to the “Not Allowed to Send Notifications” section.

In the “Add Site” window, add the website URL for what you want to stop receiving notifications and click “Add“. In this case, it is a McAfee site.
Alternatively, click the Extra Actions button (three vertical dots) next to the specific site and click Remove.

Remove the McAfee Chrome extension

If you don’t know how to block the McAfee pop-up virus, continue reading this article. When the first method didn’t work, and you still get the McAfee popup notification when you open Chrome, chances are that your system is infected with adware. However, to be sure, you can uninstall the McAfee Chrome extension. If necessary, you can always reinstall it later from the Chrome Web Store.

Launch the Chrome app.
Click the three dots in the top right corner.

Then select More Tools > Extensions.

Turn off the McAfee Extensions button.

Restart the Chrome app and make sure it’s not running.
Or, click the “Remove” button on the McAfee extension to remove it from Chrome.

How to Stop Fake McAfee Pop-Ups on Chrome?

The adware can sometimes send disguised as legitimate notifications. In this case, the notification will look like McAfee but is a fake malicious popup. Thus, attackers send out these notifications hoping that someone will click on them and then go to a phishing page. These notifications can appear as a separate page in the web browser, a popup notification on the site, or a system notification. But how to stop McAfee Popups? All this is done solely by luring the victim to a phishing site with ads that scammers profit from watching (pay-per-view).

Suppose you get these notifications without even opening Chrome and don’t have McAfee installed on your computer. In that case, it’s probably a virus or adware. For example, you might see the message “Virus detected” or “Your McAfee has expired.” You can also identify McAfee scams by looking at their URLs. The URL of a fake notification will be different from the official McAfee website. If you click on such a notification, it redirects you to a completely different site.

As a last resort, you can install the ad-blocking extension from the Chrome Web Store to block fake McAfee ads and other malicious ads. However, read the feedback from users who have downloaded the extension. If none of the methods helped you, you should install proven antivirus software and scan your system. We recommend GridinSoft Anti-malware because, unlike counterparts, it does not inundate the user with notifications but contains all the necessary protection, including Internet protection. However, the main advantage of GridinSoft Anti-malware is that it does not load the system, which is critical for users with not very powerful PCs.

The post How to Stop McAfee Popups on Chrome: Tips, Recommendation appeared first on Gridinsoft Blog.

Windows Security Tips

1. Update Your Software Regularly

Updating Windows and every piece of software on your computer is crucial to preventing hackers from accessing them. Creating updates for software is a way to keep hackers from accessingprivate information. However, making these updates requires developers to look for code bugs and incompatibilities. As a result, larger pieces of software are more likely to contain vulnerabilities that hackers can find.

The developers create new versions of the update for the PC each time the attackers find new loopholes and methods to hack. Unfortunately, many users use outdated software versions so that hackers can exploit the same vulnerabilities.

2. Turn on your firewall

Windows Firewall is a network security system built into recent versions of Windows operating systems, including Windows 10. That is a sophisticated tool to protect internal networks from threats from external sources such as intruders or malware. It can look at both hardware and software. The firewall works by tracking incoming and outgoing traffic. Thus, the program allows or blocks passing data packets according to security rules. It should be noted that a firewall is a barrier between the user network and incoming traffic.

3. Use Device Encryption or Bitlocker to Protect Your Hard Drive

A computer-generated complicated cipher is used to encode data through encryption. Without the correct password, encrypted data appears as a mess of random characters. Windows Device Encryption is included in many Windows 10 Home machines. This function can encrypt files and folders on command and create disk partitions to store encrypted bulk data. With this feature, users have a better chance of maintaining the integrity of their files and documents. In addition, because someone with a password can decipher them in this way, unauthorized users will not be able to access any of the encrypted information. The downside of this Windows security method is that disk encryption utilities may cause performance issues on weak systems, or systems equipped with HDD.

4. Use a Secure Password Manager with Two-Factor Authentication (2FA)

User accounts are easier to hack if you need an easy password to log in. Therefore, it is necessary to create a password with a complex combination of letters and characters for more excellent protection. However, the problem is that users can’t always memorize all complex passwords. In this case, it is better to use password managers that save, automatically fill and generate your passwords. In addition, most password managers support two-factor authentication. Finally, the last protection method requires an additional confirmation form when logging into an account. It could be many things, like fingerprints, cell phone confirmation codes, or facial scans.

5. Enhance Your Windows Security by Uninstalling Flash Player ASAP

Adobe Flash Player was the most popular internet media player. However, it was also the favorite tool of hackers and cybercriminals, since it was very easy to exploit. Because of this, Flash required weekly security updates to patch vulnerabilities hackers had discovered. Consequently, many hackers would trick users into installing malicious programs by posing as legitimate Flash updates.

Adobe announced in 2019 that they would be phasing out Flash entirely in 2020. Since then, HTML5 has replaced Flash as a web browser plugin. Because of this, there is no reason to keep Flash on your computer; it provides hackers with an easy entry into your system. However, uninstalling Flash on Windows computers is easy. You can remove it using Adobe’s uninstaller app on their website.

6. Keep Your Browsing Private with a VPN, Especially on Public WiFi

A VPN provides anonymity and privacy by creating a private network from a public Internet connection. This security method masks your protocol address and makes your online activity almost impossible to track. Moreover, a VPN sets encrypted and secure connections than a secure WiFi hotspot. A virtual private network creates a tunnel type that helps hide your activity on the network. This way, you can connect to websites that are banned in your region and not be seen.

7. Avoid Dangerous Pop-Ups

Annoying pop-up windows bore the user, wasting their time and slowing down the PC’s work, but they can also infect the device with malicious software. These pop-up banners do not harm anything; their damage is activated only by clicking on them. Therefore, users must be careful what to switch to and click on. To avoid this, use an ad blocker, or try not to visit the sites that post dubious pop-ups. If ad blockers are ineffective, you likely have malware that shows these things to you. Scan your device with anti-malware software to get rid of the intruder.

8. Enable or install antivirus protection tools

Antivirus software will be your next level of protection against malware. For example, GridinSoft Anti-Malware can remove all malware from your computer. In addition, it scans the system for viruses, spyware, and adware and prevents rootkits or backdoors from invading your PC.

This antivirus protection can function without conflict with other antivirus programs as additional protection. GridinSoft Anti-Malware can free the user’s browser from third-party control and return it to its working state.

The post How to Keep Your Windows 10 Computer Secure in 2023 appeared first on Gridinsoft Blog.