PanicStation.org
UK USA
uk Technology & digital loss browser redirecting after download • strange pages after download • browser hijacked • unwanted redirects • malware after downloading • adware on computer • suspicious download file • popups and redirects • search results redirecting • chrome redirect virus • edge redirecting • firefox redirecting • safari redirecting • unwanted browser extension • new toolbar installed • fake update download • clicked a download link • browser keeps changing homepage • browser keeps changing search • computer infected

What to do if…
your browser starts redirecting to strange pages after you downloaded something

Short answer

Stop using the affected browser for anything sensitive, disconnect from the internet, and run a full malware scan before you type any more passwords or payment details.

Do not do these things

  • Don’t keep logging into email, banking, shopping, or work accounts “just quickly” on the same device.
  • Don’t install random “cleaner” or “security” tools pushed by pop-ups or redirected pages.
  • Don’t call phone numbers shown in pop-ups claiming you must pay to “fix” your computer.
  • Don’t click “Allow notifications” on unexpected pages (that can flood you with more scams).
  • Don’t assume “it’s only the browser” — redirects after a download can be a sign of broader infection.

What to do now

  1. Disconnect and pause anything sensitive.
    Turn off Wi-Fi / unplug ethernet. If you must communicate, use a different device (or mobile data on your phone) for now.

  2. Write down what just happened (30 seconds).
    Note the file name you downloaded, roughly where it came from, and what redirects you’re seeing. This helps you spot the culprit and explain it if you need support.

  3. Run a full security scan on the device (not just the browser).

    • Update your device and security software first.
    • Run a full scan.
    • If you’re on Windows and the problem keeps coming back, use the built-in Microsoft Defender Offline scan (it restarts and scans from a more trusted environment).

  4. Remove the likely trigger: suspicious extensions and recent installs.

    • In your browser, review extensions/add-ons and remove anything you don’t recognise or that was added around the time this started.
    • On your device, check recently installed apps/programs and uninstall anything you didn’t mean to install.

  5. Reset the browser settings (after removing extensions).
    Use your browser’s built-in reset/refresh feature to undo hijacked homepage/search/redirect settings.

  6. Change key passwords from a different, clean device.
    Start with: email (especially your primary inbox), banking, Apple/Google/Microsoft account, and password manager. Turn on two-factor authentication where you can. (Do this from another device if you haven’t scanned yet.)

  7. If money/details may have been taken, use official fraud reporting routes.
    Contact your bank/card provider using the number on your card or their official app (not anything shown in pop-ups). If you’ve lost money, shared payment details, or think accounts were accessed, report it to Report Fraud (the UK’s national reporting service run by City of London Police, formerly Action Fraud).

  8. If you want to help stop the scam site itself, report the URL.
    If you saw a specific suspicious site/page during the redirects, you can report the website link/URL to the NCSC.

  9. If you can’t stabilise it quickly, escalate to trusted help.
    If redirects persist after scans + browser reset, stop troubleshooting in circles. Consider reputable support (a trusted local repair shop or your employer’s IT). Persistent redirects can mean deeper malware.

What can wait

  • You do not need to figure out exactly “which malware” it is right now.
  • You do not need to wipe the whole device immediately unless scans and resets fail.
  • You do not need to report to anyone unless you think data, accounts, or money were exposed — focus first on stopping the bleed.

Important reassurance

Browser redirects after a download are common and fixable. The safest approach is to slow down, stop entering sensitive information, and do a scan–remove–reset cycle rather than chasing pop-ups or paying anyone who contacts you through the redirected pages.

Scope note

This is first steps only, to stabilise your device and reduce harm. If your device is used for work, shared with family, or you suspect account compromise, the next steps may need tailored IT/security support.

Important note

This is general information, not professional or device-specific advice. If you suspect financial loss, identity theft, or ongoing compromise, use official contact routes and get qualified technical help.

Additional Resources
Support us