Stupid me, I have downloaded some virus that issues pop up windows pretending to be either Norton, McAfee or Windows update.
These pop ups come several per minute and one after the other. They claim I have viruses or a Trojan horse or that I need to update Windows etc on my computer and want me to press scan or update. When canceling the pop up I was directed to a website which Norton now has blocked. I have ran several Full scans and also the start up scan but the pop ups remains. What can I do?
Detailed description:
This picture example is in Swedish but I guess you see the “full picture” anyway.
Hello @CalleG
I’m not able to see the entire address…so, I’m guessing domain name: d40m506071bc73adbni0.cyvexbotshield.com
d40m506071bc73adbni0.cyvexbotshield.com appears to be a subdomain associated with cyvexbotshield.com, a domain likely used for cybersecurity services or potentially bot mitigation.
However, the specific subdomain string looks randomly generated, which is often a characteristic of temporary tracking domains, ad-tech infrastructure, or potentially command-and-control servers for botnets.
CyvexBotShield.com push notifications likely refer to browser or app alerts, often related to security, updates, or alerts for a specific service (like a security bot or health benefits app), which you enable through your browser’s site settings or your phone’s app preferences, but beware of adware using similar prompts for unwanted ads. To manage them, check your browser (Chrome settings > Site Settings > Notifications) or phone’s app notification settings for CyvexBotShield or related apps and toggle them on/off as desired, ensuring you aren’t falling for malicious pop-ups.
These are malicious browser notifications and pop-ups, often referred to as “scareware”. They are designed to trick you into clicking links, downloading malware, or purchasing fake software. These alerts are not legitimate warnings from Norton, McAfee, or Microsoft.
Here is how to handle and remove them:
Close the Pop-up Safely
Do not click any buttons within the pop-up (e.g., “Remove Virus,” “Scan Now,” or “Close”).
On a computer: Close the browser tab or the entire browser application. If the pop-up prevents you from closing the tab normally, use the Task Manager (Windows: Ctrl+Shift+Esc) or Force Quit (Mac: Command+Option+Esc) to end the browser process.
On a phone/tablet: Close the browser app from the app switcher/manager.
Stop Future Pop-ups (Disable Notifications)
The source of these pop-ups is usually a website you previously granted permission to send you notifications. You must disable this permission in your browser settings.
Chrome: Go to Settings > Privacy and security > Site settings > Notifications. Find the malicious site(s) under “Allowed to send notifications” and select “Remove” or “Block”.
Firefox: Go to Settings > Privacy & Security > Permissions > Notifications > Settings. Remove the offending websites.
Edge: Go to Settings > Cookies and site permissions > Notifications. Remove the sites you don’t recognize.
Safari (Mac): Go to Safari > Preferences > Websites > Notifications. Remove the malicious website from the list.
Scan Your System
While most of the issue is browser-based, you should run a security scan just in case any underlying malware caused the redirect or was accidentally downloaded.
Use a reputable, trusted antivirus program (like the real Norton, McAfee, or Windows Defender) to run a full system scan.
Consider running an extra scan with an anti-malware application like Malwarebytes, which often catches unwanted programs that standard antivirus tools miss.
Clear Browser Data
Clearing your browser cache and cookies can help eliminate any lingering scripts that might cause the pop-ups to reappear.
Go to your browser’s settings and look for options like “Clear browsing data,” “History,” or “Privacy.” Select cache and cookies and clear them for “all time”.
If you are receiving unsolicited or alarming pop-up notifications from cyvexbotshield.com, these are likely a form of browser-based scareware or a scam, not legitimate security alerts. The site might have tricked you into allowing push notifications, which are then used to display fake virus warnings and high-pressure messages to manipulate you into downloading potentially malicious software or providing sensitive information.
Legitimate antivirus software does not typically use unsolicited browser notifications to solicit data or warn of threats in this manner.
How to Stop the Notifications
The “notifications” are browser permissions you inadvertently granted. You need to disable this permission in your browser settings:
Google Chrome (Desktop):
Open Chrome and type chrome://settings/content/notifications in the address bar and press Enter.
Under the “Allow” section, find cyvexbotshield.com (or similar suspicious sites).
Click the three-dots icon next to the site URL and select Remove or Block.
Google Chrome (Android):
Open Chrome and go to the site that you want to stop notifications from.
At the top left, tap Page info (the lock icon).
Tap Permissions, then Notifications.
Turn Show notifications off.
Mozilla Firefox:
Open Firefox and go to about:preferences#privacy.
Scroll down to the Permissions section and click the Settings… button next to Notifications.
Find cyvexbotshield.com in the list and change its status to Block.
Save Changes.
Safari (macOS):
Open Safari and go to the Safari menu > Settings (or Preferences).
Click on the Websites tab, then select Notifications.
Find cyvexbotshield.com and select Deny or Remove.
General Precautions
Do not click on the notification links. Clicking can lead to fake websites designed to steal your information or install actual malware.
Do not call any phone numbers listed in the alerts; these are tech support scams.
Run a scan with a reputable, genuine antivirus program if you accidentally clicked on anything or downloaded a file.
Be cautious when visiting new websites; never agree to “Allow” notifications unless you are certain of the site’s legitimacy and purpose.
“Edge: Go to Settings > Cookies and site permissions > Notifications. Remove the sites you don’t recognize.” I blocked everything from the site CyvexBotShield.com. I couldn’t find a way to delete it.After that I scanned the PC with Malwarebytes and Norton 365 (nothing found). They haven’t popped up since
To block site permissions in Edge on Windows 11, go to Settings > Privacy, search, and services > Site permissions, where you can manage individual permissions like Pop-ups, Notifications, Camera, or Location, either globally or for specific sites, using the “All permissions” or “All sites” list to set them to “Block” or “Ask”. You can also click the lock icon in the address bar for quick access to permissions for the current site.
Method 1: General Settings (Recommended for most users)
Open Edge and click the three dots (…) for Settings and more.
Go to Settings > Privacy, search, and services.
Select Site permissions and then All permissions or All sites.
For Global Blocking: Click on a specific permission (e.g., Pop-ups and redirects, Notifications, Camera, Location) and turn the toggle to Block (default) or disable it.
For Specific Sites: Click All sites, find the website, and use the dropdown to set its permissions (e.g., Block Notifications).
Method 2: Per-Site (Quick Access)
Navigate to the website you want to manage.
Click the lock icon (or info icon) in the address bar.
Select Site permissions from the dropdown.
Adjust settings like Notifications, Camera, or Location for that specific site.
What You Can Block
Notifications: Stop annoying alerts.
Pop-ups & Redirects: Prevent unexpected windows.
Camera & Microphone: Control webcam/mic access.
Location: Stop sites from knowing your precise location.
Malicious Sources/Malnets
Sites that host or distribute malware or whose purpose for existence is as part of a malicious network (malnet) or the malware ecosystem. Malware is defined as software that takes control of a computer, modifies computer settings, or collects or reports personal information without the permission of the end user. It also includes software that misrepresents itself by tricking users to download or install it or to enter personal information. This includes sites or software that perform drive-by downloads; browser hijackers; dialers; any program that modifies your browser homepage, bookmarks, or security settings; and keyloggers. It also includes any software that bundles malware (as defined above) as part of its offering. Information collected or reported is “personal” if it contains uniquely identifying data, such as email addresses, name, social security number, IP address, etc. A site is not classified as malware if the user is reasonably notified that the software will perform these actions (e.g., it alerts that it will send personal information, be installed, or that it will log keystrokes).
