Excessive pop-ups - How to remove

Pop-up advertisements or simply pop-ups is an advertising method that was first introduced in the late 1990s – one of the most popular methods of advertising to this day. Unfortunately, most of the time those ads are excessive and annoying. Worse, they are used by cybercriminals to monetize their web traffic or simply promote various malware infections and scams.

Excessive pop-ups and their types

Even though this looks like an innocent way to advertise something,  pop-ups can cause various problems to you as a regular user. In fact, it might be problems with your computer that cause the pop-ups to appear while browsing the Internet.

That’s right, pop-ups might be caused by adware or other types of malware operating on your computer or web browser. But they can also be displayed on various websites by the choice of the owner of that site, so the very fact that you are experiencing pop-up ads doesn’t mean that your computer is necessarily infected.

Eventually, that leads to the dilemma – how to tell whether your computer is infected and as a consequence you are seeing continuous pop-up advertisements, or you just had a bad run of visiting websites that have this type of ads? Well, there are some strong indicators that could help you to pinpoint the origins of an ad.

Aggressive and excessive pop-ups can be caused by adware viruses, or by infected websites:

Causes of excessive pop-up ads Infected websites,

adware or malware on your computer.

Types of bad pop-up ads Fake giveaways and lottery wins,

fake security warning alerts,

phishing sites,

malware-infecting pages.

Dangers of malicious pop-up ads Stolen personal information,

fake security software and support sold,

remote access to your computer given to fake tech support,

unregulated and restricted content appears in the browser.

How to stop pop-up spam Delete suspicious programs from your computer,

remove malware using antivirus tools (Combo Cleaner for Mac, SpyHunter for PC),

stop notifications from adware sites.

Pop-ups caused by malware and adware

When ads pop up on your screen on their own or when websites display unusually many ads, that could be caused by adware viruses and malicious programs.

For example, the Adrozek trojan injects ads into internet search results. These ads look just like real search results, but they’re included by a malicious program lurking on the victim’s computer.

One obvious sign that your computer is infected with malware is when the same obnoxious ads appear across different websites. For instance, if you notice identical advertisements (“You have been randomly selected to spin and get 1 unclaimed reward” or something similar) popping up on different, legitimate websites, it’s a sign that your computer is infected.

Also, malicious ads tend to look suspicious. You might receive offers that are too good to be true and that really try to seem urgent, for example, display countdowns that will expire the offer. Most of the time they are intended to scam you or trick you into a situation that you don’t want to find yourself in, such as scammers getting your personal info. By the way, malicious popups don’t have to be displayed as exciting offers – they can also warn you about something.

Warning pop-ups might also result from malicious software that is operating on your computer. They might warn you that your computer has some issues that need to be fixed immediately and in order to do that you will be asked to install some software or call a specific number. Though these fake alerts appear as pop-ups, they might be made to look like system warnings as much as possible. Fake warning alerts is how rogue applications, malware, and adware is installed on a computer. Yet again, if it happens repetitively on different websites, you have a malware infection operating on your computer.

Finally, pop-ups can be caused by web push notification spam. There are networks dedicated to delivering ads by randomly redirecting from the partnered websites (the websites don’t even always know about this) and delivering ads through notifications. If you subscribe to an infected site’s notifications, pop-ups right on your browser will continually show up, on any website. This type of pop-up spam is caused by faulty browser settings and can be fixed by modifying them. And you should, since the content that these spammers promote is not regulated and thus attracts advertisers who’ve been banned from legitimate ad-networks – fraudsters, scammers, hackers.

How scam pop-ups work

Regardless of the reason you are seeing malicious pop-ups, they can lead you to some really bad consequences. This type of advertising is a very effective way to distribute malware or simply scam users and cybercriminals take advantage of it. Simply clicking on a deceptive pop-up advertisement can result in your computer being infected with a virus or you getting scammed and losing money.

Arguably one of the most popular types of scam pop-ups is  technical support scams. There are plenty of them – computer blocked scam, Google Chrome critical error scam, Your battery is damaged by viruses scam, and so on. The scheme is plain simple – cybercriminals make you believe that your computer is dealing with some kind of serious and urgent problem and then they offer an easy way to solve it.

Your battery is damaged by viruses

Most of the time you will be offered to download some kind of software that will be able to fix the problem (often for a fee). The program usually displays lots of false-positive scan results to keep up the illusion that your PC is in need of fixing. It will try to scam you out of your money one way or another. I.e. you can be asked to purchase a premium version of a software or call their tech support, who usually gain people’s trust, get remote access to their computer, and convince them to buy very expensive and fake support by faking viruses on their device.

This type of scan can be performed without even attempting to promote software. A bad pop-up ad might urge you to call a specific phone number to receive assistance, often by threatening that if you don’t, something bad will happen to your computer. Viruses like Windows 10 License Has Been Corrupted or Error #268D3 will try to convince you that you have to call a specific number and solve some technical problems. Eventually, you will be asked to pay money for the help you have received or purchase bogus security services.

Even if your computer is free of viruses right now, the scam pop-up ad can be used to infiltrate various malware into the system. It is a really common way to distribute malware, thus be very careful about free offerings to install software, especially when it’s malware. Also, don’t click on suspicious ads that might redirect you to malicious websites. It’s not an overstatement that a site can automatically infect your computer with malware – exploit kits are made for just that.

Finally, phishing scams can use malicious pop-ups to spread. Phishing sites spoof legitimate websites for the purpose of stealing information. For example, a pop-up might appear as a notification about a new message in your favorite social media site. The ad then opens a copy of the login page of the website. If you enter your login details, those are then sent to the criminals behind the phishing site who can use them to hack your account.

How advertising networks and PPV work

Nowadays most advertising networks use the PPV system. PPV stands for Pay Per View and offers website owners to drive traffic to their websites. It is an efficient way to promote websites, products, and services since the buyer can select the type of audience by their age, interests, education, and lots of other specifics.

In fact, most adware infections are created and owned by various PPV networks. PPV networks deliver ads to users in the form of pop-ups. However, in order to be able to do that, they have to infect computers with adware viruses first and that explains a lot.

The main goal of adware creators is to infect as many users as possible and build a huge audience. Then they have to find companies or persons that are interested in promoting something and simply display their ads to the owners of infected computers – this is how they make money.

It is not a secret that PPV networks are the most popular among cybercriminals. Since they can’t advertise on legitimate advertising networks like Google Adwords or Facebook Ads, they go for alternatives like this to drive some traffic to their websites. That being said, if you are exposed to PPV ads online, you are most probably receiving offers from crooks. However, there are some exceptions and legitimate services or websites can be promoted on those advertising networks too.

Pop-up domain types and most popular advertising networks

There are several big names in this market of malicious advertising networks. This includes Adcash, Popcash, Propeller Ads Media, Taboola and several others. Arguably the most notorious network of adware is “Ads by Name“. Even though not all of the infections are owned by the same company, most of them act the same and were developed for the same purpose.


All PPV networks mentioned above operate adware as browser add-ons, but there are other types of adware infections that get installed directly on the computer. A good example is Provider ads – this adware virus installs the Privoxy proxy server on the computer and all connections to the Internet are made through it. This allows the virus to implement special JavaScript code to all websites you are visiting and display advertisements this way.

Also, domain names of pop-ups can be categorized into several different types:

  • Subdomain starts with lp – landing page;
  • Subdomain starts with “static” or “s.” – typically displays ads, meant to show images or landing pages only;
  • Subdomain starts with “ad”, “adm” – usually displays advertisements.
  • You have to stay away for random-named pages that are unrelated to the products shown in the pop-ups as these are a typical sign of malware infection. While advertising networks and typical landing pages try to avoid hardcore malware, random-looking page URLs might be throwaway or just infected. E.g. subdomains like : ywi.jsst.net, 7hyzz.popularprizes.7112773.com would look highly suspicious.
  • Homograph attacks can be used to make a URL that looks familiar but includes the wrong symbols – ones that look similar, like replacing ‘i’ and ‘l’. Misspelled domain names are also used.
Type Typical danger level
AkamaiHD, Cloundfront, Cloudflare, etc. Content delivery networks low – regular static ads
Fully numeric subdomains or garbage like 23623326.com Throw-away domains High
lp.something.com Landing pages for various products low – medium
s.something.com, static.something.com Static pages low – medium
ads, adM in name Ad network pages typically low-medium, might be pay per view.
Homograph attacks Phishing sites, fake giveaway scams medium – high

By the way, there are some very popular cloud hosting domain names that are used by popups. In general, they are harmless, yet this misuse makes them malicious. Some of the notorious examples would be akamaihd.net and Cloudfront.net.

Cloudfront.net Popups

How to solve excessive pop-ups problem

Regardless of the type of infection you have, the ultimate way to deal with pop-ups is to scan your computer with a professional anti-malware application. You can do that manually too by removing the virus from the control panel, Application folder, and other system folders – deleting malicious files from your hard drive. However, in order to be able to do that you have to know the name of malicious files that are causing excessive pop-ups.

To find out what kind of malware is operating on your computer, you should scan it with Spyhunter if you have a PC and Combo Cleaner if you have a Mac. The scan will take only several minutes and the program will automatically detect all malicious files and programs that are inside of your computer and present you with exact names.

Automatic Malware removal tools

Download Spyhunter for Malware detection

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

With this information, you will be able to complete the removal yourself. This is how it goes:

  1. Open control panel by pressing Windows key on a keyboard and selecting “Control Panel” (older versions of Windows) or right-click on Windows start icon and select “Control Panel” (Windows 10);Control panel
  2. Then, select “Uninstall program” option;Programs and features
  3. Find the application that was detected by anti-malware software and select “uninstall” optionUninstall

If the notifications are still showing, follow this article and stop malicious websites from sending notifications to your browser.

That’s it, pop-ups should not be bothering you anymore. In case you don’t feel like going through all these steps or you failed to remove the malware manually, just go for automatic removal and delete malicious files with anti-malware software. If you have scanned your computer with one of our recommended tools and it successfully detected the virus, just select removal option and infection will be erased automatically.

Removal guides in other languages

Leave a Reply

Your email address will not be published. Required fields are marked *