First, the most important thing: if a pop-up says your computer is infected and tells you to call a phone number, that is a scam — not a real Microsoft, Apple or antivirus message. Never call the number, and never let anyone you didn't contact remotely connect to your PC. Real security software never asks you to phone someone.

1. Close the pop-up safely

Don't click anything inside the pop-up — not even the X, which can be fake. Instead close the whole browser: press Ctrl + W, or end the browser with Task Manager (Ctrl + Shift + Esc). When you reopen the browser, choose not to restore the previous tabs.

2. Block sites from sending notifications

Many "pop-ups" are actually website notifications you accidentally allowed. In Chrome go to chrome://settings/content/notifications and remove any site you don't recognise. Edge and Firefox have the same setting under site permissions.

3. Remove unwanted extensions

Open your browser's extensions page and delete anything you didn't install on purpose — toolbars, "search helpers" and coupon add-ons are common offenders.

4. Reset your browser

Resetting clears hijacked search engines and start pages. In Chrome: Settings > Reset settings. In Edge: Settings > Reset settings.

5. Scan with a trusted tool

Run a scan with the security software you already have, or Windows' built-in Microsoft Defender (Settings > Privacy & security > Windows Security > Virus & threat protection > Quick scan). You don't need to buy anything to do a first scan.

If you already called a number or gave someone access

Disconnect from the internet, change your important passwords from a different device, and contact your bank if you shared payment details. Message us and we'll help you lock things down — for free.