Skip to main content

Dell laptop scam pop-up removal in Putney SW15

Dell laptop in Putney SW15 with full-screen scam pop-ups warning of fake virus infections. We cleaned the browser hijack, removed the persistence mechanism, and briefed the customer on the tech-support scam pattern.

5 min read By PC Macgicians Dell Dell laptop
PC Macgicians support guide cover artwork

A Dell laptop in Putney SW15 was showing alarming full-screen pop-ups warning of fake virus infections and pushing the user to call a phone number for ‘Microsoft support’. We removed the underlying browser hijack and persistence mechanism, then walked the owner through how to spot the same scam pattern in future.

Case Summary

Device
Dell laptop
Problem
Full-screen pop-up alarms claiming the laptop was infected and instructing the user to call a phone number. Pop-ups returned after browser restart.
Diagnosis
Browser hijack: malicious site granted notification permission and the browser had been set to start with a tab pointing at the scam page. No actual malware on the system itself.
Fix
Browser reset to defaults, site permissions cleared, startup tabs cleaned, hosts file checked, full anti-malware scan run as a precaution.
Outcome
Clean browser, no recurring pop-ups, no infection. Customer briefed on the tech-support scam pattern.
Timeframe
Same-day workshop turnaround

What Was Happening

Full-screen pop-ups appearing while browsing. Each one styled to look like a Windows or Microsoft warning. The text varied — “your computer is infected with five viruses”, “your bank details have been exposed”, “do not turn off your computer” — but every one included a UK phone number to call for “support”.

Restarting the browser brought the pop-up back. Restarting the laptop brought it back. The customer was anxious enough that they had nearly phoned the number, which is exactly what the scam relies on.

Our Diagnosis

The visible symptom (a “virus warning”) is misleading. The first job is to work out whether there is an actual infection on the system, or whether the pop-ups are coming from a website misusing the browser:

  1. Boot to Safe Mode with Networking. Logged in. Opened the browser. No pop-up appeared. That is the first useful clue — actual malware running on the system would still be active in Safe Mode. Browser-side scams are not.
  2. Examined browser startup configuration. The browser was set to “open these specific pages at startup”, and one of the listed pages was the scam site. Every browser launch was visiting the scam page automatically.
  3. Examined site permissions. Notifications had been granted to the scam domain — meaning the site could push system-level desktop notifications even when the user was not actively visiting it.
  4. Checked installed extensions. None unfamiliar. The hijack was operating entirely through legitimate browser features that the scam site had requested permission to use.
  5. Ran a precautionary scan with two independent anti-malware tools. Both clean. The system itself was uninfected; the symptom was entirely browser-driven.

How We Fixed It

The right repair for a browser-driven scam pop-up is browser-side, not antivirus-side:

  • Removed the scam URL from the browser’s startup pages and reset the homepage.
  • Cleared all granted site permissions, with particular attention to notifications and pop-ups.
  • Cleared the browser’s locally-cached service workers — these can persist after a page has been closed and continue showing notifications.
  • Reset the browser’s default search engine and removed any unfamiliar entries from the search engine list.
  • Checked the Windows hosts file for unauthorised entries (none in this case).
  • Ran the precautionary full-system scan that confirmed no actual malware was present.
  • Updated the browser to the current version — older browser versions have weaker controls around aggressive notification requests.
  • Restarted the laptop, opened the browser, browsed a few normal sites — confirmed no recurrence of any pop-up.

The Result

Clean browser, no recurring pop-ups, no infection. We briefed the customer on the scam pattern so they can recognise the next one before it gets to the point of phoning anyone.

Why this matters — the tech-support scam pattern

The “tech-support scam” is one of the largest categories of online fraud against consumers in the UK. The pattern is consistent:

  1. The pop-up appears — usually full-screen, often with a recorded voice playing. It looks like a system warning and is designed to panic the user.
  2. It instructs the user to call a phone number for immediate help.
  3. The “support agent” who answers asks the user to install a remote-access tool (AnyDesk, TeamViewer, LogMeIn, occasionally fake variants).
  4. Once connected, the scammer either (a) shows the user fake “evidence” of viruses and bills them for “removal”, (b) asks for bank details to issue a “refund” and then transfers money out, or (c) installs actual malware for later use.
  5. The bill is often £200–£500 for nothing of value.

The single fact that matters: real Microsoft, Apple, antivirus vendors and banks never include a phone number in a pop-up warning. Real warnings appear in the operating system’s own notification area, not in the browser, and they never instruct you to call somewhere.

If you have already called the number

  • Disconnect the device from the internet immediately.
  • Uninstall any remote-access software the scammer asked you to install.
  • Change passwords for email, bank, and any other accounts you use on that device — from a different device.
  • Tell your bank if you gave bank details or made any payment.
  • Run a full anti-malware scan to remove anything the scammer may have installed.
  • Report it to Action Fraud (the UK’s fraud reporting service).
  • Consider professional help to verify the device is clean — anything that was on screen during a remote-access session was visible to the scammer.

How to avoid it

  • Update browsers regularly. Modern browsers do a much better job of blocking aggressive notification requests than older versions.
  • Don’t grant notification permission to sites you don’t trust completely. The pop-up that asks “this site wants to send you notifications” should almost always be denied unless it is a site you use heavily and want notifications from.
  • If a “virus warning” tells you to call a number — close the browser. Use Task Manager (Ctrl+Shift+Esc) to force-quit if the browser refuses to close.
  • If the same pop-up reappears on browser restart, your browser startup pages have been hijacked. Reset them in the browser’s settings.
  • Run a reputable anti-malware scan monthly even if nothing seems wrong.

Local Help in Putney SW15

A virus-removal job that doesn’t address how the infection arrived in the first place is half a job.

We pair the clean with a security configuration review so the next infection has a harder time getting in.

Call 020 7610 0500 or drop the laptop into our Putney workshop (SW15).

More Case Studies

Helpful Internal Links

Key Takeaways

  • Most 'your computer is infected' pop-ups are not infections at all — they are scam pages designed to get you to phone a fake support number.
  • Real Microsoft, Apple, and antivirus alerts never include a phone number to call. Any pop-up that tells you to call a number is a scam.
  • If you've already called the number, change passwords for your email and bank accounts and check for any remote-access software the 'support agent' may have installed.

Need Help With This Issue?

Get expert help with Virus Removal.

Virus Removal in Putney All Virus Removal services

Related Services

Related Town Pages

Explore more

Related Case Studies

View all