Windows Update Impersonator

I think I was targeted by a new type of malware - I was suspicious and did NOT click to Accept - I want to report this and get other tech support people's opinions. If it really is a sneaky problem, it is likely to infect a lot of users. I have searched and did not find any mention of a similar issue.

The screen-bottom activity bar popup today (4/15/2026) on my daily driver looked like a legitimate Microsoft "speech bubble" one about a Windows Update available. I haven't had one of those in a while; this computer of mine is Win7-32 because it runs specialized FoxPro 2.6 for DOS software that can't be updated to a newer O/S as easily as Microsoft claims. (Years ago, I did buy the Visual FoxPro update and try, no luck.)

So I clicked to get more info about the Windows Update. "Windows Malicious Software Removal Tool", which seemed fine. But then it wanted me to click to approve an Agreement. The "Agreement" includes "Before execution of the software, the software will check for and remove certain malicious software (“Malware”) from your device, which is listed and periodically updated by family at www.support.microsoft.com/?kbid=890830. " "updated by family"?? That doesn't look right. ...and both links in the Agreement are bad:

www.support.microsoft.com/?kbid=890830 gives "Hmm. We’re having trouble finding that site. We can’t connect to the server at www.support.microsoft.com."

The Agreement also says, "For more information, read the Windows Malicious Software Removal Tool privacy statement at http://go.microsoft.com/fwlink/?linkid=113995." That link gives "We are sorry, the page you requested cannot be found. The URL may be misspelled or the page you're looking for is no longer available."

This is highly unusual for an actual Microsoft Windows Update. I am suspicious. A fellow tech told me that there are now NO updates for any Windows before Win10, and that I should refuse any such offers. The use of the "Windows Updates available" taskbar message bubble for a scam is new to me, so I am strongly motivated to report the incident and hope to see information from other techs.

 

#1 the domain support.microsoft.com doesn't exist.
#2 It has the http not https which a legit MS url willl always have. The "s" in HTTPS stands for Secure, indicating that the website uses an encrypted connection via SSL or TLS protocols. It scrambles data between your browser and the server, protecting personal information like passwords and credit card numbers from hackers. Without it (HTTP), information is sent in plain text, making it vulnerable to interception

Yes you should refuse any offers.

I agree with @plodr get checked.

 

MalwareBytes was created by a child prodigy. It is the best tool against malware I have ever encountered. JMHO.