I have a hard time believing its a cache/history issue anyhow, as the attacker URL changes each time. This time it was ysguhildm.myftp.biz/.... At home, it seems to always be XXX.myftp.biz where the XXX=an apparent random string of letters, but changing each time. At work, it seems to be XXX.serveftp.com and I have seen one other post where it was XXX.myftp.org. It seems like it is variable enough to be pesky to find and inoculate.
Try doing what I did - a System Restore to sometime before the popups started happening. For me, it was a week or so back. When it booted up clear, I did a malwarebytes full scan, and cleaned things out. It found traces in my user profile folders. The popups were gone after that.
Dave
I chanced it and brought this back up on my computer (I have been accessing TUG through my tapatalk on my phone after being infected) and so far so good. No notifications or anything while on the site.