'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
your browser starts redirecting to strange pages after you downloaded something
Short answer
Stop using the affected browser for anything sensitive, disconnect from the internet, and run a full malware scan before you enter more passwords or payment details.
Do not do these things
- Don’t keep signing into email, banking, shopping, or work accounts on the same device “just to check.”
- Don’t download “fix” tools offered by pop-ups or redirected pages.
- Don’t call numbers or start chats shown in pop-ups claiming your computer is “infected” and you must pay.
- Don’t grant anyone remote access to your device because a pop-up told you to (that’s a common scam path).
- Don’t click “Allow” on notification prompts from sketchy pages.
- Don’t assume resetting the browser alone is enough if you recently installed something.
What to do now
-
Disconnect and stop the risky activity.
Turn off Wi-Fi / unplug ethernet. Use a different device for anything involving logins, money, or personal data until you’ve scanned. -
Capture the basics (briefly).
Note the downloaded file name, where it came from, and what redirect domain/page you see. If you later need to report, these details matter. -
Run a full malware scan on the device.
Update your operating system and security tools, then run a full scan.- If you’re on Windows and redirects persist, use the built-in Microsoft Defender Offline scan (it restarts the PC and scans from a more trusted environment).
-
Remove the most common cause: unwanted extensions and recent installs.
- In your browser, review extensions/add-ons and remove anything unfamiliar or recently added.
- On your computer, check recently installed apps/programs and uninstall anything you didn’t intend to install (especially “bundled” installers).
-
Reset/refresh the browser settings after removing extensions.
Use your browser’s built-in reset/refresh feature to restore default settings (homepage/search/startup behavior). This often stops hijacker-style redirects. -
Change key passwords from a clean device, starting with email.
Prioritize: primary email, banking, Apple/Google/Microsoft account, and your password manager. Turn on two-factor authentication where possible. (Do this from a different device if you haven’t scanned yet.) -
If you entered personal info or card details, use official federal reporting sites.
- Report scams/fraud at ReportFraud.ftc.gov.
- If you believe identity information was misused (or may be), use IdentityTheft.gov to create a recovery plan.
Also contact your bank/card issuer using the number on your card or the official app.
-
If you lost money in an online incident, consider reporting cybercrime.
You can file a report with the FBI’s Internet Crime Complaint Center (IC3). If you’re in immediate danger, contact local law enforcement. -
If you can’t stabilise it quickly, escalate to trusted help.
If redirects persist after scans + browser reset, stop troubleshooting in circles. Consider reputable professional support (a trusted local repair shop, or workplace IT if it’s a work device).
What can wait
- You don’t need to identify the exact malware family right now.
- You don’t need to decide whether to reinstall the operating system unless scans/resets fail.
- You don’t need to argue with pop-ups or “support” messages — focus on disconnect, scan, remove, reset, and secure accounts.
Important reassurance
Redirects after a download are a common sign of adware or a browser hijacker, and most cases are resolved by scanning the device, removing unwanted add-ons, and resetting browser settings. Moving slowly and using official channels prevents the most expensive mistakes.
Scope note
This is first steps only, to stabilize the situation and reduce harm. If the device is used for work, shared with others, or you suspect broader account compromise, the next steps may need professional IT/security support.
Important note
This is general information, not professional or device-specific advice. If you suspect financial loss, identity theft, or ongoing compromise, use official contact routes and get qualified technical help.