Pop-Ups Archives – Gridinsoft Blog

Free-tl Pop-Up Virus

Stephanie Adlam — Thu, 12 Sep 2024 15:57:07 +0000

Analysis shows a hike in the number of malicious pop-ups that come from Free-tl websites. It is a rather common strategy of aggressive marketing that aims to spam users after forcing them to allow sending notifications from the aforementioned websites. Let’s figure out what this scam is, and how to stop “Free tl” pop-ups.

What are Free-tl pop-up notifications?

Pop-up notifications from Free-tl sites are a spam campaign that aims to earn money from pay-per-view and pay-per-click advertisements. There is an entire chain of such sites, created by the same group of cybercriminals and existing for the same purpose. Frauds who stand behind all this lure people into pressing the “Allow notifications” button that appears as soon as one enters the site. This demand may be framed as a form of captcha, DDoS protection, or the like.

List of domains involved in a scam

URL	Registered	Scan report
Free-tl-100-a.buzz	2024-09-12	Report
Free-tl-100-b.buzz	2024-09-12	Report
Free-tl-100-c.buzz	2024-09-12	Report
Free-tl-100-d.buzz	2024-09-12	Report
Free-tl-100-e.buzz	2024-09-12	Report

You can conduct your investigation using our Inspector API by performing a search with the key “Free-tl” here.

One particular source of the redirections to Free-tl sites is by browsing sites with illegal or explicit content. Websites that host pirated movies or games, adult sites – clicking anything on such pages may trigger the redirection to the scam site that will ask you to allow notifications. That twisted form of cooperation is what makes me warn people against using such sources of software and movies.

Example of the “Allow notifications” page

Interesting thing about the pop-up spam sites is that they work only after the redirection. Simple checks show that opening the scam page requires a correct link. Visiting the root domain, without the additional parameters in the URL, will return either a 404 error or a boilerplate that says the URL is for sale.

How dangerous are Free-tl pop-ups?

Once the user allows notifications from one of the Free-tl websites, it bombards them with pop-ups. These notifications appear in the system tray, offering gambling, adult sites, or trying to scare the user by saying the system is infected. Clicking on a pop-up will send the user to a website with questionable content. It is also common to see phishing pages promoted in such a way, which forms the main concern of this pop-up spam.

Example of a fake antivirus warning that the “Free tl” site can send

Another angle of the problem is the offer to install some questionable software to solve non-existent problems. You might encounter a so-called Microsoft tech support scam page or a site that pretends to scan your PC, falsely reporting that there are hundreds of malicious programs running at the moment. To make it harder for the user to quit, scammers make these sites open in a full-screen mode, so there is no visible way out. Of course, unless someone presses the Escape button.

But scams and phishing aside, the key issue with all this is the fact that constant pop-ups are extremely annoying. Because of the way Windows shows notifications, they will appear on top of any app that is currently running. It’s simply hard to concentrate on your task when you constantly hear and see banners popping up one after another. And, well, it will be quite an embarrassing moment when your boss walks by while there is a pop-up with hot girls around you on the screen.

How to remove Free-tl pop-ups?

It is possible to remove the pop-up source manually, through the browser interface. For this, go to your browser settings, find notification settings and remove all the sites that are listed as ones that can send notifications. Reload the browser to apply the changes.

Disabling browser pop-ups (scroll images)

There is also the second step – malware removal. It is possible that the Free-tl pop-ups appearance is caused by the activity of adware or browser hijackers. These two malware types often cause redirections, and may alter web browser settings to their needs. For that reason, I recommend scanning the system with GridinSoft Anti-Malware: it will clear whether there is something malicious on your device, or not. Download it, install and run a Standard scan: this will check the places where the said malware typically keeps its files.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

Download Anti-Malware

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Free-tl Pop-Up Virus appeared first on Gridinsoft Blog.

Check-tl-ver Pop-Up Virus

Stephanie Adlam — Mon, 02 Sep 2024 15:51:02 +0000

Analysis shows a hike in the number of malicious pop-ups that come from Check-tl-ver websites. It is a rather common strategy of aggressive marketing that aims to spam users after forcing them to allow sending notifications from the aforementioned websites. Let’s figure out what this scam is, and how to stop Check-tl-ver pop-ups.

What are check-tl-version pop-up notifications?

Pop-up notifications from Check-tl-version sites are a spam campaign that aims to earn money from pay-per-view and pay-per-click advertisements. There is an entire chain of such sites, created by the same group of cybercriminals and existing for the same purpose. Frauds who stand behind all this lure people into pressing the “Allow notifications” button that appears as soon as one enters the site. This demand may be framed as a form of captcha, DDoS protection, or the like.

List of domains involved in a scam

URL	Registered	Scan report
Check-tl-ver-u99-a.buzz	2024-10-09	Report
Check-tl-ver-u99-b.buzz	2024-10-09	Report
Check-tl-ver-u99-c.buzz	2024-10-09	Report
Check-tl-ver-u99-d.buzz	2024-10-09	Report
Check-tl-ver-u99-e.buzz	2024-10-09	Report
Check-tl-ver-u99-f.buzz	2024-10-09	Report
Check-tl-ver-u99-g.buzz	2024-10-09	Report

One particular source of the redirections to check-tl-version sites is by browsing sites with illegal or explicit content. Websites that host pirated movies or games, adult sites – clicking anything on such pages may trigger the redirection to the scam site that will ask you to allow notifications. That twisted form of cooperation is what makes me warn people against using such sources of software and movies.

Example of the “Allow notifications” page

How dangerous are Check-tl-version pop-ups?

Once the user allows notifications from one of the check-tl-version websites, it starts bombarding them with pop-ups. These notifications appear in the system tray, offering gambling, adult sites, or trying to scare the user by saying the system is infected. Clicking on a pop-up will send the user to a website with some rather questionable content. It is also pretty common to see phishing pages promoting in such a way, which forms the main concern of having this pop-up spam.

Example of a fake antivirus warning that the check-tl-ver site can send

How to remove Check-tl-version pop-ups?

Disabling browser pop-ups (scroll images)

There is also the second step – malware removal. It is possible that the check-tl-version pop-ups appearance is caused by the activity of adware or browser hijackers. These two malware types often cause redirections, and may alter web browser settings to their needs. For that reason, I recommend scanning the system with GridinSoft Anti-Malware: it will clear whether there is something malicious on your device, or not. Download it, install and run a Standard scan: this will check the places where the said malware typically keeps its files.

Download Anti-Malware

The post Check-tl-ver Pop-Up Virus appeared first on Gridinsoft Blog.

How to Secure Windows 10 from Hackers

Stephanie Adlam — Thu, 04 Jul 2024 08:36:35 +0000

Windows 10 boasts valuable features, providing comfortable tools for user PCs and safeguarding confidential data. However, to secure Windows 10 effectively, understanding its vulnerability due to its dominance in the market—with over 85% of user devices—is crucial. This operating system has many vulnerabilities that attackers actively exploit. Below is a useful guide with essential tips to help you enhance your Windows security.

Secure Windows 10: Useful Tips

1. Update Your Software Regularly

Regular updates are essential to secure Windows 10 from hackers. By updating Windows and all your software, you prevent hackers from accessing your computer. Developers create updates to shield private information by fixing code bugs and eliminating incompatibilities. As a result, larger software packages often contain vulnerabilities that hackers are more likely to discover and exploit.

Each time attackers discover new loopholes or methods to hack into systems, developers release new versions of these crucial updates. Unfortunately, many users neglect these updates, sticking with outdated software versions, which hackers exploit to breach security.

2. Turn on Your Firewall

The Windows Firewall is a robust network security system integrated into recent Windows operating systems, including Windows 10, designed to protect internal networks from external threats like intruders or malware. It scrutinizes both hardware and software, tracking incoming and outgoing traffic. The firewall allows or blocks data packets based on established security rules, acting as a crucial barrier to secure Windows 10 from any incoming threats.

Follow these steps to enable the Windows 10 Firewall and protect your computer:

1. Open Control Panel:

Click the Start menu.
Type Control Panel in the search bar and select it from the list of results.

2. Navigate to Windows Firewall:

In the Control Panel, click on System and Security.
Then click on Windows Defender Firewall.

3. Turn on Windows Firewall:

On the left side of the screen, click on Turn Windows Defender Firewall on or off.
Under both the Private network settings and Public network settings, select the option to Turn on Windows Defender Firewall.
Click OK to save your settings and activate the firewall.

3. Use Device Encryption or Bitlocker to Protect Your Hard Drive

Encryption works by scrambling data with a complex cipher that makes the information unreadable without the correct password. Many versions of Windows 10 Home include Windows Device Encryption. This feature allows you to encrypt files and folders on demand and create disk partitions to store encrypted bulk data, greatly enhancing your chances to secure Windows 10 and maintain the integrity of your files. However, be aware that using disk encryption utilities might slow down weaker systems or those equipped with HDDs, as these tools can impact performance.

Here are the steps to set up BitLocker on your Windows 10 device:

1. Check if BitLocker is Available:

Open the Control Panel.
Navigate to System and Security > BitLocker Drive Encryption.
If BitLocker is not available, your version of Windows may not support it, or your hardware may lack a Trusted Platform Module (TPM) chip.

2. Turn On BitLocker:

Choose the drive you want to encrypt from the list.
Click Turn on BitLocker.
BitLocker will check if your system meets the requirements for encryption.

3. Choose How to Unlock at Startup:

You will be asked how you want to unlock the drive at startup. Options typically include using a password or a smart card.
Choose Use a password to unlock the drive and enter a strong password.

4. Save Your Recovery Key:

BitLocker will prompt you to save a recovery key, which can be used to access your encrypted drive if you forget your password.
You can save it to your Microsoft account, a file, a USB drive, or print it.
It’s crucial to save the recovery key in a secure location separate from your computer.

5. Choose Encryption Options:

Select whether to encrypt the used disk space only (faster and best for new PCs and drives) or the entire drive (best for PCs and drives already in use).
Click Next to continue.

6. Start the Encryption Process:

Review your choices and click Start encrypting.
The encryption process can take several hours, depending on the size of the drive and the data stored on it.

Once BitLocker is enabled, your drive is protected. Every time you start your device, you will need to enter the password or have the smart card to access the encrypted drive. This ensures that your data is secure even if your device is lost or stolen.

4. Use a Secure Password Manager with Two-Factor Authentication (2FA)

Simple passwords make user accounts vulnerable to hacks, making it crucial to use passwords that combine a complex array of letters and characters for enhanced protection. Remembering all these complex passwords can be challenging, which is why it’s wise to use a password manager. These tools store, auto-fill, and generate passwords for you. Most password managers also support two-factor authentication (2FA), adding an extra layer of security. This additional step might involve something like a fingerprint, a confirmation code sent to your phone, or a facial scan—essential measures to secure Windows 10 against unauthorized access.

5. Enable Controlled Folder Access to Prevent Ransomware Attacks

Ransomware attacks are a significant threat to personal and organizational data security. Windows 10 offers a robust feature called Controlled Folder Access within Windows Defender Security Center. This feature helps protect valuable data from malicious apps and threats, such as ransomware. By default, it protects common folders where documents, pictures, videos, and files are stored, and you can also add additional folders to be monitored to enhance protection.

To enable Controlled Folder Access, simply go to the Windows Defender Security Center, click on ‘Virus & threat protection,’ and navigate to the ‘Ransomware protection’ section. From there, you can switch on Controlled Folder Access. This simple step can significantly secure Windows 10 by blocking unauthorized applications from making changes to your protected folders.

How to protect your files from ransomware attacks by enabling Controlled Folder Access:

1. Open Windows Security Settings:

Click on the Start menu.
Type Windows Security in the search bar and open the app.

2. Navigate to Virus & Threat Protection:

In the Windows Security window, click on Virus & threat protection.

3. Access Ransomware Protection:

Scroll down and find the Ransomware protection section.
Click on Manage ransomware protection.

4. Enable Controlled Folder Access:

In the Ransomware protection settings, find the Controlled folder access section.
Switch the toggle to On to enable Controlled Folder Access.

5. Manage Protected Folders:

After enabling Controlled Folder Access, you can add or remove folders that you want to protect.
Click on Protected folders and then use the Add a protected folder button to select folders on your computer that you wish to protect.

6. Allow Apps Through Controlled Folder Access:

If you have legitimate apps that need to make changes to protected folders, you can allow them through this feature.
Under Allow an app through Controlled folder access, click on Add an allowed app and select the app you trust to make changes to protected folders.

7. Review and Test:

Once you’ve configured your settings, review everything to ensure it’s set up correctly.
Test the feature by attempting to modify files in the protected folders with a non-allowed application to check if the access is correctly blocked.

6. Keep Your Browsing Private with a VPN, Especially on Public Wi-Fi

Using a VPN can significantly enhance your privacy and anonymity online by creating a private network from a public Internet connection. This security method not only masks your IP address but also makes your online activities nearly impossible to track. Moreover, a VPN provides a more encrypted and secure connection than a typical Wi-Fi hotspot. By creating a secure tunnel, a VPN helps conceal your browsing activities, allowing you to access region-blocked websites without exposure. This is an essential step to secure Windows 10 when using public WiFi.

7. Avoid Dangerous Pop-Ups

Although pop-up windows may seem merely annoying—wasting your time and slowing down your PC—they can also pose serious risks by infecting your device with malware. These pop-up banners are harmless until you click on them, which activates their damaging effects. Therefore, it’s crucial to be discerning about what you click on. To protect yourself, consider using an ad blocker or avoid visiting sites known for dubious pop-ups. If ad blockers don’t cut it, your device might already be compromised by malware. Scan your device with anti-malware software to eliminate any such threats and further secure Windows 10.

Pop-ups that have no relation to the original page

8. Install Anti-malware

Antivirus software will be your next level of protection against malware. For example, GridinSoft Anti-Malware can remove all malware from your computer. In addition, it scans the system for viruses, spyware, and adware and prevents rootkits or backdoors from invading your PC.

Download Anti-Malware

Our tool can work without conflict with other antivirus programs as additional protection. GridinSoft Anti-Malware can free the user’s browser from third-party control and return it to its working state.

The post How to Secure Windows 10 from Hackers appeared first on Gridinsoft Blog.

Windows Defender Security Warning

Stephanie Adlam — Tue, 02 Jul 2024 09:14:36 +0000

Have you ever encountered a Windows Defender security warning pop-up while browsing? This type of malicious activity is designed to trick you into contacting scammers. Fortunately, you can quickly get rid of it. Here, we will explain how to remove this scam and protect yourself from other viruses.

What is the Windows Defender Security Warning?

This warning is the result of scareware or a phishing scam. Its purpose is to redirect you to a webpage that visually resembles the official Microsoft website. However, the URL does not match the official site. The page may display a message claiming that your computer is infected with malware and that you need to contact a support agent by phone to fix the problem.

Windows Defender Security Warning scam example. Red flags are highlighted in the picture.

Unfortunately, the notification looks like a legitimate Windows message, making it especially dangerous – many users may not even attempt to verify i= on Google. Scammers commonly make the pop-up as convincing as possible so that people don’t suspect anything is wrong. The provided phone number will likely connect you to a fraudulent call center. The agent may try to get you to install malware to infect your computer, steal your personal information, or demand money for fake services.

Why is the Windows Defender Security Warning False?

At first glance, you might mistake this for a legitimate warning from Windows Defender. However, if you’re familiar with Windows Defender, you’ll notice differences from a genuine notification. Therefore, please do not call the phone number provided in the window because it is not a real alert. Here’s why:

It’s not the Windows Defender interface. Windows Defender, also known as Windows Security, is a built-in Windows application with a different interface. It will never display a browser pop-up or webpage; it uses system notifications instead.
Strange text and typos. A banner or page showing a Microsoft Defender alert often contains strange text designs and grammatical and stylistic errors, which sharply contrast with the short and informative Defender notifications.
Microsoft never provides contact numbers for users. Users can contact Microsoft support through the “Get Help” application if they encounter problems.

This Windows Defender security alert is flawed in both format and content. It’s often a low-level phishing scam aiming to sell a rogue antivirus service, which can harm your computer. In some cases, you might not be able to close the alert or switch to other applications.

Causes of the Windows Defender Security Warning

There are several reasons why you might see a Windows Defender security warning. Here are the most common ones:

You clicked on an ad that redirected you to a fake site.
You visited a hacked website that redirected you to a fraudulent page.
You have a malicious program installed on your device, often a result of adware activity.

There are also many other ways you could be exposed to fraud, depending on various factors, such as the external devices you share with others. Simply closing the window may not solve the problem, especially if adware is causing it. The pop-up message may appear every time you open your browser.

How to Remove the Windows Defender Security Warning

Since the Windows Defender security warning appears in your browser, most actions to get rid of it are related to your browser. These steps can help resolve the issue of Windows Defender security warning pop-ups:

Force close and reopen your browser.
If the problem with redirecting to a fraudulent page persists, reset your browser (instructions below) or reinstall the browser completely.
If this continues, you may have adware or a PUP (potentially unwanted program) installed on your computer, and you need to remove it.

If you’re unsure which installed application is causing the pop-up notifications, install antivirus software to detect and remove the infection from your computer.

How to Clear the Browser from the Windows Defender Security Warning

Resetting your browser settings is one of the first steps to eliminate the Windows Defender security warning scam. Here are the instructions for different browsers:

Remove the Windows Defender Scam from Chrome

Click on the three vertical … in the top right corner and Select Settings.
Select Reset and Clean up and Restore settings to their originals defaults.
Click Reset settings.

Remove the Windows Defender Scam from Firefox

Click the three-line icon in the upper right corner and select Help
Select More Troubleshooting Information
Select Refresh Firefox… then Refresh Firefox

Remove the Windows Defender Scam from Microsoft Edge

Press the three dots
Select Settings
Click Reset Settings, then Click Restore settings to their default vaues.

Remove the Windows Defender Scam from Safari

Open the terminal (press ⌘ Command + Spacebar to open the spotlight, type “terminal” and press “Enter”)
Enter these commands one at a time. Execute each command by pressing “Enter” after copying it into the terminal:

rm -Rf ~/Library/Caches/Metadata/Safari; rm -Rf ~/Library/Caches/com.apple.Safari; rm -Rf ~/Library/Caches/com.apple.WebKit.PluginProcess; rm -Rf ~/Library/Preferences/Apple\ -\ Safari\ -\ Safari\ Extensions\ Gallery rm -Rf ~/Library/Preferences/com.apple.Safari.LSSharedFileList.plist; rm -Rf ~/Library/Preferences/com.apple.Safari.RSS.plist; rm -Rf ~/Library/Preferences/com.apple.Safari.plist; rm -Rf ~/Library/Preferences/com.apple.WebFoundation.plist; rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginHost.plist; rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginProcess.plist; rm -Rf ~/Library/PubSub/Database; rm -Rf ~/Library/Safari/*; rm -Rf ~/Library/Safari/Bookmarks.plist; rm -Rf ~/Library/Saved\ Application\ State/com.apple.Safari.savedState;

What to Do if the Problem Persists?

If you have followed all the steps above and still see this warning every time you use a web browser, it is a clear sign that malware is still on your computer. You can use professional antimalware software such as GridinSoft Anti-Malware to scan your computer and remove any viruses or malware found. After taking such drastic measures, the antimalware software will remove and neutralize more dangerous cyber threats that could cause severe damage to your files.

Download Anti-Malware

How to Avoid Scams like the Windows Defender Security Warning

As mentioned earlier, the Windows Defender security warning scam is not the only threat you may encounter on your computer. There is much more severe malware on the Internet, and as a prudent user, you should take every precaution to avoid them. Here are some basic tips:

Ensure your OS and apps are up to date
Only download apps from official websites
Avoid clicking on random links without knowing where they will take you
Don’t download suspicious apps
Do not open attachments in suspicious emails
Use an ad blocker to block malicious ads
Use advanced antivirus software

Your computer should now be clean and free of Windows Defender scams. To prevent this from happening again, practice good online hygiene to protect yourself from fraud. Perform regular scans and use malware protection to stop threats before they happen.

The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

How To Stop McAfee Pop-ups

Stephanie Adlam — Sat, 29 Jun 2024 08:47:57 +0000

It’s a good tone to be concerned about safety on the Internet. It’s ok when you have antivirus software installed, and it sometimes sends you a threat alert. However, getting notifications from an application you don’t use or haven’t even installed is a reason to think twice. For example, you may have heard of McAfee, which some programs offer to install as additional software, so many people are not confused by alerts from that application. Seeing such notifications too often can negatively affect your online experience. So, let’s review some tips and tricks that help you to stop McAfee pop-ups on Chrome.

What are McAfee Pop-ups? Is It McAfee Scam?

This is what a fake notice looks like. A web address that differs from the official www.mcafee.com is a red flag

McAfee pop-up notifications can be divided into two types: legitimate ones, which are sent by a browser extension, and fake ones, which are sent by adware installed on the system. But how to stop them? Suppose you have deliberately installed a McAfee browser extension. In that case, it is expected that you will see pop-up notifications from it. On the other hand, if you have no McAfee installed as the app or the browser extensions in Chrome, these are probably fake McAfee pop-ups. Next, we’ll figure out how to disable unwanted pop-up notifications in Chrome and solve the problem of fake notifications.

McAfee Subscription Has Been Expired scam website

Fake Virus Alert From Mcafee

How to Stop McAfee Pop-ups on Chrome?

You can use Incognito mode in Chrome, temporarily removing the pop-up notifications from McAfee. However, if you need to block them completely, you can do so in Chrome’s notification settings. Alternatively, you can restore Chrome’s default settings. However, if you need to keep all your saved data and browser settings, we have several other options listed below.

Block notifications from McAfee

First, you can block push notifications from any site in Chrome, including the McAfee site. This is the most straightforward action you can take to hide all pop-up notifications from McAfee.

Click the three vertical dots, then “Settings“.
Click “Privacy and security” ⇢ Site Settings.
Select the “Notifications” option.
Select “Don’t allow to send notifications“.
Click the “Add” button next to the “Not Allowed to Send Notifications” section.
In the “Add Site” window, add the website URL for what you want to stop receiving notifications and click “Add“. In this case, it is a McAfee site.
Alternatively, click the “Extra Actions” button (three vertical dots) next to the specific site and click “Remove“.

Remove the McAfee Chrome extension

If the first method didn’t work, and you still get the pop-up notifications from McAfee when you open Chrome, chances are that your system is infected by adware. However, to be sure, you can uninstall the McAfee Chrome extension. If necessary, you can always reinstall it later from the Chrome Web Store.

Launch the Chrome app. Click the three dots in the top right corner.
Then select More Tools ⇢ Extensions.
Turn off the McAfee Extensions button.
Restart the Chrome app and make sure it’s not running. Or, click the “Remove” button on the McAfee extension to remove it from Chrome.

McAfee scam email is a dangerous form of phishing scam that centers around your account with this antivirus vendor.

Scan Your System for Viruses

It is possible for malware to force the appearance of the McAfee pop-ups and the consequent Subscription Expired page. In particular, adware and browser hijackers are two malware types that do this nasty trick particularly often. They bring profit to their masters by throwing users of infected systems to unwanted websites, with the fake McAfee sites being just one of the examples. And to get rid of the malware, the anti-malware software scan is needed.

Download Anti-Malware

The post How To Stop McAfee Pop-ups appeared first on Gridinsoft Blog.

Your Computer is Infected

Polina Lisovskaya — Wed, 12 Jun 2024 09:57:04 +0000

Your computer is infected is a campaign of scam pop-up notifications, that aims at tricking users into downloading unwanted programs. Key purpose of the popups is to intimidate people, making them think their system is infected. Let’s debunk this scam by going through each of its steps, and see how to avoid it in future.

What Is “Your computer is infected” Notification?

The “Your computer is infected” pop-up notification is a scam that aims at intimidating the user and forcing them into further fraudulent actions. These notifications usually appear as pop-up windows or alerts that can look like legitimate system messages, antivirus alerts, or browser notifications. In fact they are totally fake, designed to scare or trick users into taking a particular action, often by making them believe their computer is infected with a virus or other malware.

Your computer is infected notification

This usually results from visiting websites with pirated content, such as movies or games, as well as adult content sites. These websites often embed malicious code, so any interaction with the site, whether it’s clicking a link or pressing the play button, can lead to redirects and, eventually, pop-up notifications or a flood of ad banners.

How Does This Scam Work?

Let’s go through the entire course of action to understand the source of fake notifications. As I mentioned earlier, in most cases, the first step is about the user visiting dubious websites. The issue lies in the fact that the owner of a pirated site usually adds hidden redirect links to everything on the site: buttons, images, links, etc. With such traps, any click on these elements automatically triggers a redirection, and the user finds themselves on another site, the one that offers to allow pop-up notifications.

From the user’s perspective, this looks like anti-DDoS or anti-bot protection. They allow pop-ups, willing to keep watching. But that is what allows for the rest of this scam.

Flood Of Notifications & Fake Scan

Typically, right after clicking “Allow,” nothing seems to happen, so the user doesn’t pay much attention to it. However, after a while, the websites start sending a huge number of notifications. Although these notifications come from the web browser, they look like system alerts and can contain various messages.

This is where “Your computer is infected” pop-ups hove into view. Appearing in dozens, they confuse people due to excessive usage of capital letters and alarming wording. When the user clicks on this notification, it throws them to a fraudulent website. The site then performs a fake scan, finds numerous issues, and suggests installing a “fix tool” to resolve these problems.

Obviously, all these “issues” and detected malware are fake because no website can scan a device for viruses – it is just technically impossible. These actions aim to trick the user into installing unwanted software, particularly rogue antiviruses or pseudo-effective apps.

Fake Support Page

An alternative scenario involves redirecting the user to a fake tech support page. In this case, the user lands on a webpage that mimics an official Microsoft support site. Typically, this page displays banners or notifications claiming issues with the computer and urges the user to call a specified number for assistance.

Fake tech support scam

If the user calls the provided number, they reach scammers posing as legitimate support staff. These fraudsters may attempt to obtain personal information or credit card details, trick the user into paying for “fixing” nonexistent issues, or gain remote access to their computer through a remote connection. The latter is particularly dangerous as it grants the scammers full control over the device.

Is Your Computer Infected?

It is possible to manually remove the pop-up source through the browser interface. To do this, go to your browser settings, find notification settings, and remove all the sites listed as ones that can send notifications. Reload the browser to apply the changes.

Disabling browser pop-ups (scroll images)

Afterward, I still recommend performing a system scan for malware using legitimate antivirus software.

Download Anti-Malware

The post Your Computer is Infected appeared first on Gridinsoft Blog.

Re-Captha-Version Pop-Up Virus

Stephanie Adlam — Wed, 20 Mar 2024 15:28:43 +0000

Recent user complaints show a new wave of malicious Re-Captha-Version website pop-ups. Such websites aim to force users into allowing pop-up notifications and send dozens of pop-up advertisements. Let me explain how this all works and how to stop pop-ups from appearing.

Let’s figure out what this scam is, and how to stop Re-Captha-Version pop-ups.

What are Re-Captha-Version pop-up notifications?

Re-Captha-Version is a browser notification spam campaign that takes place on an eponymous website. An entire network of such sites has similar names and content. All of them aim at one thing – forcing users to allow notifications, under the guise of anti-robot captcha. This makes possible the main course of this scam – huge numbers of pop-ups that flood both the web browser and system notifications.

List of domains involved in the scam

Domain	Registered	Report
Re-captha-version-3-271.buzz	2024-07-05	Scan Report
re-captha-version-3-275.buzz	2024-05-31
re-captha-version-3-278.buzz	2024-06-14
re-captha-version-3-290.buzz	2024-03-15
re-captha-version-3-298.buzz	2024-03-12
re-captha-version-5-1.com	2024-03-03
re-captha-version-3-73.fun	2024-02-13	Scan Report

Websites like Re-Captha-Version commonly appear after the redirection from another site, or following the click on the suspicious banner somewhere on the Web. If you try visiting such websites apart from the malicious redirections, they will likely return a white screen or various error messages. In some cases, they work, but the content is the same as the first time – just the offer to enable pop-up notifications.

Common example of Re-Captha website

But what for all this is running? Promotions that such websites show are extremely cheap, but their volume multiplied by the number of victims gives quite a substantial profit. Considering that these frauds will advertise other malicious actors, the profit may be smeared through several cybercriminal groups. And while there are ways to earn more, and in a legitimate way, pop-up spam campaigns are extremely easy to run. This is what causes these fraudulent sites to keep going.

How dangerous are Re-Captha-Version pop-up notifications?

Despite what they look like, pop-ups are a rather dangerous thing, especially when dozens of them appear in a short period. The main effect is distraction: pop-ups will keep appearing even after closing the browser. They clutter the notification tray, making it impossible to find the alerts you need.

Desktop notifications sent by Recaptha site

But the key danger hides in the content of those promotions. Pages and offers they promote are not even remotely relevant. Moreover, the links these advertisements lead to are often just clickbait websites or outright phishing pages. The longer all this happens, the more likely for the user to accidentally click one and get into a sticky situation.

How to remove Re-Captha-Version?

Removing pop-ups from the browser involves two steps – disallowing sending notifications to all sites and scanning your system for threats. The first one is manual – you need to go to your browser settings, open the page with notification settings and delete all entries there. Then, reload your browser for the changes to take effect.

Disabling browser pop-ups (scroll images)

For the second step – scanning for threats – I recommend using GridinSoft Anti-Malware. Ads can lead to the installation of unwanted software. But aside from this, the appearance of Re-Captha-Version website may be the sign of adware activity. To ensure that your device is clean, run a Standard scan and let it finish – it won’t take long.

Download Anti-Malware

The post Re-Captha-Version Pop-Up Virus appeared first on Gridinsoft Blog.

PUABundler:Win32/FusionCore

Stephanie Adlam — Fri, 08 Mar 2024 14:44:15 +0000

PUABundler:Win32/FusionCore is a designation that Microsoft Defender Antivirus uses to detect and remove potentially unwanted programs (PUP) that are spread by bundling technology. FusionCore is not a stand-alone program, it is a piece of code that can install various unwanted elements such as adware, toolbars or browser extensions on your computer. Let me show you why it is dangerous and how to remove it.

What is PUABundler:Win32/FusionCore?

PUABundler:Win32/FusionCore is the detection name for a tool used for bundling additional applications with the main one. Initially, it was used to make the monetization of free software easier. But, nowadays it is mostly used for spreading unwanted software like adware, browser plug-ins, and pseudo-effective apps.

If you see the detection of PUABundler:Win32/FusionCore, it means that a software installer you’ve downloaded is infused with this bundler. Although it is not highly dangerous, having it running in the system is not desirable, and can end up with malware injection. Because of this, and also due to the hidden information about such installation methods, software bundling is considered an unwanted practice.

Is PUABundler:Win32/Fusioncore a false detection?

There is always a possibility for an antivirus detection to be false. Win32/Fusion core is not an exclusion, and it is particularly known to pop up on Android emulators. A particular apps users complain to have problems with is Nox APP Player.

Reddit post with complaints about the emulator software being detected as FusionCore

It is not clear whether the app is 100% trustworthy or not. Some users suppose that this detection is due to the way the emulator displays ads. However, the detection itself is related to the operational file, i.e. there can barely be any code corresponding to the FusionCore description.

Win32/FusionCore Threat Analysis

The Win32/FusionCore operates in a unique way as it does not cause direct harm to the system. When executed, it installs additional software without the user’s consent, leading to unwanted changes in system settings or behavior. The symptoms of PUABundler:Win32/FusionCore infection I’ve encountered during the research include:

A significant increase in the number of pop-ups and banners that appear when browsing the Internet. These ads began appearing on websites where they were previously absent, disrupting the experience. Such a change is typical for adware activity.

Examples of unwanted pop-up advertisements

Unwanted software brought by Win32/FusionCore has permanently changed the browser homepage and default search engine settings. We found that the browser now opens to a different homepage or that search queries are redirected through unfamiliar search engines.
The system’s performance and Internet connection bandwidth become noticeably worse due to the large number of junk apps running on it. This is to be expected on a test system that I set up to correspond a weak computer build.
Win32/FusionCore itself made unauthorized changes to system settings. In particular, it modified the Windows registry and changed security settings.

How to Remove PUABundler:Win32/FusionCore?

Removing PUABundler:Win32/FusionCore from an infected system requires a comprehensive approach. Here are the steps to effectively remove Bundler FusionCore:

Run a full system scan with a reliable antivirus software. We highly recommend Gridinsoft Anti-Malware. It can easily detect and remove PUABundler:Win32/FusionCore and related threats.
Reset your browser settings. You can either do this manually through your browser settings or use GridinSoft Anti-Malware to do it for you. With the program, you can reset all your web browsers in just a few clicks, saving you a significant amount of time.
It is important to use caution when downloading and installing programs from the Internet to prevent further infection. Always choose official or trusted sources and avoid unreliable or suspicious sites. In addition, choose selective or advanced installation mode whenever possible and avoid any additional or recommended components that could potentially contain PUPs.

The post PUABundler:Win32/FusionCore appeared first on Gridinsoft Blog.