Occasionally in the past week I've had a full screen browser popup appear while I'm not doing anything except reading a web page. Sometimes it is a new page and others it replaces the page I'm looking at. It pretends it is from Telstra and includes Telstra logos. The web site it comes from is https:// ca-win-phone20 .com . I've put spaces in so it can't show up as a link. I don't want anyone to accidentally go there. I've got a capture of the page it puts up and its full URL but I am unsure how to post an image here. Help appreciated to post the image and ideas about what is almost certainly a scam. A Google search for the URL wasn't much help.
Possible Scam - Browser Popup
BobD on 08/04/2020 - 07:30
Comments
Not yet. I'll do it soon and get back. Thanks.
An MB scan does not detect anything.
Also, if you haven't already, consider installing a good pop up stopper such as AdBlock.
Also have you run a full scan with your anti-virus client?
BTW a pop up is not a scam itself, what it advertises may be though.
The AV client scanned about 5 million files with no problems reported.
Google the complete website address,if you cannot find the info from there try doing a RESTORE of your computer and see if that gets rid of it
Clear your web browser history
also your Internet Temp folder which you can do by using the Clean Disk option via right clicking your Hard Drive and selecting PropertiesEvery time the browser is closed it automatically clears all Browsing History, Download History, Cached Images and files, Passwords and Autofill fields. I don't allow PWs and Autofill to be saved anyway. I retain Cookies and web site Permissions (location etc.). Clearing those would make browsing a PITA. I'll clear the temp folders soon.
Here's some useful add-ons (to stop websites tracking you) at the end of this page: https://www.privacytools.io/browsers/
Are you using the latest browser software?
I am using ChrEdge as the browser and it's fully up to date. It has maximum privacy settings on which block pop ups and almost all advertising, blocks 3rd party cookies, and I have now blocked the pop up URL in the
browserrouter (ASUS RT-AC86U) firewall.I'm doing a full AV scan of the machine. It's up to 4.1 million files scanned and still counting. So about another 1 mil files to go. Just as well I have a fast processor and all disks are SSDs else it would still be running tomorrow.
I have to go out soon on a very important mission. The missus tells me we are nearly out of loo paper. Talking about loo paper, have y'all seen the DT paper on Amazon? https://www.amazon.com/Novelty-Democrats-Republicans-Absorbe…
Here are my procedures.
Download the following:
https://www.bleepingcomputer.com/download/malwarebytes-anti-…
https://www.bleepingcomputer.com/download/adwcleaner/dl/382/
https://www.bleepingcomputer.com/download/rkill/dl/10/Install and Run them in the same order.
AdwCleaner will do most of the job.
Also, update windows defender and install windows update if applicable.
If else fails, restore windows to a point when this issue did not occur. If restore points are configured.
second for malwarebytes and adwcleaner, based on my experience.
I explicitly checked for updates and there were none outstanding.
unsure how to post an image here
- My Account
- Click Files
- Upload
Internal link will be generated for file. Paste in topic.
Thanks
Image coming soon.Just looked and My Account doesn't have any selection for Files.
Should do.
Here's mine, Files is highlighted orange because I had the cursor over it.
https://files.ozbargain.com.au/upload/88188/78579/files.jpgThanks Jim
Check and/or remove browser tools/extensions/add-ons.
None installed
Try browsing the same URLs that trigger the pop-up in another browser to see if it's browser-specific. If it's not browser-specific, then you might have some malware in your OS. If it only happens in one browser, you can try creating a new profile in that browser to see if that solves the issue.
I got another weirdo pop up this morning that said something like foxtrot.com was insecure.
These problems have only been happening since I changed to Cloudflare encrypted DNS about a week back. I chose the address of 1.1.1.2 and 1.0.0.2 which is supposed to have malware blocking. I think I will go back to Google encrypted DNS at 8.8.8.8 and 8.8.4.4 for the moment. I'll sit back and not do too many changes for the moment. When the new Windows release (20 03) comes along I'll do a full wipe it all and install new. By the way, not sure about other browsers but ChrEdge has the setting to run encrypted DNS. If interested then Google how to do it as it is not part of the usual settings.
Here is the link to the actual scam content. The link to it is included (by me) in the image. That link has been modified to remove my internet IP address. I have put in aaa.bbb.ccc.ddd as a sub for my address. I might add that I am not a Telstra customer for ANY phone or internet service despite what the image implies.
https://files.ozbargain.com.au/upload/79210/78582/scam.jpgTry the Cloudflare recommended 1.1.1.1 and 1.0.0.1
Thanks, I know about them but since I've already changed back to Google DNS I'll leave it there for a few days and then change to Cloudflare as you suggest.
I found that the problem always happened when I was viewing a particular web site. I banned all trackers from that web site and no more problem.
Have you run a scan with Malwarebytes yet?
The free version will do.
https://www.malwarebytes.com/mwb-download/