Windows Update Impersonator

I think I was targeted by a new type of malware - I was suspicious and did NOT click to Accept - I want to report this and get other tech support people's opinions. If it really is a sneaky problem, it is likely to infect a lot of users. I have searched and did not find any mention of a similar issue.

The screen-bottom activity bar popup today (4/15/2026) on my daily driver looked like a legitimate Microsoft "speech bubble" one about a Windows Update available. I haven't had one of those in a while; this computer of mine is Win7-32 because it runs specialized FoxPro 2.6 for DOS software that can't be updated to a newer O/S as easily as Microsoft claims. (Years ago, I did buy the Visual FoxPro update and try, no luck.)

So I clicked to get more info about the Windows Update. "Windows Malicious Software Removal Tool", which seemed fine. But then it wanted me to click to approve an Agreement. The "Agreement" includes "Before execution of the software, the software will check for and remove certain malicious software (“Malware”) from your device, which is listed and periodically updated by family at www.support.microsoft.com/?kbid=890830. " "updated by family"?? That doesn't look right. ...and both links in the Agreement are bad:

www.support.microsoft.com/?kbid=890830 gives "Hmm. We’re having trouble finding that site. We can’t connect to the server at www.support.microsoft.com."

The Agreement also says, "For more information, read the Windows Malicious Software Removal Tool privacy statement at http://go.microsoft.com/fwlink/?linkid=113995." That link gives "We are sorry, the page you requested cannot be found. The URL may be misspelled or the page you're looking for is no longer available."

This is highly unusual for an actual Microsoft Windows Update. I am suspicious. A fellow tech told me that there are now NO updates for any Windows before Win10, and that I should refuse any such offers. The use of the "Windows Updates available" taskbar message bubble for a scam is new to me, so I am strongly motivated to report the incident and hope to see information from other techs.

 

#1 the domain support.microsoft.com doesn't exist.
#2 It has the http not https which a legit MS url willl always have. The "s" in HTTPS stands for Secure, indicating that the website uses an encrypted connection via SSL or TLS protocols. It scrambles data between your browser and the server, protecting personal information like passwords and credit card numbers from hackers. Without it (HTTP), information is sent in plain text, making it vulnerable to interception

Yes you should refuse any offers.

I agree with @plodr get checked.

 

MalwareBytes was created by a child prodigy. It is the best tool against malware I have ever encountered. JMHO.

 

I'm on Win 7 and have had NO popup bubbles like you described (knock on microchips.. LOL). I have to manually update MS Security Essentials and I download the virus definition database update file from here on MG. I wish it was still automatically updated but al-lass at least I can still update it even if manually only.

I also agree you should check out your system for infections.

 

Don't know. Even when I click the "update" button within MSE it searches and then fails. Wondering IF need a updated KB so MSE/Windows is directed to the correct/new/recent Windows/M$ update server?

 

Thanks for the reply. Below is the info for the MSE installed on one of the Win 7 systems where MSE won't auto update. This Win 7 system is Home Premium 64 Bit SP 1.

Before most recent manual update (Last manual update was April 16th 2026):

Antimalware Client Version: 4.10.209.0
Engine Version: 1.1.26030.3008
Antivirus definition: 1.449.142.0
Antispyware definition: 1.449.142.0
Network Inspection System Engine Version: 2.1.14600.4
Network Inspection System Definition Version: 119.0.0.0


After manual update of definitions downloaded from MG today (4-25-2026):

Antimalware Client Version: 4.10.209.0
Engine Version: 1.1.26030.3008
Antivirus definition: 1.449.301.0
Antispyware definition: 1.449.301.0
Network Inspection System Engine Version: 2.1.14600.4
Network Inspection System Definition Version: 119.0.0.0

 

That is interesting. I wonder why?

I don't know IF it makes any difference that this Win 7 is an OEM install. Also don't know IF it makes any diff that this computer had a paid Norton subscription installed up till maybe mid 2024 and I just recently uninstalled it. Though MSE had no problems auto updating up till I think 2024 and before. Just to be clear I had to manually update even well before uninstalling Norton.


Don't know IF this additional info might help. When I click the down arrow to the right of the "Help" button/box (top right corner of MSE open window) and select the "Check for software updates" in the pull down window/box it opens a tab in my browser to the below address with the following error message under it.

https://fe2.update.microsoft.com/microsoftupdate/

"Secure Connection Failed

An error occurred during a connection to fe2.update.microsoft.com. SSL received a malformed Server Hello handshake message. (Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem."

With a blue button to "Try Again".

(Of course when I click on the "Help" button it opens a internet browser tab/window with the "end of support" for 7, 8, 10 bla bla bla message and info to downgrade to 11.)

Today when I go to the "Update" tab in MSE and click the "Update definitions" button the "Searching" progress bar opens and and as it gets to about the 1/3 point the progress greatly slows, then stops. But I can understand this as I just manually updated it last night & I wouldn't always expect a newer update that close to a just installed new update.