05/22/2026
A client reported this issue on their computer. What should I do to remove it and prevent it with countermeasure?
Gemini Fast 3.5 Answered with
# # Take a Deep Breath: It’s a Tech Support Scam
First, the good news: **this is a fake warning.** What you are looking at is a classic "tech support scam" popup.
It is almost certainly just a webpage running in full-screen mode inside the browser (you can see the Chrome icon on the taskbar and a sliver of a browser tab at the very top). The computer itself isn't actually locked down, and there is no Trojan horse—the goal is simply to scare the user into calling that 1-866 number so scammers can steal their credit card info or install actual malware.
Here is exactly how to clear it right now and protect the client moving forward.
# # Phase 1: How to Remove It (Right Now)
Since this is usually just a stubborn browser window designed to block clicks, you need to force-close it.
1. **Kill the Browser:** * Press **Ctrl + Shift + Esc** to open the **Task Manager**.
* Look for the web browser (Google Chrome, Microsoft Edge, etc.).
* Click on it and select **End Task**.
2. **Clear Browser Cache and History:**
* Reopen the browser, but **do not** click "Restore pages" if it asks.
* Press **Ctrl + Shift + Delete** to open the "Clear browsing data" menu.
* Clear the cache, cookies, and history from at least the last 24 hours to ensure the malicious URL isn't cached.
3. **Run an On-Demand Malicious Scan:**
* While it’s likely just a script on a website, run a scan just to be safe. Open the actual Windows Security app (Settings > Privacy & security > Windows Security) and run a **Full Scan**.
* *Optional but recommended:* Run a scan with a trusted free remediation tool like **Malwarebytes** to check for malicious adware or rogue browser extensions that might have redirected them there.
# # Phase 2: Countermeasures (To Prevent It From Happening Again)
Scammers trap users via malicious ad networks (malvertising) or typosquatting (misspelling a common website URL). Implement these layers to protect the client:
# # # 1. Install a Robust Ad Blocker
The single best defense against these popups is blocking the shady ad networks that serve them.
* Install **uBlock Origin** (a free, open-source, highly efficient extension) on whatever browser the client uses (Chrome, Edge, Firefox). This will block 99% of malicious redirects before they can even load.
# # # 2. Secure Browser Settings
* **Block Notifications:** Scammers often use browser notifications to push fake virus alerts later on. Go to the browser's settings (Privacy and security > Site settings > Notifications) and ensure it's set to **"Don't allow sites to send notifications"** or strictly vet allowed sites.
* **Enable Safe Browsing:** Ensure "Enhanced Protection" is turned on in Chrome or "Mitigate security risks" is active in Edge.
# # # 3. Consider DNS-Level Filtering
If this client is particularly prone to clicking bad links, change their DNS settings (either on their local machine or their router) to a secure, free DNS provider that blocks known malicious domains automatically:
* **Cloudflare Families:** 1.1.1.3 and 1.0.0.3 (Blocks malware and adult content)
* **Quad9:** 9.9.9.9 (Blocks known malicious domains)
# # # 4. Client Education (The Ultimate Firewall)
No software can completely replace user awareness. Give the client a quick brief:
* **The "Dead Giveaway" Rules:** Microsoft will **never** put a phone number on a malware warning. Microsoft will **never** lock a screen and demand a call.
* **The Escape Hatch:** Teach them that if a screen ever freezes like this again, they should just press **Alt + F4** to close the window, or hold the power button down to restart the computer rather than calling any numbers.
