Dealing with Strange Pop-ups and Potential Malware

Unexpected pop-ups, browser redirects, and unusual system behavior are often warning signs of adware or malware infections. These unwanted programs can compromise your privacy, steal personal information, and degrade system performance. This comprehensive guide will help you identify suspicious activity, safely remove unwanted software, and strengthen your system against future threats.

Last Updated: March 2025
Print Share

Important

If you suspect your system is infected with malware, don't enter passwords or access sensitive accounts until your system is clean. Consider using another clean device to change critical passwords if you believe your information may be compromised.

Identifying Suspicious Activity

The first step in addressing potential malware is recognising the warning signs. Different types of unwanted software show different symptoms.

Pop-up Advertisements

Symptoms: Excessive pop-ups appear even when not browsing the web

Likely causes: Adware, browser extensions, potentially unwanted programs (PUPs)

Browser Redirects

Symptoms: Clicks take you to unexpected websites or search engines

Likely causes: Browser hijackers, modified hosts file, DNS changes

Strange System Behavior

Symptoms: Unexplained system slowdowns, crashes, or unusual activity

Likely causes: Background malware processes, system file corruption

Unwanted Toolbars

Symptoms: New toolbars in your browser that you didn't install

Likely causes: Bundled software installations, deceptive installers

Antivirus Warnings

Symptoms: Your security software detects threats but can't remove them

Likely causes: Rootkits, sophisticated malware with persistence mechanisms

Suspicious Account Activity

Symptoms: Login attempts, password resets, or account changes you didn't initiate

Likely causes: Information-stealing malware, keyloggers, data breaches

Immediate Actions to Take

If you notice any of the above symptoms, take these steps immediately to minimise damage and begin recovery:

First Response Actions

Disconnect from the internet to prevent data theft and command communications
Back up important files (but not program files that might be infected)
Run a full system scan with your antivirus software
Use an alternative secure device to change critical passwords

Boot into Safe Mode

Starting your computer in Safe Mode can prevent malware from loading at startup, making it easier to detect and remove:

For Windows:

  1. Restart your computer
  2. During startup, press and hold the Shift key while clicking Restart
  3. Select Troubleshoot > Advanced Options > Startup Settings > Restart
  4. After your PC restarts, select option 4 or F4 for Safe Mode

For macOS:

  1. Restart your Mac
  2. As soon as you hear the startup sound, press and hold the Shift key
  3. Release the key when you see the login screen
  4. You'll see "Safe Boot" in the upper-right corner of the login screen

Tip

While in Safe Mode, malware has limited functionality, giving you a better chance of removing it completely. This mode also prevents most startup programs, which can improve scan effectiveness.

Removing Unwanted Browser Extensions and Add-ons

Many pop-ups and redirects originate from browser extensions. Here's how to remove them:

Google Chrome

  1. Open Chrome and click the three dots in the upper-right corner
  2. Select "More tools" > "Extensions"
  3. Review all installed extensions carefully
  4. Remove any suspicious extensions by clicking "Remove" or toggling them off
  5. Pay special attention to extensions you don't recognise or don't remember installing

Mozilla Firefox

  1. Open Firefox and click the three lines (menu) in the upper-right corner
  2. Select "Add-ons and themes"
  3. Click on "Extensions" in the left sidebar
  4. Review all extensions and remove any suspicious ones using the three dots menu next to each
  5. Also check the "Themes" section for anything unusual

Microsoft Edge

  1. Open Edge and click the three dots in the upper-right corner
  2. Select "Extensions" > "Manage extensions"
  3. Toggle off or remove any suspicious extensions
  4. Check "Installed extensions" for anything you don't recognise

Safari (macOS)

  1. Open Safari and click "Safari" in the menu bar
  2. Select "Settings" (or "Preferences" in older versions)
  3. Go to the "Extensions" tab
  4. Uncheck or uninstall any suspicious extensions
  5. Also check the "Websites" tab for unusual permission settings

Note

Legitimate extensions can be hijacked too. If you notice strange behavior from a previously trusted extension, disable it temporarily and check if the developer has released an update.

Resetting Browser Settings

Browser hijackers often modify your homepage, default search engine, and other settings. Resetting your browser can undo these changes:

Reset Google Chrome

  1. Open Chrome's settings (three dots > Settings)
  2. Scroll down and click "Advanced" to expand options
  3. Scroll to the "Reset and clean up" section
  4. Click "Restore settings to their original defaults"
  5. In the dialog box that appears, click "Reset settings"

Reset Mozilla Firefox

  1. Click the menu button and select "Help" (question mark icon)
  2. Choose "More troubleshooting information"
  3. In the new tab, find the "Give Firefox a tune-up" section
  4. Click "Refresh Firefox..."
  5. Confirm by clicking "Refresh Firefox" in the dialog

Reset Microsoft Edge

  1. Open Edge settings (three dots > Settings)
  2. Select "Reset settings" in the left sidebar
  3. Click "Restore settings to their default values"
  4. Confirm by clicking "Reset" in the dialog

Reset Safari (macOS)

  1. Open Safari and select "Safari" from the menu bar
  2. Click "Settings" (or "Preferences" in older versions)
  3. Go to each tab and look for a "Reset..." option
  4. To clear history, go to "Safari" menu > "Clear History..."
  5. For a more thorough reset, you may need to remove Safari's preferences file (advanced users)

Using Malware Removal Tools

Specialised anti-malware tools can detect and remove threats that regular antivirus might miss:

Run an On-Demand Scanner

These tools are designed specifically for malware removal and can be used alongside your regular antivirus:

  • Malwarebytes: Excellent at finding and removing adware, PUPs, and browser hijackers
  • AdwCleaner: Specialised in removing adware and browser hijackers
  • Hitman Pro: Good second-opinion scanner that uses multiple detection engines
  • Microsoft Safety Scanner: Microsoft's free on-demand scanning tool

Tip

Use multiple scanners for better coverage, but run them one at a time to avoid conflicts. Always download these tools from their official websites to avoid fake versions.

Scan with Your Existing Antivirus

  1. Update your antivirus definitions to the latest version
  2. Run a full system scan, not a quick scan
  3. Enable rootkit detection if your antivirus offers this option
  4. Follow any prompts to quarantine or remove detected threats
  5. Reboot your computer after the scan completes

Warning

Be extremely cautious of pop-ups claiming your computer is infected and offering to "scan" or "clean" your system. These are often scams that install more malware. Only use trusted security software from reputable companies.

Removing Stubborn Malware

Some malware is designed to resist removal. For more persistent infections, try these advanced techniques:

Use Windows Defender Offline Scan (Windows 10/11)

  1. Go to Windows Security (Start > Settings > Privacy & Security > Windows Security)
  2. Select "Virus & threat protection"
  3. Under "Current threats," select "Scan options"
  4. Select "Microsoft Defender Offline scan" and click "Scan now"
  5. Your PC will restart and run the scan before Windows loads

Check Startup Programs and Scheduled Tasks

Malware often persists by adding itself to startup or scheduling automatic runs:

Windows Task Manager Method:

  1. Press Ctrl+Shift+Esc to open Task Manager
  2. Click the "Startup" tab
  3. Look for suspicious entries with unfamiliar names or publishers listed as "Unknown"
  4. Right-click any suspicious item and select "Disable"
  5. Research any programs you're unsure about before disabling them

Check Scheduled Tasks:

  1. Press Win+R to open the Run dialog
  2. Type "taskschd.msc" and press Enter
  3. Browse through the Task Scheduler Library
  4. Look for tasks with strange names, no descriptions, or suspicious actions
  5. Right-click suspicious tasks and select "Disable" or "Delete"

Check for Unusual Services

  1. Press Win+R, type "services.msc" and press Enter
  2. Sort services by "Startup Type" to check automatic services
  3. Look for services with odd names, no descriptions, or "Unknown" publishers
  4. Right-click suspicious services and select "Properties"
  5. Change "Startup type" to "Disabled" for suspicious services

Caution

Be careful when disabling services as many legitimate system services are required for proper functioning. Research any service before disabling it. When in doubt, change startup type to "Manual" rather than "Disabled."

Checking and Restoring Host Files

The hosts file can be modified by malware to redirect web traffic:

For Windows:

  1. Open Notepad as administrator:
    • Search for "Notepad" in the Start menu
    • Right-click Notepad and select "Run as administrator"
  2. In Notepad, go to File > Open
  3. Navigate to: C:\Windows\System32\drivers\etc\
  4. Change the file type filter to "All Files (*.*)"
  5. Open the "hosts" file
  6. The hosts file should only contain:
    • Comments (lines starting with #)
    • One line that says "127.0.0.1 localhost"
    • One line that says "::1 localhost" (IPv6)
  7. If you see other entries, especially domains you recognise, they might be malicious redirects
  8. Delete suspicious entries, save the file, and close Notepad

For macOS:

  1. Open Terminal (Applications > Utilities > Terminal)
  2. Type: sudo nano /etc/hosts and press Return
  3. Enter your administrator password when prompted
  4. Review the hosts file for suspicious entries
  5. Use arrow keys to navigate, and delete unwanted lines
  6. Press Control+O to save, then Control+X to exit

Fixing Browser Homepage and Search Engine Settings

Browser hijackers commonly change your homepage and default search engine:

Google Chrome

  1. Open Chrome settings (three dots > Settings)
  2. Under "On startup," select your preferred option
  3. If you choose "Open a specific page or set of pages," click "Add a new page" to set your desired homepage
  4. Under "Search engine," select your preferred search engine from the dropdown
  5. Click "Manage search engines and site search" to remove any suspicious search engines

Mozilla Firefox

  1. Open Firefox settings (three lines > Settings)
  2. In the "Home" section, set your preferred homepage and new tab page
  3. In the "Search" section, choose your default search engine
  4. Scroll down to "Search Shortcuts" and remove any suspicious entries

Microsoft Edge

  1. Open Edge settings (three dots > Settings)
  2. Click "Start, home, and new tabs" in the sidebar
  3. Under "When Edge starts," choose your preferred option
  4. Set your homepage and new tab page as desired
  5. Go to "Privacy, search, and services" in the sidebar
  6. Scroll down to "Services" and click "Address bar and search"
  7. Choose your search engine and remove any suspicious ones

Safari (macOS)

  1. Open Safari preferences (Safari menu > Settings/Preferences)
  2. In the "General" tab, set your homepage
  3. In the "Search" tab, select your preferred search engine
  4. Check the "Extensions" tab again for suspicious search extensions

Recovering from Fake Security Warnings and Tech Support Scams

A common tactic is to display alarming "security warnings" with phone numbers for fake tech support:

Dealing with a Current Scam Page

  1. Don't call any phone numbers displayed in pop-ups or alerts
  2. Remain calm—these warnings are fake and designed to scare you
  3. Force-close your browser:
    • Windows: Press Alt+F4 or use Task Manager (Ctrl+Shift+Esc)
    • Mac: Press Command+Option+Esc and force-quit the browser
  4. If the page won't close or keeps returning:
    • Disconnect from the internet by turning off Wi-Fi or unplugging the network cable
    • Restart your computer and clear your browser cache after restarting

Warning

Never allow remote access to your computer based on an unsolicited call or pop-up. Legitimate tech companies like Microsoft, Apple, or Google will never display pop-ups with phone numbers claiming your device is infected.

If You've Already Called the Scam Number

If you've interacted with tech support scammers:

  1. If you gave them remote access to your computer:
    • Immediately disconnect from the internet
    • Shut down your computer
    • When you restart, change all your passwords using a different device
    • Run a full malware scan with reputable security software
    • Monitor your accounts for unauthorised activity
    • Consider resetting your computer to factory settings in severe cases
  2. If you paid them:
    • Contact your credit card company or bank immediately
    • Explain that you were scammed and request a chargeback
    • Report the scam to your local consumer protection agency
    • Report the scam to the FTC (USA), Action Fraud (UK), or equivalent in your country

Prevention: Strengthening Your System Against Future Threats

Once your system is clean, take these steps to prevent future infections:

Keep Software Updated

  • Enable automatic updates for your operating system
  • Keep all applications updated, especially browsers, PDF readers, and Java
  • Remove software you no longer use to reduce your attack surface
  • Consider using software update management tools to streamline the process

Enhance Browser Security

  • Install a reputable ad-blocker extension
  • Use browser extensions that block malicious websites (like uBlock Origin)
  • Enable "Safe Browsing" features in your browser
  • Disable or strictly limit browser notifications from websites
  • Review privacy settings and limit data collection

Practice Safe Downloading

  • Only download software from official websites, not third-party download sites
  • Verify downloads with checksums when available
  • Pay attention during installation to decline bundled software offers
  • Use custom/advanced installation options to see what's being installed
  • Be wary of "free" versions of normally paid software

Implement Multiple Security Layers

  • Use reputable antivirus software and keep it updated
  • Consider adding specialised anti-malware as a second layer of protection
  • Enable your operating system's built-in security features:
    • Windows: Windows Security, SmartScreen, Controlled Folder Access
    • Mac: Gatekeeper, XProtect, FileVault
  • Set up a separate admin account for installations and a standard user account for daily use

Tip

Create a system restore point or backup before installing new software. This gives you a clean state to return to if anything goes wrong.

Develop Security-Conscious Habits

  • Be skeptical of unsolicited emails, especially those with attachments or urgent requests
  • Verify website URLs before entering sensitive information
  • Use unique, strong passwords for important accounts
  • Consider using a password manager to maintain different passwords across sites
  • Enable two-factor authentication wherever available
  • Regularly review app permissions on your devices

What If Nothing Works?

For severe malware infections that resist removal:

Reset Your Browser

Try completely resetting your browser to default settings as described in the earlier section.

Create a New User Account

Some malware only affects specific user profiles:

  1. Create a new administrator account on your computer
  2. Log in to the new account and check if the problems persist
  3. If the new account works fine, transfer your files from the old account
  4. Delete the infected user account once your data is saved

Consider System Restore or Reset

For Windows systems:

  1. System Restore (if enabled previously):
    • Open the Start menu and search for "Recovery"
    • Select "Recovery" > "Open System Restore"
    • Choose a restore point from before the infection
  2. Reset PC (more drastic but effective):
    • Go to Settings > System > Recovery
    • Under "Reset this PC," click "Reset PC"
    • Choose to keep your files (but note that applications will be removed)

For Mac systems:

  1. Back up your important data
  2. Restart your Mac and hold Command+R during startup
  3. Use Disk Utility to erase your startup disk
  4. Use "Reinstall macOS" to reinstall the operating system
  5. Restore your data from backup after verifying it's clean

Note

Always back up your important data before performing system restore or reset operations. Make sure your backups don't include the malware or infected files.

Need Help Removing Malware?

If you're dealing with persistent pop-ups or suspect malware that you can't remove, our technicians can help. We offer remote malware removal services to clean your system and strengthen your security against future threats.

Book a Support Session

Was this article helpful?

Reminder

These guides are provided as general information only. Your specific issue may require professional diagnosis. If you're uncomfortable performing any steps, please book a support session.

Related Articles

Signs Your Computer May Have Malware

Learn to recognise the early warning signs of malware infection.

Creating Strong Passwords

Protect your accounts with secure, memorable passwords.

Browser Privacy Settings Guide

Configure your browser for enhanced privacy and security.
Back to Knowledge Base Browser Privacy Settings Guide