Some Windows users have been reaching us with questions after seeing constant pop-ups with the Error Code: 0x80016CFA whenever they attempt to open a new page in their browser. This is confirmed to happen with Edge, Internet Explorer Opera, Chrome, and a few other 3rd party browsers.
If you’re seeing these kinds of pop-ups whenever you open your default browser, your computer is most likely infected with an adware program that has effectively hijacked your browser. In most cases, this is made possible by a browser hijacker nicknamed Rogue.Tech-Support-Scam by security researchers.
This is part of a tech support scam designed to defraud the user by convincing them to call a toll-free assistance number to receive support. But upon doing so, they are greeted by individuals claiming to represent Microsoft that will try to extract money.
This is a well-orchestrated scam, not an actual error message, so if you see this error message in your browser, DO NOT Call the toll assistance number.
What you should do instead is follow a series of instructions to remove this adware from your computer in order to stop the popups from occurring again. There are several different approaches that you can take to solve this, depending on the variety of malware that you are encountering.
Most likely, you’ve allowed the malicious program to infect your computer after clicking on a link or after opening an email attachment.
Below you’ll find a list of steps that will allow you to deal with this fake Error Code: 0x80016CFA:
STEP 1: Uninstalling the Parent Malicious App (if applicable)
If this adware entered your system after you downloaded and installed a PUP (Potentially Unwanted Program), you should start by uninstalling the program from Programs and Files. This step is crucial if you’re dealing with program-based adware since most of them have the capability to reinfect browsers even after you have cleaned the malicious code from your browser.
Note: Depending on the variety of adware that you have contracted, this step might not be applicable as the scam popup is rooted in your browser’s temporary folder. In case you don’t manage to find a suspicious program in the list of installed applications, move directly to STEP 2.
Follow the instructions below to uninstall the malicious application:
- Press Windows key + R to open up a Run dialog box. Next, type ‘appwiz.cpl’ inside the text box and press Enter to open up the Programs and Features menu.
- Once you’re inside the Programs and Features menu, scroll down through the list of installed programs and look for a suspiciously named entry. In most cases, you can tell which one is the malicious program by checking the Publisher. If the publisher is missing and you don’t recognize the program, get rid of it by right-click on it and choose Uninstall from the context menu.
- Inside the uninstallation screen, follow the on-screen prompts to complete the uninstallation, then restart your computer and wait for the next startup to complete.
STEP 2: Removing the Browser Hijacker
Once you have uninstalled the suspicious application, the next step is to clean the malicious from your browser. Now, depending on the variety of malware that you’re dealing with, the code that’s triggering the pop-up is either rooted in an extension that you might have unwillingly installed or it’s located in a temporary file that’s currently being cached.
Because of this, removing the browser hijacker should be a 2-step process:
- Step 1 – Uninstalling the Problematic Extension
- Step 2 – Clearing the cached files of your browser
Here are some step-by-step instructions that should guide you through this process:
- Access the action bar on your browser and look for an option labeled Extensions or Add-ins. Once inside, look for any extensions that you don’t recognize and click on the Remove button to get rid of them.
Note: These steps are only informative as the screens you’ll see will vary depending on the browser that you are using.
- Next, clear the browser cache of your browser and ensure that you get rid of both cookies and the cache folder. Here are some step-by-step instructions that will help you do this on every popular browser.
- Restart your computer and move down to the final step below.
STEP 3: Deep Scanning with Malwarebytes
Once you have successfully removed any trace of the adware from your browser, the final step is to ensure that you clean any remnant files of the adware to make sure it can’t reinfect your system.
There are several tools that can help you do this, but we recommend Malwarebytes. This a powerful on-demand scanner that is known to remove the majority of malware, adware, and malicious code that might have infected your browser.
If you decide to use this tool, make sure to go for the deep scan instead of the quick one to improve the scope of the procedure. It will take longer, but the results are better.
As we are writing this article, the deep scan feature is still available with the free version of the program. Here are some step-by-step instructions on downloading, installing & running a deep scan with Malwarebytes.
Once the scan is finished, restart your computer one final time and see open the same browser that was previously triggering the Error Code: 0x80016CFA. You should not have the same issues again.