Scareware browser hijacker wont go away

Hi Everyone, Every time my firefox updates or something or opens up this scareware scam page comes up and wont go away. I have to kill firefox from end task and then go at it. Very frustrating. Link below.

http://www.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com/?mid=5241&number=0800-555241&cid=rBXyofQKp-4&pid=128862_116482&bid=0.0065&ip=218.101.100.4&city=Whangarei&url=e24790db515f3abd94b89588ee28f103.com&network=anzmscomboclf5502

Hi Z6,

This is call tracking, attribution, recording, routing, reporting and analytics for marketers, digital agencies, call centres and performance networks code from Ringba.com - enterprise call tracking software. Did you install that somehow, and how did it enter there?

Code kicks up errors and also blocks the PC’s browser (You cannot load your own local copy, http/https spec. left out).:

Errors

wXw.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com/?mid=5241&number=0800-555241&cid=rBXyofQKp-4&pid=128862_116482&bid=0.0065&ip=218.101.100.4&city=Whangarei&url=e24790db515f3abd94b89588ee28f103.com&network=anzmscomboclf5502 (VT scan does not detect)
[nothing detected] wXw.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com/?mid=5241&number=0800-555241&cid=rBXyofQKp-4&pid=128862_116482&bid=0.0065&ip=218.101.100.4&city=Whangarei&url=e24790db515f3abd94b89588ee28f103.com&network=anzmscomboclf5502
status: (referer=http:/???/web?q=puppies)saved 6356 bytes 6cde4f80e6da40a1548d342b713360b7232131c6
info: [script] wXw.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com/assests/jquery.min.js
info: [script] wXw.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com/assests/analytics.js
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined function $
error: line:7: SyntaxError: XML tag name mismatch (expected meta):
error: line:7:
error: line:7: …^
also there
found JavaScript
error: undefined variable m
info: [element] URL=www.google-analytics.com/analytics.js
info: [1] no JavaScript
file: 40f49771d81e0670b876088c01002a7ac24d2036: 395 bytes
file: e354a87e628430956b24e0aba494545e1f44a2e4: 111 bytes

Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com%2F%3Fmid%3D5241%26number%3D0800-555241%26cid%3DrBXyofQKp-4%26pid%3D128862_116482%26bid%3D0.0065%26ip%3D218.101.100.4%26city%3DWhangarei%26url%3De24790db515f3abd94b89588ee28f103.com%26network%3Danzmscomboclf5502&ref_sel=GSP2&ua_sel=ff&fs=1

Also consider: http://www.domxssscanner.com/scan?url=http://www.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com/?mid=5241&number=0800-555241&cid=rBXyofQKp-4&pid=128862_116482&bid=0.0065&ip=218.101.100.4&city=Whangarei&url=e24790db515f3abd94b89588ee28f103.com&network=anzmscomboclf5502%20->%2052.219.84.36

Results from scanning URL: -http://www.pc.error56700007513anzmscomboclf5241.com.s3-website.us-east-2.amazonaws.com/assests/analytics.js
Number of sources found: 34
Number of sinks found: 15

Error

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
wXw.googletagmanager.com/ns.html?id=GTM-KLXF7H benign
[nothing detected] (iframe) wXw.googletagmanager.com/ns.html?id=GTM-KLXF7H
status: (referer=wXw.google-analytics.com/)saved 262 bytes bf669d2b13d7b9ed53417be66ae2e0e52df0845f
file: bf669d2b13d7b9ed53417be66ae2e0e52df0845f: 262 bytes
error in this script code
[iframe] wXw.googletagmanager.com/ns.html?id=GTM-KLXF7H
info: [decodingLevel=0] found JavaScript
error: undefined variable H.className
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var H.className = 1;
error: line:1: …^
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3:
error: line:3: …^
file: bffed91cc5a4e4768c9bdc3a55eb9f23c5c07588: 82595 bytes

Wait for a qualified malware remover here to help you with cleansing, see: https://forum.avast.com/index.php?topic=194892.0

I just illustrated what I could detect through cold reconnaissance third party website security scanning and website error hunting. The suspicious code is not malicious as such but it hijacks your browser. Did you try to reset your browser to original settings and close up all extensions? What did that bring? The code says the scamware is specially directed at main browsers like chrome and firefox as such. Weird the url scan from Virus Total does not give any alerts and an all green.

polonus (volunteer website security analyst and website error-hunter)