An embedded page at Astrumpops.online Removal Guide

Do you know what An embedded page at Astrumpops.online is?

This seemingly awkwardly named infection was named An embedded page at Astrumpops.online by our researchers to distinguish it from other similar infections. Because this application is new, we have little information about how it works and how it is distributed. Nevertheless, in this article, we will provide you with information about this infection so that you could avoid getting it on your computer, and we will show you might remove it.

Our malware analysts think that this infection might come with adware-type programs that you can download from their dedicated websites or install along with other software, such as in the case of freeware bundles that often have additional software buried deep in the installer. A deceptive software installer might contain other software that is set to install by default. Therefore, you should always select custom or advanced installation settings and uncheck the respective checkboxes of unwelcome programs.

Also, researchers say that An embedded page at Astrumpops.online may also be injected into the Host file that is part of Windows 7 and onwards. This file used to map host names to IP addresses, and it is a plain text file. The process of tampering with the Host file is called Host File Hijacking. If malware was to modify the Host file, then you might get redirected from a particular website to another one or inject pop-ups set by the Host File hijacker. In the case of Host File hijacking, the browser does not matter, so you will get redirected to a designated website if you use Internet Explorer, Chrome or Firefox. The Host file is located in C:\Windows\System32\drivers\etc. However, we have yet to find the malware that modifies the Host file. In any case, Host file hijacking is just one of many possible methods used to show you the fake error message.An embedded page at Astrumpops.online Removal GuideAn embedded page at Astrumpops.online screenshot
Scroll down for full removal instructions

An embedded page at Astrumpops.online is essentially a pop-up that you get on websites selected by the infection. This pop-up was configured to show you fake error messages. Our researchers have found that it can display a message that says “Microsoft Windows detected ZEUS virus and these infections indicate that some un-authorised file tampering has taken place on the computer which must be diagnosed and rectified to prevent loss of personal data.” This pop-up wants you to believe that your computer was infected with malware when, in truth, it is only infected with An embedded page at Astrumpops.online. Our researchers are convinced that this infection’s purpose is to extort money from you. The pop-up goes on to say “Call Microsoft Technical support on 1-800-693-5082 and share the error ticket: WBCKL457 with Support Agent to get it diagnosed free of charge.” We want to point out that the promoted tech support phone number is fake, and it was used in several previous infections.

Researchers say that the same phone number is featured on http://www.office-setup{.}us/index.html which is a fake website that is probably used to steal Product keys, and get personally identifiable information such as your name, phone number, and email address. However, this website also features a link to the legitimate https://setup.office.com website.

So http://www.office-setup{.}us/index.html and An embedded page at Astrumpops.online are set to promote the tech support service provided by 1-800-693-5082. You should not dial this number because it might be premium toll and the people on the other end of the line might try to sell you a fake malware removal tool. Therefore, you must not trust anything that An embedded page at Astrumpops.online says. Also, the website Astrumpops.online is a non-functional website. Attempting to access it will result in a “You don't have permission to access / on this server” message.

To sum up, An embedded page at Astrumpops.online is a fake pop-up message that is injected to specific websites by an unknown malware. Our researchers think that it might be adware or a Host File hijacker. It is set to promote a phone number 1-800-693-5082 which is claimed to get you in touch with tech support. However, we believe that it is fake since it is also featured on a fake website. Therefore, as a safety measure, we suggest that you reset your web browser to its default settings and download SpyHunter to scan your entire computer for malicious software.

Possible removal method

Mozilla Firefox

  1. Launch the web browser.
  2. Press the Alt+H keys and select Troubleshooting Information.
  3. Click Refresh Firefox.
  4. In the dialog box, click Refresh Firefox again.
  5. Click Finish.

Google Chrome

  1. Launch the web browser.
  2. Press the Alt+F keys and choose Settings.
  3. Select Show advanced settings.
  4. Click Reset settings and then click Reset again.

Microsoft Internet Explorer

  1. Launch the web browser
  2. Press Alt+T and click Internet Options.
  3. Open the Advanced tab and click Reset.
  4. Select the checkbox.
  5. Click Reset and then click Close.

In non-techie terms:

An embedded page at Astrumpops.online is injected by malware to show you a pop-up message that, ironically, says that your PC is infected with malware. This is a fake message whose purpose is to promote a fake tech support phone number. Therefore we recommend that you try to remove this pop-up be resetting your browser to its default settings or detect and delete it using an antimalware tool.