McAfee and Norton Antivirus Renewal Scams

Edit: New readers to this topic can join it as of 2023 by clicking here.

Whilst browsing the MSN website today and opening links which appeared interesting, I found one which claimed my McAfee Anti-virus subscription expired yesterday…

Most unusual as I have never used McAfee and for more than a decade, I have only used Windows Defender.

As I fully expected, Googling McAfee Scam brought up a number of results including the one below which contains the same image I received today.

It appears that the scum are aiming to obtain users credit crd details when they follow the renewal link.

Presumably it is being done with other anti-virus companies and many other businesses.

I have also had attempted malware attacks 4 times in the last couple of weeks via the MSN website which created a very loud continous tone accompanied by a message that Windows Firewall has detected that Windows 10 has been damaged, but simply closing the browser window (MS Edge 11) takes care of it.


I recently insatlled Adobe updates on both our PC and laptop but I missed unticking the MccAffee "free anti-virus trial’ for the laptop so it installed itself.

I have finally managed to remove it today using the McAffee MCPR Removal Tool after all other efforts proved futile.

The AV was not shown in the list of installed programs, did not appear under Program Files in C Drive, and did not appear in the Registry, at least in any recognisable form.

Every time an email arrived, a nag screen would appear, and it even claimed that there were 5 viruses detected. Yeah right. And I have this bridge for sale.

Who needs this rubbish when Windows Defender is free and does a great job.



Also why carefully reading the install information and un-ticking unneeded boxes is an important part of the process, it can help avoid a lot of unwanted “pain”. Missing it as happened to you can lead to hours of frustration.


If you are not familiar with the Revo uninstaller, even the free version may prove useful if you miss unticking a box again.


I have noticed Gumtree has taken up this annoying practice when posting on their site…but its tick boxes are about signing up to what is essentially spam/advertising.


Sadly for all their purchased options they are now subscriber plans and not “lifetime” ownership. Free is still lifetime but will it last long that way??


It now appears that I did not accidentally install any anti-virus but the laptop somehow was infected with the “” scam.

I managed to grab some screenshots today which revealed the name of the scam.

The recommended Malwarebytes did not find anything so I then followed “STEP 3: Remove pop-up ads from your browser.”

I just loved how these bottom-feeding grubs managed to create simultaneous McAffee and Norton alerts with McAffee showing 3 viruses and Norton showing 5 viruses, followed by a fake Chrome warning.

These grubs and their fake viruses are even more disgusting then the coronavirus.

The only thing they received from me was a middle finger.

Many people are not aware of Malwarebytes basic brother, a manual scan with


> It might be best to uninstall Adobe on your machines and reinstall

Best practice is uninstall, run scans with multiple AV and antimalware products, free or otherwise, rebooting between each, and then reinstalling.


The other place Adware can be readily sourced is malicious websites. If you have clicked on advertisements which have taken you to another site (such as the Bitcoin ones you have been very good at reporting on the community), these can ‘infect’ your browser as well causing adware popups to occur. To remove these, Malwarebytes has some information:

This Tennessee State University document also goes through a step by step process as well (note: it may be for older versions of operating systems and browsers, but the function to remove should be the same):


Running Malwarebytes in normal mode is not always effective as a cleaning process or even identifying process. If you think you may have a difficult piece of malware then running Malwarebytes in the “Safe Mode” of Windows can be much more useful.

To get into Safe Mode from normal Windows requires a few steps.

  • From the Start Menu select Settings (it looks like a little cog on the left side of the menu),
  • Once in Settings choose Recovery from the left side.
  • Then choose Restart now under the Advanced startup heading.
  • The machine will restart and offer some choices, choose Troubleshoot from the list.
  • Then Startup settings then click the Restart option/button.
  • The machine will again restart and offer options, choose the one that offers Safe mode with networking.
  • The machine will restart in Safe Mode and will allow networking, if using a Wireless network it will need to be selected manually as it is not automatic in Safe Mode for Wireless devices.

Once in Safe Mode run the Malwarebytes scan.

PS I would so much prefer an easier method to get to Safe Mode, these days the need is very infrequent but it does still exist.


Not ever having used McAfee, but clearly a scam anyway, from: Cvv Jd - cvvjd17@******.com



We get similar ones. Other mojos are Norton, Netflix, magazine etc subscriptions. We also get fake tax invoices from well known and lesser known companies.

A more sophisticated phishing scam where one rings up and gives credit card details to scammers for a refund…or allows access to their online banking.


I would have thought that the absence of sales tax would have been a red flag. :grin:


They are persistent, I received another one today “Your premium account is now operational again”, but the phone number has changed.
This one from the very professional sounding Ch Sh instead of Cvv Jd!


This is another variant on the same scam received today:

If one wants to be scammed, all they have to call is +1 (888) 791-4827 or reply to the email it was sent from which today was Pay_billing-team


A scam on so many levels. I got four of those PayPal/McAfee emails this week

  • Not to an address I use for PayPal
  • Not to an address I have used for McAffee (if I have even ever used McAfee
  • From email address dodgy as
  • From name even worse
  • Got two in five minutes to the same address
  • Try to set up a sense of urgency
  • To address was one picked up in a data breach about four years ago, but is suddenly getting traffic
  • Sales Tax, not GST?
  • Not how PayPal signs off their emails
  • Gmail quite correctly identified it as spam

I could go on, but any of the above is more than enough for me :slight_smile:


Mine have been from:
Fe Ev
Cc Wt
Bx Xy
Nh Xb

Seriously, if it hadn’t already been flagged as spam, those “names” alone are enough to automatically banish them to spam without any further investigation on my part.


I have received at least 6 emails and 3 SMS with the same content. Telstra needs to lift its game


Were the SMS actually from Telstra, or as commonly happens scammers sending mass texts in the hope of snaring someone not yet onto them? Sometimes the scammers’ SMS look very convincing as being from the company.

There are a few web sites describing how to filter spam/scam from legitimate SMS, this being one.

The gold standard when getting a suspect SMS (or email) is to contact the company using their details from one of your bills or their known official web site, not from anything in the SMS. Emails can be easier since they usually (but not always) come from obviously ‘not the company’ email address. SMS are increasingly spoofed to look like they came from the company number.