In case this helps someone:
I attempted to post a comment to a friend's blog, which I had done many times in the past, though not recently. After sending it, up popped a request to "prove you're not a robot." That was not something I expected, but it's not uncommon, and as I said, I hadn't commented on that site recently. Perhaps they had instituted new security.
In any case, I was distracted and clearly not paying enough attention when I complied and clicked the "Allow" button as requested. As you have guessed, this was not a legitimate request, and by clicking there I allowed something called ssqltuh.quartzquester.top to give push notifications in my Chrome browser. Which it proceeded to do.
At least that got my attention, and I knew better than to click on any of those.
I ran a full-scale Windows Security scan overnight. It found a handful of minor threats, which it took care of. But nothing about this one, and when I again brought up Chrome, it produced not one but several of those notifications.
Time to research. Using the Edge browser this time. There were some more exhaustive suggestions for getting rid of the problem, but I started with the simplest: I became acquainted with the feature under Chrome's Settings that controls what websites are allowed to push notifications: From the three dots menu in the upper right, choose Settings - Privacy and Security - Site Settings - Permissions - Notifications. Lo and behold, the nasty site was allowed. I changed that, and—thus far at least—it looks to have done the job.
The moral of the story?
- Bad actors are continually becoming more and more clever, and
- No matter how careful you think you are, anyone can be caught off guard at a bad moment.
