unknown files

Question

I had a scare with a fake mcafee pop up yesterday. I'm paranoid because I interacted with the intrusive pop up. I pressed an run "program button" which then prompted me with another thing telling telling me to solve the issue. Once I did that it prompted me with a payment page. This might sound dumb but I did this because I was suspicious it was real since I had an expired mcafee installed. I did not enter any details or ring any numbers.

As soon as the payment page popped up I searched to find a way to block the pop ups and blocked them on my microsoft edge settings. My laptop has been functional and operating normally ever since. I ran the inbuilt quick scan virus protection to check and no threats were found. I did the full one and got the same result. I never had pop ups from mcafee before. The version on my computer that was installed was the personal security one that was terminated in Jan 2026. (I googled it after opening the app and seeing it was inaccessible.) However, I noticed I had memory integrity off during the scans I'm assuming that had to do with the expired mcafee program so after. I turned memory integrity on after.

Then I attempted the offline scan and found bonjour/itunes was interrupting it so I uninstalled them through the regular app navigation. I had plugged my phone into my computer months prior and double checked those items were apple related. I did the offline scan after again and it successfully restarted my computer but I could only see my full scan from hours prior and not the status of the offline one. Protection history suggested nothing. I went to uninstall some residual apple files such as the apple installer. I then did a quick scan again but in my file explorer I saw these files when I searched "apple" (see images). I also went on device manager and removed iphone and removed other apple related things on regedit.

I'm scared these leftover files are interrupting the antivirus protection in some way. I cant delete them as this is what it says when I try. (see images)

I'm paranoid they affect the antivirus system somehow even though it didn't say they did. Is it fine to do another offline or full scan? will it pick up anything suspicious? I feel bad because I wouldn't have as much paranoia if I didn't click the buttons on the popups. Will I be ok or do I need to do more?

I dont have any suspicious activity on my computer (I'm using it now) there's no new files or downloads. Should I do another scan? Am I fine or paranoid

Answer 1

Hi Imtiaz Ahmed,

Thank you for explaining the situation in detail. I completely understand why this would feel concerning.

From what you’ve described, the popup you encountered matches a known “fake antivirus” or scareware pattern. These are designed to look legitimate and pressure users into taking action, but in most cases they do not perform any real scan or detection and instead redirect to a payment or subscription page.

The important point is that you did not download or install any files and you did not provide any personal or payment information. In these cases, the risk of actual infection is generally low.

It’s also a very good sign that you’ve already run multiple scans (Quick, Full and Offline) using Windows Security and no threats were detected. The behavior you mentioned with the offline scan not showing results in the Protection History can occur when no threats are found, so this alone does not indicate a problem.

Regarding the Apple-related files you noticed (such as AppleSSD.sys and applessd.inf), these are legitimate driver components typically installed when Apple software like iTunes or iPhone support is used on the system. They are protected system files, which is why Windows restricts deletion. They are not related to the popup and do not interfere with antivirus protection.

Based on everything you’ve shared, there is no clear indication that your system has been compromised. Your device continuing to operate normally, combined with clean scan results, are both strong signs that things are okay.

For additional peace of mind, you can double-check that there are no unfamiliar browser notifications or extensions enabled in Microsoft Edge (Settings > Cookies and site permissions > Notifications) and keep Windows Security fully updated with Memory Integrity turned on.

At this stage, you can run another scan if it helps reassure you, but it is not strictly necessary given the checks you’ve already completed. You’ve handled this situation very well, especially by stopping before entering any information and taking steps to secure your browser.

Please continue to monitor the device and if you notice any unusual behavior (such as repeated pop-ups, unknown apps or unexpected redirects), feel free to reach out again and I’ll be happy to assist further.

---

If you have additional questions about this answer, please click "Comment".

Note: If you want to receive email notifications about this thread, follow the steps in our documentation to enable email notifications.

Answer 2

The behavior described matches a common fake antivirus / tech-support scam delivered through the browser, not a deep system infection.

Key points from the scenario and context:

1. Fake security pop‑ups and tech support scams
   • These scams often appear as full‑screen or intrusive pop‑ups claiming the device is infected, sometimes using brands like McAfee or Windows Defender.
   • They may show fake warning messages, play sounds, and push to call a phone number or pay for “fixes.”
   • Microsoft documentation notes that real Microsoft error messages do not include phone numbers and Microsoft does not cold‑call or lock the PC to demand support calls or payments.
   • Closing the browser (or using Task Manager to end the browser process) and clearing cache/history is the recommended way to exit these scams.
2. What matters most for risk
   Based on the description:
   • No payment details were entered.
   • No phone number was called.
   • No remote‑access tool was installed or granted access.
   • Windows Security quick and full scans show no threats.
     In the Microsoft guidance, if no remote access was given and no extra software was installed, the issue is typically limited to the browser session and not a full system compromise.
3. Offline / full scans and leftover files
   • Running a full scan with Microsoft Defender Antivirus and an offline scan (Microsoft Defender Offline) is explicitly recommended when unwanted software or malware is suspected.
   • Leftover application files (such as Apple components) do not, by themselves, disable or bypass Microsoft Defender. If Defender scans complete and Protection history shows no threats, those files are simply remnants of previous software, not evidence of active malware.
   • It is safe to run another full or offline scan if that provides reassurance. Defender will detect and quarantine/remove anything it recognizes as malicious.
   • Protection History will show if anything was detected, quarantined, or blocked.
4. When more action is needed
   Microsoft recommends stronger actions (like resetting the device, changing passwords, or contacting financial institutions) primarily when:
   • Scammers have been given remote access to the device.
   • Unknown software was installed at their direction.
   • Personal or payment information was provided.
     None of those steps occurred in this scenario, so those heavier responses are not indicated by the provided guidance.
5. Ongoing protection and prevention
   To reduce future risk:
   • Keep Windows updated via Settings > Update & Security > Windows Update.
   • Keep Windows Security (Microsoft Defender) up to date and run full scans when concerned.
   • Be cautious of any pop‑up that:
     • Claims urgent infection,
     • Shows a phone number to call, or
     • Demands payment to “unlock” or “repair” the PC.
       These are characteristic of tech support and scareware scams.

Given the context guidance:

• Running full and offline scans with Microsoft Defender is appropriate and safe.
• If those scans show no threats and there is no unusual behavior (no new unknown apps, no repeated fake pop‑ups after blocking notifications, no remote access granted), the system is considered clean by Microsoft’s tools.
• Residual non‑malicious files do not prevent Defender from working or scanning.

If similar pop‑ups appear again, close the browser (or end it via Task Manager) and avoid interacting with any payment pages or phone numbers.

---

References:

• Protect your PC from unwanted software
• Protection History
• Microsoft resources and guidance for removal of malware and viruses
• Protect yourself from tech support scams
• Prevent online scams with the scareware blocker in Microsoft Edge
• Protect yourself from online scams and attacks
• How to remove the PC Repair virus
• I WAS HACKED - Microsoft Q&A
• How do I report a possible scam from Microsoft? - Microsoft Q&A
• How can I remove McAfee Norton Pop Ups on Windows 11? It is not showing up on Apps or Task Manager. - Microsoft Q&A
• How to stop Total add block from popping up in all my apps and banking - Microsoft Q&A
• Disabled computer - Microsoft Q&A