How to Remove Tech Support Scam Pop-ups

One of the easiest tricks to fall for online, and particularly if you are using a version of the Windows operating system, is a tech support scam. These scams started as over the phone types of scams but have since migrated to full-fledged software attacks now. They are so common in fact that almost everyone has heard of at least someone who was not so computer savvy ask what they should do about the message that is on their computer’s display that says there is a problem and they should call “such and such” to fix it.

Those who are little more experienced behind a computer would know that there is no way in the world a company like Microsoft wants you ever to call them unless you absolutely have to and generally speaking that is not going to be because its operating system has picked up a problem. Worst case scenario, you might get a message from Windows suggesting that perhaps you should run an antimalware scan or something—but we do not even have that much, yet.

What Is a Tech Support Scam?

A tech support scam is defined by any number of telephone fraud activities that pretend to offer you real tech support services to help solve problems relating to your computer that do not exist.

Often these types of scams are carried out on Microsoft Windows software with the tech support caller pretending to be part of the Microsoft team. Microsoft gets targeted more than any other operating system because it has the most people using it. As Mac computers gain more market share, more malware is beginning to target that operating system as well.

How Likely Am I to See a Tech Support Scam?

The average user likely will not see any tech support scams because most websites you visit are trustworthy. It’s only when you start to visit websites that are known to be less trustworthy that you may fall victim to tech support scam software. An example of a website that may contain tech support scam software is a torrent sharing website, where files are being uploaded by random people and offered to you free of charge. While most good torrenting sites do try to prevent malware, the reality is that many users are subjected to files that contain malware before the websites find out about it and take the link down. If you are one of those unlucky few, then that is when you may get malware. You can also find tech support scams popping-up on top of illegal streaming websites as advertisements. Because these illegitimate streaming services cannot sign up to official ad networks, they still choose to monetize their streams with shady ads that can contain some malware such as the tech support scams. If it is just an ad you see, though, you should be able to click out of it because it’s not downloaded onto your computer.

What Do Tech Support Scams Look Like?

Most tech support scams will be bits of software that you’ve accidentally downloaded onto your computer, shared through torrent files and so forth, and they can vary between small pop-ups on your computer’s display to pop-up messages that take up the full computer screen and make it near impossible for you to get it off. But the general interface will show you a message about how your computer has a problem, and to fix it, you will need to call xxx-xxx-xxx number to rectify it.

The following tutorial demonstrates how to remove the malware from your computer.

Method One: How to Remove Tech Support Scam Pop-ups by Resetting Browser to Default Settings and Cleaning Up Browser

If you see some of these problems, you might have malware installed on your computer. If the malware is secluded to the browser, you should be able to remove it by resetting the browser’s settings.

Pop-up ads continuously interrupting your web browsing experience
New browser tabs loading websites which differentiate from your defaults selected
Unwanted web browser extensions and toolbars keep coming back
The web browser redirects to webpages or ads that you did not request
Fake alerts regarding a virus or an infected device

You can avoid this unwanted software in the future by only downloading files from secure sites.

Do step 1, step 2, or step 3 depending on what it is that you would like to do.

1. To Reset Google Chrome

Here is how you can reset the browser settings from the Settings and more menu in Google Chrome:

a. Click on the Settings and more (Alt+F) three-dotted menu icon, and then click on the Settings link from the menu. (click to enlarge screenshot below)

b. Scroll down and then click on Advanced at the bottom of the page. (click to enlarge screenshot below)

c. Under the Reset and clean up heading, click on the Restore settings to their original defaults link. (click to enlarge screenshot below)

d. From the Reset settings overlay, click on the Reset settings button. (click to enlarge screenshot below)

e. Under the Reset and clean up heading once again, click on the Clean up computer link. (click to enlarge screenshot below)

f. Next to where it says Find and remove harmful software, click on the Find button. (click to enlarge screenshot below)

You can now close the Google Chrome web browser and continue using your computer if you like.

2. To Reset Mozilla Firefox

Here is how you can reset the browser settings from the Settings and more menu in Firefox:

a. Click on the Settings and more three-lined menu icon, and then click on the Help link. (click to enlarge screenshot below)

b. Click on the Troubleshooting Information link. (click to enlarge screenshot below)

c. Click on the Refresh Firefox button. (click to enlarge screenshot below)

d. Click on the Refresh Firefox button when you get the confirmation dialog box.

You can now close the Mozilla Firefox browser and continue using your computer if you like.

3. To Reset Microsoft Edge

Here is how you can reset the browser settings from the Settings and more menu in Microsoft Edge:

Notes:

As of January 2020, the new Chromium-powered Microsoft Edge browser has been made generally available, and it comes with a built-in Potentially Unwanted Program (PUP) blocker. It will not have helped you in preventing any malware yet because Microsoft has the Potentially Unwanted Program blocker turned off by default. The reason for this is because it’s still debated whether a PUP is indeed malware since some PUPs can prove useful to some people, hence the term “potentially” in Potentially Unwanted Program.
In times past, you would have had to reset the Microsoft Edge browser from the Settings application in Windows 10. That did not make much sense if Microsoft wanted people who use other operating systems to use their web browser. And since alternative operating systems are gaining additional market share, it meant that many Mac users, in particular, could not reset Edge. In the updated Chromium-powered version of Edge, Microsoft has made a change so you can now reset the browser from its settings, similar to what you would find with Google Chrome. They have also removed the option to reset the browser from the Settings app.

a. Click on the Settings and more (Alt+F) three-dotted menu icon, and then click on the Settings link from the menu. (click to enlarge screenshot below)

b. From the Settings menu, click on the Reset Settings link. (click to enlarge screenshot below)

Note: You only see the left Settings menu that you need is you have expanded the browser window so that it is large enough to show up.

c. Under the Reset settings heading, click on the Restore settings to their default values link. (click to enlarge screenshot below)

d. From the Reset settings overlay, click on the Reset button. (click to enlarge screenshot below)

You can now close the Microsoft Edge browser and continue using your computer if you like.

While resetting and cleaning up your web browser may remove the malware from the browser directly, it is possible, depending on the malware, that there are still associated malicious files leftover on the Windows operating system. These leftover files can cause malware to change the browser’s settings again. If you need to take further action because you suspect malware is continuing to change your browser’s settings, you ought to continue with another method below that either removes the malware via a built-in antivirus like Microsoft Defender or a third-party antimalware program.

Method Two: How to Remove Tech Support Scam Pop-ups Using Windows Defender

Windows 10’s default antivirus program, Windows Defender, doubles as very good antivirus and antimalware protection. The term “antimalware” is a more modern version of the term “antivirus” because a multitude of malicious programs exist today rather than computer viruses alone. Windows Defender finds all sorts of malware and is antimalware that keeps the traditional antivirus name to avoid confusion. That said, Windows Defender still might not remove a Potentially Unwanted Program (PUP) on your computer until you enable the PUP protection first. If you tried an antivirus/antimalware scan with Windows Defender and the malware was not found, you can try enabling the PUP protection and try again before installing third-party software on your computer.

Note: The terms “Potentially Unwanted Programs” (PUPs) and “Potentially Unwanted Applications” (PUAs) are interchangeable. When referring to misleading software installed as a bundle or without users’ consent, common antimalware programs use the term “PUP;” however, Microsoft prefers “PUA” in Windows 10.

Part One: How to Enable or Disable Windows Defender PUP Protection in Windows 10

When removing Potentially Unwanted Programs from your computer with the default Windows Defender antivirus, you should enable PUP protection first. Here is how to do that:

Option One: How to Enable or Disable Windows Defender PUP Protection in Windows PowerShell

1. Open an elevated Windows PowerShell.

2. If you are prompted by User Account Control, click on the Yes button.

3. Type one of the following commands into the Windows PowerShell window, depending on what you want to achieve, and then press the Enter key on your keyboard to execute it:

To Enable Windows Defender PUA Protection:

Set-MpPreference -PUAProtection 1

Set-MpPreference -PUAProtection Enabled

To Disable Windows Defender PUA Protection (Default):

Set-MpPreference -PUAProtection 0

Set-MpPreference -PUAProtection Disabled

Audit Mode – detects PUPs, but does not block them:

Set-MpPreference -PUAProtection 2

Set-MpPreference -PUAProtection AuditMode

4. Restart the computer before attempting to run a new Windows Defender antivirus scan that searched for extra PUPs.

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Two: How to Enable or Disable Windows Defender PUP Protection in Local Group Policy Editor

Notes:

You can only use this option from the Local Group Policy Editor starting from Windows 10 version 1809.
The Local Group Policy Editor is only available in Pro, Enterprise, and Education editions of Windows 10.

1. Open the Local Group Policy Editor.

2. Using the Local Group Policy Editor’s left pane, navigate through to the following location:

Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus

3. With Windows Defender Antivirus selected, click on Configure detection for potentially unwanted applications from the right pane.

4. From the Configure detection for potentially unwanted applications policy, select either Not Configured (to turn off Windows Defender PUP protection), Enabled (to turn on Windows Defender PUP protection), or Disabled (to turn off Windows Defender PUP protection).

Note: If selecting Enabled, a drop-down menu appears in the Options window that offers additional options to configure the group policy if you like. For example, from the drop-down menu, you can select Blocked which means the Configure detection for potentially unwanted applications policy will be enabled, and the potentially unwanted programs will be blocked from being downloaded onto your computer. It is suitable for most people to select Blocked from the drop-down menu in the Options window to stop PUPs getting onto your computer in future.

You can now close the Local Group Policy Editor and continue using your computer if you like.

Part Two: How to Manually Scan Files, Folders, and Drives with Windows Defender in Windows 10

Windows 10 provides the latest antivirus protection with Windows Security. Your device will be actively protected from the moment you start Windows 10. Windows Security continually scans for malware (all types of malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protected from threats.

Some features differ if you are running Windows 10 in S mode. Because this mode is streamlined for tighter security, the Virus & threat protection area has fewer options. However, that does not mean it is less secure—the built-in security of this mode automatically prevents viruses and other threats from running on your device, and you will receive security updates automatically.

Windows Defender automatically scans your system periodically, so it should pick up and remove any malware on your computer by itself over time. If you need a quick solution, Windows Defender also allows for manual scans so that you can scan any location on the operating system immediately.

Note: The Windows Defender antivirus application shown below comes out of the box on all versions of Windows 10, the latest version of Windows operating system. If you are running an older version of Windows, such as Windows 7, then you can skip to one of the next parts that shows you how to install a third-party antimalware application instead.

Option One: How to Scan with Windows Defender Using Context Menu

Here is how you can run an antivirus scan with the built-in Windows Defender antivirus program from the context menu of a file or folder:

1. From File Explorer, select the drive, folder, or file that you suspect may contain the potential malicious program.

2. Right-click on Scan with Windows Defender from the context menu. (click to enlarge screenshot below)

Downloads folder -- Scan with Windows Defender — You can right-click on any file, folder or drive in File Explorer. Click on This PC in File Explorer’s navigation pane to view your most commonly used folders, as well as the available drives.

3. When the scan completes, Windows Defender Security Center will open and show you the results. The total time for the scan to complete will vary. Scanning drives will take the longest, while scanning individual files the quickest.

Note: The Windows Defender Security Center has been renamed to Windows Security in newer versions of Windows 10. All the settings within the app remain the same.

Windows Defender Security Center -- threats found, files scanned — When the antivirus scan is complete, you get the scan results—threats found and files scanned—on the same page of the Windows Defender Security Center.

4. If the scan did find threats, you can Start actions or See threat details. (click to enlarge screenshots below)

Note: Clicking on Start actions will result in Windows Defender removing the threat immediately whereas choosing See threat details allows you to see the threat and also choose what you want to do with it more specifically.

Windows Defender Security Center -- Start Actions — The Start Actions buttons appears if the antivirus has found any threats.

Windows Defender Security Center -- Action options — Removing the file completely removes the file from the computer while quarantining it moves the file to a safe location on your computer. You can select Remove when you know you don’t need the file that contains the virus.

The malware we’ve used in these screenshots is test malware, designed to imitate how real malware works so it will show up in Windows Defender scan results. We don’t ever recommend downloading actual malware onto your computers.

You can now close the Windows Security app and continue using your computer if you like.

Option Two: Scan with Windows Defender in Windows Security

Here is how you can run an antivirus scan with the built-in Windows Defender antivirus program from the Windows Security app:

1. Open Windows Security.

2. Click on the Virus & threat protection icon in Windows Security’s Security at a glance page.

3. To Run a Quick Scan with Windows Defender

a. Click on the Scan now button.

4. To Run a Full Scan with Windows Defender

a. Select Full scan and then click on the Scan now button.

5. To Run a Custom Scan with Windows Defender

a. Select Custom scan and then click on the Scan now button.

6. Select the file, folder, or drive that you want to scan and then click Select Folder. (click to enlarge screenshot below)

7. Windows Defender starts scanning the option that you chose.

8. When the scan completes, you get the results in numbers.

9. If Windows Defender did find threats during the scan, you can Start actions or See threat details.

Virus Alert level: Severe — The malware we’ve used in these screenshots is test malware, designed to imitate how real malware works so it will show up in Windows Defender scan results. We don’t ever recommend downloading actual malware onto your computers.

You can now close the Windows Security app and continue using your computer if you like.

Option Three: How to Scan with Windows Defender from Windows PowerShell

Here is how you can run an antivirus scan with Windows Defender from the Windows PowerShell:

1. Open the Windows PowerShell.

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it.

Update and Quick scan:

Update-MpSignature; Start-MpScan -ScanType QuickScan

Quick scan:

Start-MpScan -ScanType QuickScan

Full scan:

Start-MpScan -ScanType FullScan

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Four: How to Scan with Windows Defender from Command Prompt

Here is how you can run an antivirus scan with Windows Defender from the command line:

1. Open the Command Prompt.

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it. (click to enlarge screenshot below)

Update and Quick scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Quick scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Full scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

You can now close the Command Prompt window and continue using your computer if you like.

Method Three: How to Remove Tech Support Scam Pop-ups by Using Malwarebytes

If scanning with the Windows Security antimalware protection doesn’t remove the tech support scam pop-ups, you can try installing third-party antimalware tools, such as Malwarebytes, and see if that removes the tech support scam pop-ups instead. You can also use an antimalware program such as Malwarebytes to remove the extensions and all other related files remaining on your computer, so you don’t have to do any of it manually.

Note: Malwarebytes also has an application for smartphones that run on Android and iOS.

The iOS version will be very similar, apart from needing to use the Apple App Store in place of the Google Play Store. You will not have any problems finding it because your iOS software only comes with the Apple App Store.

1. Download the Malwarebytes for Windows from the Malwarebytes website.

2. If prompted by your web browser with a message that says “This type of file can harm your computer. Do you want to keep the executable (.exe) file anyway?,” click on the Keep button.

3. If you are prompted by User Account Control asking “Do you want to allow this app to make changes to your device,” click on the Yes button.

4. Click on the Scan Now button to begin scanning the computer for malware and other potentially unwanted programs. (click to enlarge screenshot below)

5. Wait for the scan to complete. (click to enlarge screenshot below)

6. Select all of the malware and potentially unwanted programs that you want to be removed from the computer and then click on the Quarantine Selected button. (click to enlarge screenshot below)

7. You may get a message from Malwarebytes letting you know that all selected items have been removed successfully, but the computer must be restarted before the removal process can be completed. Select the Yes button to reboot your computer now.

8. Upon signing back in to your computer, the Malwarebytes interface will open and let you know that the scan and quarantine are complete. (click to enlarge screenshot below)

Note: You can also export the scan results by clicking on Export summary from the main Malwarebytes results page and then clicking on the Export button from the scan report. (click to enlarge screenshot below)

You can now close the Malwarebytes interface and continue using your computer if you like.

That’s all.