Malvertising attack on Microsoft Games

The have been a number of reports of fake virus warnings when using Microsoft Games (and possibly other apps) as shown in screenshot below>>>

As reported in German MC there may be other fake offers for prize redemption.

Currently, there is an increase in the number of malicious banner ads that open fraudulent web pages in the standard browser when starting or using apps on Windows 10. These websites either promise winnings in a competition or threaten to infect your PC with viruses. Both are nonsense. 

It's not local malicious software on the PC! As a result, it is not necessary to install any tools to scan or to install the system at all.

As long as you just close the window without confirming any questions to start scans or to pick up winnings, the thing is without consequence. The apps include advertising banners on external networks. About this, also repeated fraudulent banner apparently delivered in addition to normal advertising. Apparently, the operators of these ad networks have their deliveries still not under control. Such things appear every now and then in the Web browser. There, they can at least block through the use of an adblockers.

The relevant Web pages should be reported via the browser as fraud page. Some of them are currently already by the Windows SmartScreen filter considered malignant. To solve the problem on the server side, the corresponding apps should not be used simply.

Who has the ability to block advertising on DNS level, E.g. via a central adblocker on your network such as a Pihole, you should block these sites:



Currently Windows Defender SmartScreen is not recognizing all of these and therefore not blocking.

The fake virus warnings eventually direct to a download page for Reimage Repair which is classified by Microsoft as potentially unwanted application (PUA) but not detected as malware by Windows Defender at this time. A scan of the downloaded file at VirusTotal indicates nine different antivirus/antimalware programs detect it as malware and some may block the download or even the landing page for the download.

When the fake virus screen appears simply close the page (or tab). If page will not close open Task Manager (Ctrl + Shift + Esc) and kill the browser process (End Task)) As a precaution clear your browser cache and temporary internet files.

For Windows 10 users, more information may be available at Feedback Hub (Windows key + F).

FYI: Through some testing I found Malwarebytes Browser Extension -BETA blocked redirection to malicious sites.

Recent Articles which may provide further updates an Microsoft response:

Windows 10 Apps Serving Malicious Ads Warning of Virus Infections

Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop

17/07/2019 Group Behind Windows 10 App Malvertising Pushed 100M Ads in 2019


Edit:  Removed some content and update.

Thank you for that info.

At last!

An answer that makes sense.

Thank you!

I think it's a good idea to remind everyone of some basic security/privacy etc precautions.

Suggest reading:


How to tighten security and increase privacy on your browser - Malwarebytes Labs | Malwarebytes Labs 


Answers to common security questions - Best Practices

  • includes Resources to protect your browser, privacy & help prevent browser pop-up ads and scams

Discussion Info

Last updated October 22, 2020 Views 2,204 Applies to: