Fake Virus warning on Imgur pages – Android phones only.

While browsing reddit and clicking a link to imgur I found myself accosted by a fake virus warning advert:

The URL in use was:

http://gpfree0002.pw/gapb2049/wi192.html?model=Nexus%205&brand=Google&ip=<REDACTED>&voluumdata=BASE64dmlkLi4wMDAwMDAwMi1hNTYwLTRlNDMtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjkwNTMyODAwLTFmZmItMTFlNi04MmZiLTViMjBhNDk5YWRmYl9fY2FpZC4uYjFmNjYxMTMtNjBiNy00OGNmLTk4ZDktZjdkNTU3MGY1NjdiX19ydC4uSF9fbGlkLi4yMDc3MThhZi1iNTNiLTQ2YTAtYmRlZC1kOTM5YWNkNGQ3YmNfX29pZDEuLjAwODg5ZDgxLTJmZDktNDBiNS05OGJmLWQxNTUxNTZlZDgzMl9fcmQuLl9fYWlkLi5fX2FiLi5fX3NpZC4u

gpfree0002.pw is registered via a privacy service and the nameservers and web hosting point at DDoS protection service CloudFlare.
The base64 data in the URL above decodes to:

vid..00000002-a560-4e43-8000-000000000000__vpid..90532800-1ffb-11e6-82fb-5b20a499adfb__caid..b1f66113-60b7-48cf-98d9-f7d5570f567b__rt..H__lid..207718af-b53b-46a0-bded-d939acd4d7bc__oid1..00889d81-2fd9-40b5-98bf-d155156ed832__rd..__aid..__ab..__sid..

The pop up message on the page reads:

“Your system is heavily damaged by Four virus!”
“We detect that your ” + getURLParameter(‘brand’) + ” ” + getURLParameter(‘model’) + ” is 28.1% DAMAGED because of four harmful viruses from recent adult sites. Soon it will damage your phone’s SIM card and will corrupt your contacts, photos, data, applications , etc.”
“If you do not remove the virus now , it will cause severe damage to your phone . Here’s what you NEED to do (step by step ) :”
“Step 1: Tap the button and install APP for free on Google Play!”
“Step 2: Open the app to speed up and fix your browser now!”
“REPAIR FAST NOW”
“WARNING !”
“This ” + (getURLParameter(“brand”)) + ” ” + (getURLParameter(“model”)) + ” is infected with viruses and your browser is seriously damaged. You need to remove viruses and make corrections immediately.”
“It is necessary to remove and fix now.”
“Don’t close this window.”
“** If you leave , you will be at risk **”

It also seems to support many and multiple languages.

Upon touch it seems to then redirect you to:

http://click.ilovemobiletrack.com/click

Which in turn sends you on to an App Store app called “DU Cleaner(Boost&Clear Cache)”
https://play.google.com/store/apps/details?id=com.duapps.cleaner

Seems like a bit of a long play to get commission payments or similar. I’d expect this kind of scam to actually be trying to trick victims into calling a fake tech support service rather than installing a “free”* app to speed up their phones. (*probably asks for payment to fix errors).

The ilovemobiletrack.com domain is also registered via a privacy service DNS is hosted at CloudFlare. However the hostname click. is a CNAME to kmdhl.voluumtrk.com and is hosted at Amazon AWS.

voluumtrk.com seems to only relate to scams and popup content when you research it on Google. Alexa claims that the site is ranked the 1,668 most popular website in the world! Shows just how widespread this scam / junk is. Their popularity ranking peaked mid-april.

Other domains likely to be involved are:
gpfree0100.pw
gpfree0101.pw
gpfree0102.pw
gpfree0103.pw
gpfree0104.pw
gpfree0001.pw
gpfree0003.pw
goodappinstore.pw
jhrddztlfl.pw
freebestapps.pw
nwulhrgune.site
sejuhangfu.pw
apubyxopei.pw
afaisers.top
togying.pw
afinishe.xyz
warning.google.com-viruses-from-porn-sites.sstam.com
arunast.pw
zep4ndx02b.pw

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

83 Responses to Fake Virus warning on Imgur pages – Android phones only.

  1. Xime says:

    Is there any way to stop this from happening? Do you think this is the result of malware on the phone? This keeps happening to me and I’ve tried cleaning my phone with various anti-virus apps but it’s still popping up.

  2. The one I saw was on the imgur website only so if you didn’t visit that website the problem wouldn’t happen. Its an infection or bad advert on that specific website.

    If you get it on all websites then you might have a more serious problem.

  3. owen walker says:

    Thanks – you describe exactly the symptoms of Four Virus message. However how do I get rid of it? It affects the default browser in Galaxy 7 making it unusable. Luckily the Chrome browser is still OK. I tried looking for an unwanted app but cant work out which. I tried a couple of antivirus but no luck.

  4. I really don’t know enough about how Android works (without seeing it in front of me) to know what you should do :(
    Possibly try clearing the cache of the default browser but I wouldn’t know where to find that option.
    Do post back if you find something that does solve it. Good luck!

  5. Dave says:

    I had this on Chrome on an HTC handset this afternoon – I tried resetting my Google Ad ID, which seems to have stopped it for now. I was fairly alarmed to discover this feature existed… I found it in settings/accounts & sync/Google/Ads – there’s an option to reset your ID (which is a number that Google collects interests against for targeted advertising), and also an option to switch off interest-based ads if you want to do that.

  6. Owen says:

    Hi Dave, Many thanks for looking into this. I reset the ad id, rebooted. The pop-up page didnt appear straightaway so for a moment I thought we’d won but no its back as before. Tried again including clearing the browser cache but its back again.

    RegardsOwen Date: Tue, 31 May 2016 15:32:06 +0000 To: owenwalker@hotmail.com

  7. Thanks for the post.
    My suspicions were correct.
    Yesterday – 3rd/4th (late night/early morning) June 2016 a pop-up from:

    http://gpfree0101.pw/gaz6s9/x1psi.html?# (phone make & model)

    I almost hit the “install now” link but hesitated at the last second. It looked very legit and will trick alot of people who aren’t as paranoid as I am.

    When I Googled the url Google couldn’t find any information about it.
    Only after doing a Google image search for ‘android virus pop-ups’ and searching a couple hundred pics did i find one which looked similar to the one on my phone, then clicking the ‘visit site’ button which brought me here (I know it sounds like it took a while but in reality it was 5-10mins max).

    Anyway, thanks again

  8. Ian MCCULLOCH says:

    I have now had this bothering me for well over 36 hours. I can find no help with it, and of course, even thought Google logo looks authentic, I will not be clicking any links to follow for a fix. Especially seeing as Google appear to know nothing about “gpfree0102.pw”.

  9. I was infected today on facebook, only way to get rid of it was to delete facebook then reinstall a fresh app for facebook…

  10. My Nexus 5X has the same pop ups but with freebestapps.pw rather than gpfree0002.pw. It has been about 28 hrs for me and I have cleared the cache for Chrome and reset the ad id as above. No change. It even appeared when I was in Safe Mode. Wondering what to do next. There seems very little on the net about this – this is the only site so far that shows the screenshots that I have experienced.

  11. I could probably work it out but I need a device with the problem in my hands to have a look around :\

  12. I’ve had success! (I hope.) I went to Settings/Apps/Chrome, disabled then removed the Chrome browser completely. The icon disappeared from my home screen. Then I re-installed Chrome from the Play Store. I can’t remember if I restarted the phone or not (or when), but so far I have not seen a repeat of the pop-up. I have a feeling that the pop-up first appeared when I went to one of those entertainment clickbait sites (Look what this star looks like today!) My actions don’t seem to have affected anything except the Chrome tabs in my Recent apps list. Fingers crossed. It’s been over 24 hours.

  13. Trex says:

    Hola ya lo he resuelto de esta forma. he instalado el programa root unistaller aquihttps://play.google.com/store/apps/details?id=com.rootuninstaller.free
    vais a la aplicación (en mi caso navegador, en mi caso elephone p6000) chrome, y forzais detención y borrar datos. al lanzar de nuevo ya ha desaparecido. suerte espero haberlo explicado bien

    in english [edited by admin to correct some words]:
    Hello I have already resolved this way. I have installed the program root unistaller aqui https://play.google.com/store/apps/details?id=com.rootuninstaller . free going to the application (in my case for telephone p6000) chrome, and forced stop and erase data. When again already has disappeared. luck hope I explained it well

  14. Forte says:

    Per eliminare definitivamente il virus chiamiamolo così basta andare in gestione applicazioni/internet/ imposta come predefinita e premete elimina predefiniti/per ultimo fate arresto forzato. Chiudete tutto aprite internet e ripartirà tutto da zero senza problemi ok. Spero di essere stato di aiuto.

  15. Tamika says:

    This is the only site i could find that had any info on this! Those exact images cane up on my husbands samsung galaxy and the only thing we could think of today was an automatic phone update and looking up a recipe on google chrome. We have just disabled and uninstalled chrome so fingers crossed.

  16. Sam King says:

    Bought a used Samsung Galaxy S4 in Feb 16. This error first popped up on Google Chrome towards end of May 16. My phone completely died soon after. Returned phone to vendor, got money back. Bought another. On 17th June same error occurred on Chrome once again.

    Following advice here, I installed ‘root uninstaller’ and got rid of Chrome for good. Running Firefox instead. So far so good…

  17. Trex says:

    Fantastic Sam! i’m veru happy for you. now work perfect … sure

  18. bob says:

    I am currently getting it as zkhguewjmh.pw otherwise it is the same.

  19. Bjur says:

    How so I get rid of it?

    Is there an app for the job?
    Malware and virusscanners dont find anything.

  20. Doug says:

    Click Internet. Close all tabs. Simple

  21. Kim G says:

    Interesting, glad I found this thread. On my S6 it has only affected stock internet app, Chrome has been fine. I am able to stop it temporarily by deleting cache etc. but it always comes back. Definitely seems to be from clickbait sites, will monitor more closely.

  22. chris says:

    Is this the sort of thing you’d recommend resetting phone to? This has happened tonight in J5 on internet explorer. I’ve deleted internet history and ran scanner with nothing found. Is it worth factory resetting phone? My phone vibrated and took me to this ext site with pop ups etc. Very much don’t want to risk being infected. Ccj

  23. Ian MCCULLOCH says:

    I still have no real answer, and cannot sat catergorically, that this pest has not done any damage to my mobile phone. However, my tech son and I have discovered that if ignored, it seems to dissappear after a week or so. Then, if you decided to visit one of those tempting sites, it comes back. People have noted that site tepmting a “look at at what Will Smith’s son” might have been the trigger, and others say visiting those Russian street brawling scenes may be the trigger. Yes, I visited both. The Russian street life video’s worked, but the Will Smith’s son did’nt take me anywhere. It wasn’t until I tried to leave the internet that the fake warning came up. Acting on my tech sons advice, I now only go to the internet via GOOGLE and not Chrome. No, no more russian video’s for me until I know that they are safe. Cheers to you Chris.

  24. Itsme says:

    Got this on my samsung A5, found an online guide that told me to go into settings>apps> find the internet app > Force stop > Press Delete all information > Press Delete cache > Press reset defaults

    Just tried this and its been 5 mins of my browser working again, will keep updating fix.

  25. Ian MCCULLOCH says:

    Is there any chance you coule tell us what you were looking at prior to getting hit by it?

  26. Joe says:

    I was only looking at an AFL (Australian Rules Football) statistic site and it interrupted me! Brand new Galaxy S5!!!

  27. Thous says:

    Got the same, but getting it as http://rcknmwcyct.pw/gaz6s9/x1psi.html?model=……

  28. My phone (Nexus 5X, standard Marshmallow updates) has been fine for weeks now, although I did have another occurrence that I fixed the same way – deleting and reinstalling Chrome browser. See my posts above.

  29. IAN says:

    Well I’m still only using GOOGLE and not CHROME for browsing, and everything seems to be fine. I still don’t look at the Russian street crazies though. LOL. Many thanks to Joe for letting us know where he got stung too.

  30. Ramona LeBlanc says:

    I have uninstalled and reinstalled factory Chrome app and right now I don’t have the virus Four popup. Thanks for the post about syncing from Google ads. I had 2000 pics from my husband’s pictures and even Verizon did not know how to stop it. Verizon also did not know how to get rid of the Four popup and told me to do a factory reset. Glad I saw the post about Chrome. Thanks.

  31. Stephane says:

    It doesn’t matter what website you visit. It seems to know if you’ve been at the website recently, and if you have, it doesn’t activate. I have had it happen all over on dictionary sites of all things. It is a strange virus or whatever it is.. Not convinced anything is installed on the phone, just that it somehow redirects the page there.

  32. It certainly isn’t any additional software installed on the phone. I’m confident of that. Might be DNS poisoning (either at the hosting provider of some common script used on a lot of sites or at random internet providers (customer side) around the world).
    Sadly when I had it – I didn’t bother investigating too far. If it happens again – I will. This article has become one of the most popular pages on my site :\

  33. Leja says:

    I keep getting hit on Daily Mail US News. But I am sure I got it from the clickbait sites at the bottom. Unfortunately I don’t know which one but I did go to one about Jaden Smith too.

  34. Emily says:

    I was on the facebook quizzes when mine popped up and it looked exactly like that just with the name of my phone.

  35. cyanwolfy says:

    my best guess is to just clear your cache and steer clear of shifty sites- if you use chrome it should have an option in your settings to help with that. and having a antivirus handy couldnt hurt either. avast is pretty rad at helping ward off viruses imo.
    i got these ‘viruses’ when looking up lyrics to a song on AZLyrics, so staying away from that site. it seemed to spread to a more trustworthy site though, so i ran a scan and cleared my cache and autofill. seemed to do the trick.

  36. borneopostonline says:

    tried clearing cache, reinstalling etc, but the scam is still poisoning my website ( VirusTotal 0/68 scanned ) . It will appear once everyday to a same person, and almost everytime if u use incognito mode or a new browser with different cookies.

    it is really hurting my website credibility. anyone got any clue how to get rid of it? my site is running TribalFusion and Adsense. already reported to TF.

  37. Laura says:

    So relieved to find this thread as I’ve also been fighting this pop up! Avast antivirus didn’t detect it, nor did Malware Bytes. I tried the above advice of deleting then reinstalling Chrome and so far so good. Thank you!

  38. M. Wu says:

    Yep same here! I was innocently looking on Timeout (on my Nexus 7 tablet) – hardly a shifty website – then the pops up suddenly appeared. On mine it said to install applock, so it does sound like a scam to download apps rather than an actual virus. Touch wood! Someone should notify Google for a bug fix.

  39. M. Wu says:

    Yep same here! I was innocently looking on Timeout (on my Nexus 7 tablet) – hardly a shifty website – then the pop up suddenly appeared. On mine it said to install applock, so it does sound like a scam to download apps rather than an actual virus. Touch wood! Someone should notify Google for a bug fix.

  40. Lol says:

    Mine started yesterday when I’m browsing a health forum. Factory reset my phone, clear history/cache, remove google sync, reset google ad ID. None were working. It appeared 3 times so far and it seems random.

  41. Sabrina says:

    Mine started this weekend when viewing science curriculum websites. My pop up was clearly a scam as it said the four viruses were “due to your porn history ???”. Literally with the question marks like that. (and no I was not viewing porn) I’ve removed Chrome for now and will go from there. Thanks for posting this. I couldn’t find anything anywhere else.

  42. lol says:

    I think it is affecting certain websites targeting android phones. No sign of the fake warning on my iphone. It appeared in certain websites even when i’m on different ip address or wifi.

  43. Danny says:

    I had this pop up today and click on the link it took me to the play store and had me download (turbo ckeaner) should I be worried? Is my phone infected with a virus from the fake link ? Should I uninstalled turbo cleaner ? Please help if you know the effect of clicking on the fake link thanks you.

  44. Leave a bad review for the app and then uninstall it. My phone certainly isn’t / wasn’t infected yet came up with the advert. It is just a rogue advertiser putting adverts on sites that don’t bother vetting their adverts well enough and scaring the users into installing and potentially paying for things they don’t need.

    Some people say that clearing your browser cache, cookies and advertising ID solves it. I’ve not had the problem since the day I blogged about it and I did nothing… it just solved itself / went away.

  45. me says:

    thecomputerperson you are wrong, i`m suffering this in my site and i only use adsense, i suspect it`s an advertiser of adsense who is injecting js in the ads and google didn`t find it. I checked my site and it`s clean btw.

  46. Didthishelp? says:

    I had this as well I used the google app instead of chrome on the default engine and it is working so far.

  47. Patrick says:

    Uninstalled chome n phone downloaded default version..restarted and no prolbems yet…

  48. Becky says:

    JUST OPEN INTERNET, CLICK OK TO GET RID OF THE SPAM BOX, THEN JUST CLOSE ALL TABS. IT’S WORKED FOR NOW ANYWAY LOL :) FINGERS CROSSED

  49. mb says:

    Had this warning on my Android Galaxy S6 today:
    “www.afaisers.top says
    WARNING! This generic android 6.0 is infected with viruses and your browser is severely damaged. You need to remove viruses and make corrections immediately. It is necessary to remove and fix now.
    Don’t close this window.
    **if you leave, you will be blocked.**
    ok “
    I found zero info (McAffee, Google, Android searches) other than this blog.
    I uninstalled/forced stop of Chrome browser from my phone thus far. Downloaded Firefox browser. Left a 2-star review in the google playstore regarding Chrome inserting this warning notification and telling google I will not use it until I am notified of how to secure against further possible problems.
    I have not clicked on porn sites ever with this browser. I was viewing where to find a local horse riding stable.
    Thank you to all who have posted comments here. Some scary $hit!

  50. mb says:

    …Now, spam calls are coming to my phone.

  51. Colin Gilbert says:

    I got this when looking at accuweather website linked via my Google calendar app

  52. Jon says:

    I have received this warning twice. Asked my daughter who was visiting overnight if she’d gotten it on her phone and she had not. Got a text from her a few mins ago and she had just gotten the warning!! Was it possibly because she was using my wi-fi? Sorry if that’s a dumb question…
    So it sounds like deleting and reinstalling Chrome isn’t enough…one must also change the browser ID? How is that done. BTW I have a Motorola Turbo. Thanks…this is the only site I’ve seen any discussion about how to solve the problem.

  53. Colin Pettorsson says:

    thanks buster! that fix took care of it!

  54. Penny says:

    I got the message too not knowing that its a scam. Just browsing on the weather not an adult site. I almost down load the steps that was written. Good thing i check it out here. Google has to do something about this. By the way i just got this newly galaxy a5. Hate scam.

  55. anonymous says:

    I have this POFS virus too… I’ve tried wiping cache, reformatting partition / factory restore, safe mode – disabling web view / browser message app, downloading & running the latest anti-virus / spyware apps.. ALL TO NO AVAIL.. I cannot even use one of my apps; investors hangout.. For the spyware has plauged my device and causes me to redirect to actiontrk where it wants me to download ducleaner. I’ve even disabled javascript.. I used to be IT savy, this one has me puzzled. What to do?

  56. Kat says:

    I’ve had this happen on 2 different phones. A galaxy and Amazon fire phone. I immediately closed out the webpage, restarted my phone then when back into the browser, then into settings and cleared my web history. I’ve had no issues with either phone after doing those steps in that order. If u don’t close the affected browser window then it will default to the infected page every time u visit your browser. If those steps don’t work, download a different browser. Hope this helps. Oh I also didn’t follow any links from the infected page. If u have done that you will need to get a good virus protection software.

  57. lol says:

    @Jon:
    I don’t think she was infected through your wifi. It is a fake virus warning, sort like an advertisement to fool people into downloading the actual malware itself. Some of websites use this advertisement to gain revenue.

  58. N/A says:

    this seems to be a javascript problem. I cant completely uninstall google chrome, but when i disable javascript i seem to not have any issues. this has been happening to me for a while but it just recently got worse.

  59. Den says:

    Thanks Kat! What you described worked for me too. I also did not follow any links. It’s only been 15 minutes, but good so far.

  60. grmpf says:

    I don’t think it is something on the device. My guess would be that those are malicious advertisements on homepages. They don’t appear to be a fraud to begin with (therefore not identified as scam by the site- owner).

  61. Heavy Duty says:

    Thanks to all. So far, this is the only (and certainly the best) forum help discussion on this issue. Like most of the other posters, I have “just now” followed a bunch the suggestions posted here, and so far so good. When the scary warning screen popped, I immediately shut down my Android Marshmallow smartphone. On reboot, I went into Chrome and cleared out the tabs and history. On advice here, I went into settings\applications\Chrome and cleared cache and data. I did not delete Chrome. Suspicion of what allowed the warning scam is speculative. It certainly could be a recent connection to a rogue or infected website, or a recently installed application BUT, the “infection” could have happened days or weeks earlier and just “slept” until it popped up now. I have run a bunch of “tests” including returning to the web site where this warning suddenly popped-up over the content. After my remediations, it seems to be gone…we shall see. If I get attacked again, I will return here to both report and learn more from others’ experiences.

  62. Neil says:

    I have read all the comments.I cant get past opening the default browser and seeing the fake warning..Kridmobil.com.. only option is press OK ..then it will start downloading or exist..I cant clear the cache in the default browser without opening the browser.. Chrome is fine .This came after two minutes of opening a brand new Huawei Y6Pro – only opened the browser to check it worked and opened one mainstream news site.. any suggestions

  63. SD says:

    Hi all. I’m a new victim of this… it happened to me today on my galaxy s5. I was at home using chrome and all of a sudden it popped out of nowhere telling me I need to install something called “DU battery saver”. Of course I didn’t press OK and closed all the tabs as soon as I saw the message. Not even half an hour later, and it started happening on my galaxy tab 2 as well. This is true when using ANY BROWSER, not just chrome. It always comes back.
    I looked it up and found this thread. Read all of your comments and tried everything you suggested. NOTHING WORKS. My tablet is relatively new and I don’t use it very often, so I even did a factory data reset on it to see if that helps, only to get that annoying message again.
    At the time this happened my father was home and he also has an android phone. He didn’t get anything, so I don’t think it’s a wifi issue. Since this thing “skipped” from my phone to my tablet, I think that it has something to do with the google account that is connected to chrome. I use the same account on both devices and they were synced. I’m worried that maybe it somehow infected the entire account itself and scared that this will also happen on my computer.
    In my case, it seems like the only solution is to get a new phone & tablet, which of course won’t happen. So depressing…

  64. lol says:

    Ok, my mom just got the message on her note 3, stock browser. She’s connected to my wifi. Two weeks ago, my sister samsung j5 got the same message too using chrome, different wifi. So I don’t think it has something to do with wifi and gmail account. The only solution here is to turn off javascript in your browser. Also, only android phones are affected by the fake virus warning, while family members who are using ios did not complain anything. No, i’m not trying to say ios is better than android.

  65. Doug says:

    I am now seeing these popups on imgur using my desktop computer. Happens very rarely, like 1x/day, so I assume it’s a browser detection bug and it thinks I’m on a phone.

  66. Hussy says:

    I’ve solved my issue in different way. I cleaned all the data of Facebook and Chrome by going settings application manager than clear cache. Now the issue is no more.

  67. Nancy says:

    Somebody has to have an answer to this! This is a Google problem and they need to give us the solution. I’ve done EVERYTHING suggested and it won’t go away. I can’t even change my browser setting.
    SOMEBODY PLEASE HELP!

  68. Albin says:

    I got a similar popup today on my HTC 10 (android) while using the official reddit app and following a link to imgur. The popup claimed I had won an iPhone 7, but it was the same fake Google design.

    After some research this seem to be an ad problem on some sites, imgur being one of them.
    Sites like imgur which use ads are not malicious per se, but they use a service which channel different ads to their sites, and sometimes a malicious ad sneak its way into this group so to speak.

    This means its probably not a problem with your WiFi, phone or app, but more likely an unintended effect of the ad stream these sites use.
    If the problem, like for me, is with imgur specifically, one solution is to install the official imgur app instead of using the browser to open imgur links.
    Ad blockers for your phone is another step you could take in order to get rid of these intrusive ads. Im not sure how many options you have in this regard as Chrome (which typically is the stock browser in android phones) dont offer any adblock plugins as far as I know.
    I think the Firefox browser is compatible with uBlock which is a great ad blocker, or you could install the official Adblock browser for android: https://play.google.com/store/apps/details?id=org.adblockplus.browser

  69. android says:

    Turn on airplane mode and switch off wifi. Then go back to the browser where the pop-up hit and close the tab and clear your browser cache.

  70. Jennifer says:

    my dads tablet keeps coming up with pop up can someone just give the simple way to get rid of the pop up thank you … i am not a computer pro …

  71. Mark Pfeiffer says:

    This notice came up on my Chrome browser today for the first time. I thought it looked suspicious. The domain it came from is . The format was the “Your system is heavily damaged by Four virus!” Then goes on with the “We detect that your Samsung Galaxy S7 is 28.1% . . . “. I tried clearing browsing date, but it comes right back. When I closed Chrome and then reopened it with a new tab, it didn’t return.

  72. Robert Souza says:

    Just went into settings then application manager on my Galaxy S 5 phone did as I read on here to get rid of this mess in application manager all button till I got to internet hit force stop , clear cache , last clear data then closed out went back clicked on internet app phone is okay now no more of this pop up and able to search again get into my Yahoo emails , search on Craigslist , Facebook or etc hope this helps many others who are having this problem do this step by step as I did and you should get the same results to .
    Thank You

  73. Mike Kelley says:

    What just happened it’s got to stop now it has the potential do destroy the whole web I need a new device not mention these people have too be tracked down and dealt with. Violently if necessary.

  74. actuator says:

    Just went to a website offering to stream foreign TV. “Virus Detected” popped up. Warning to go to google app store to remove virus and install something. Immediately powered down phone. Turned back on went to chrome and it appeared again and tried to install something. Powered down. Turned it on & it came back. Did this same thing several times. After 5th or 6th time of Powering off and turning back on it has now stopped. chrome now behaving normally.

  75. Tim says:

    if you go into Settings, Application Manager, then select your browser that’s been hijacked, go to Storage, and then you delete all data, this problem goes away

  76. Mimi says:

    I have found that this ‘virus’ is also on an iPhone too, but is it a scam also ?

  77. Yes. It is a fake website / message and not official or genuine.

  78. Michael says:

    This pop-up is another dirty trick aimed to infect or hijack your phone. Everyone is getting this 28.1% – they are even too lazy to make it random. And, I never used my phone to view “adult sites”. Close,it, do not click OK. maybe reboot the phone.

  79. Salary says:

    I see on https://youtu.be/Lz1XNEdwLtU very specific instructions. You refer to remedies

  80. Deb says:

    Thanks, I thought it was a scam that it why I googled it to see. Confirmed, thanks!😊

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s