A red virus warning does not always mean the PC is infected. In Windows 11, the most common explanations are browser notifications from a website, a fake support page, an ad-heavy antivirus trial or a real unwanted program.
Before you pay, call a number or install anything, find out where the warning comes from. Real Windows detections can be checked in Windows Security. Warnings from the browser, a website or an unknown support number should be treated as suspicious.
1. Stop first if money, banking or remote access is involved
Do not call the number in the warning, do not pay by card, cryptocurrency or gift cards, and do not give anyone remote access through AnyDesk, TeamViewer, Quick Assist or similar tools. Microsoft says real Microsoft errors and warnings never include phone numbers.
If someone already had remote access, disconnect the internet immediately. Use another safe device to change passwords for email, Microsoft account, banking, social media and other important accounts. Contact the bank if you paid, shared card details or logged into online banking while someone was watching.
Also look for remote access tools such as AnyDesk, TeamViewer, Supremo, UltraViewer, Chrome Remote Desktop or unknown "support" apps under Settings > Apps > Installed apps. Uninstall anything you were told to install, but take a photo of the app names first if the case involves fraud, banking or insurance. Do not trust a quick scan alone if the scammer had access for a long time or asked you to sign in to banking or email.
Take a photo of the warning, phone number, payment demand, receipts and the name of any remote access program before closing everything. Do not use online banking, BankID, email or a password manager on the same PC until it has been checked. Microsoft also recommends uninstalling apps the scammer asked you to install, running a full scan, updating Windows and reporting the support scam through Microsoft's reporting page.
2. Identify what kind of warning it is
Real Windows detections normally appear in Windows Security and can be checked under Start > Windows Security > Virus & threat protection > Protection history. A small notification in the lower right corner with a website name is often a browser permission. A large red page with a phone number, countdown, sound or full-screen lock is usually a support scam.
If all documents suddenly have new file names, no longer open, or you see a ransom note, treat it as possible ransomware. Do not install cleanup tools, reset the PC or copy new files to the same drive before the data has been assessed.
For possible ransomware: disconnect the network, unplug external drives and do not connect the backup drive just to "check". Take a photo of the ransom note and write down the time. If the files matter, stop here and bring the PC to EasyPC for a free diagnosis before doing anything that can overwrite traces or backups.
3. Remove fake browser notifications
Website notifications can appear even when Edge is closed. In Microsoft Edge, go to Settings and more > Settings > Privacy, search, and services > Site permissions > All sites. Choose the website sending the alerts, find Notifications and set it to Block.
If the alert comes from another browser, look for Site settings, Privacy and security or Notifications in that browser. Remove or block unknown sites that are allowed to send notifications. This does not delete files from the PC; it only stops the website from pushing alerts.
If you use several browser profiles, both Edge and Chrome, or browser sync, check every profile. Notifications and extensions can live in one profile even if you cleaned another. If the alert returns after restart, look for an unknown extension or installed app that is adding the permission again.
4. Close a fake full-screen warning without clicking it
Press Esc or F11 if the browser is locked in full-screen mode. Then try Ctrl + W to close the tab or Alt + F4 to close the window. If popups keep returning, open Task Manager with Ctrl + Shift + Esc, select the browser and choose End task.
When the browser opens again, do not restore all tabs if it asks. Start with a new tab, then review notification permissions and extensions before normal browsing.
5. Run a Windows 11 security scan
Open Start > Windows Security > Virus & threat protection. Run Quick scan first. Then open Scan options and run Full scan if the machine has behaved strangely, opened ads by itself, or someone installed programs on it.
If Windows Security finds something, read Protection history before clicking randomly. Remove or quarantine threats Windows recommends removing. If the PC still opens fake alerts, or the scan does not finish, Microsoft Defender Antivirus (offline scan) may be useful. It restarts the PC and scans before normal Windows loads.
Start the offline scan from Windows Security > Virus & threat protection > Scan options > Microsoft Defender Antivirus (offline scan) > Scan now. Save open files first because the PC restarts. Afterwards, find the result in Windows Security > Virus & threat protection > Protection history.
If you need an extra check, Microsoft Safety Scanner can be downloaded from Microsoft and run manually. It does not replace normal antivirus or real-time protection, and Microsoft says it expires 10 days after download. Download a fresh copy right before using it.
6. Uninstall unwanted apps and extensions
Go to Settings > Apps > Installed apps. Sort by install date and look for unknown antivirus, PC cleaner, driver updater, coupon apps, remote access tools and software you were told to install. Select the three dots next to the app and choose Uninstall.
Also check browser extensions. In Edge, open Extensions > Manage extensions. Remove unknown extensions, especially anything that changes search engine, start page, ads or "protects" you with scary warnings. Restart the browser afterwards.
7. Update Windows, browser and passwords
Go to Settings > Windows Update and install normal security updates. Update the browser, and use only software from official websites or Microsoft Store. If you typed passwords while the PC was suspicious, change them from another safe device and enable two-factor authentication where possible.
After cleanup, you can review Windows Security > Virus & threat protection > Ransomware protection and Controlled folder access. It can protect common folders from unknown apps, but should be configured calmly. Do not add random exclusions in Windows Security just to make a program work; Microsoft warns that exclusions mean Defender no longer checks those files or processes for threats.
Do not do a full reset or reinstall before files are secured. Microsoft describes reset and reinstall as recovery methods that can remove apps, settings and in some cases files. With suspected malware, reinstalling can be the right choice, but backup, BitLocker key and data risk should be assessed first.
When should EasyPC check the machine?
Bring the PC in for a free diagnosis if you gave remote access, paid a "support" actor, see encrypted files, cannot stop ad notifications, Windows Security cannot complete a scan, or you are unsure whether banking, email or passwords may be affected. We can separate advertising, browser problems, unwanted apps, real malware and data risk before anything is erased.