needs to be a phone call
No 2 ways about it. Needs to be a phone call.
Couple reasons, firstly, that popup looks just like the scams that got those people into trouble in the first place. Hopefully they've learned by now and won't click on them. Second, if you send an email, it's just as suspicious. Thrid, yes third... what's to stop virus/trojan writers from using popup/popovers that look just like Comcasts? It's trivial to detect what ISP someone is using and customise it.
Dear Comcast... just pick up the phone and alert the user the hard way. Yes it's more expensive but it's 100% more effective. Otherwise, it's just a waste of time.
A phone call for every infected machine is a bit time consuming as nearly everyone will demand to speak to a human. IMO, EVERYTHING is locked down on the infected machine until it is fixed. The only thing you get is a special comcast security (plus window update, and some security related site) website (all web traffic routed to that site, but no mail or anything else) that has: an explanation, a howto, mirrors/direct links to AV software, phone numbers, and a web based email client. A popup and replaced banner ad can easily be ignored and probably spoofed to fool many, but a special forced redirect is impossible to ignore fairly hard to spoof.
When I was on a campus network, if your computer started acting strange (packet that make you appear to be infected, suspicious/malicious behavior, and others), you were automatically shutdown until you contacted the network admins. I don't think something like this would work since it'll probably tick off a lot of people and the sheer number of people.