Adwares / Malwares / Browser Hijackers/ PUPs Removal guide
These days, adwares are everywhere. Right from softwares you install, to links you click, to pages you visit and what not.
Apart from nasty adwares, which will irritate you to the core, PUPs (Potentially Unwanted Programs) and Browser Hijackers are also very common these days. The very basic reason behind all this is pure marketing.
So first of all, how to identify if you're infected with any of these ?
- Unwanted browser add ons which might even not go away
- Clicking on a link leads to elsewhere or maybe clicking just on an empty space in a browser leads you to a predefined target
Adwares might show up like these:
-
*i.imgur.com/PaOPWFp.jpg
-
*i.imgur.com/nCfshqe.jpg
They can be hugely annoying and irritating, so let's get started with how can you get your calm back:
Solution:
- Check your computer for any unwanted program installed
You can check this list for reference:Bad programs to remove from Add/Remove Programs:
180searchAssistant
2020Search
360Share (P2P program; all kinds of junk comes in on these)
404Search
411Ferret Toolbar
7FaSSt Search
ABCSearch
Active Alert
ActualNames
Advanced Search
AdvSearch
Alexa
AllAdvantage Viewbar
AltPayments
AM Server
Appswebservice.com search assistant
AUREAL
autoSearch
AXDownload
B3d Projector
BackWeb
Bargain Buddy
BearShare (P2P program)
BetterInternet
Big Fish Games toolbar (causes TrueFindPage hijack)
Bonzi Buddy
Brows er Enhancer, Browser Enhance r, and other variations.
BrowserAid
BrowserPal
BullsEye Network
CashToolbar
CashBack by BargainBuddy
Chinese keywords
Click2FindNow
ClickTheButton
ClientMan
ClockSync
CnsMin
Comet Cursor
Command (this one you'll probably have to download their removal tool)
CommonName
Cpr
CtxPls
CuteFTP
Cydoor
DailyToolbar
Dashbar
Date Manager
Delfin
Download Receiver
DownloadWare
E2Give Browser Add On
E2give Plug-in
eAcceleration
eAnthology
EasySearchBar
ErrorGuard
eWallet
eXact Search Bar
ezcybersearch
ezSearchBar
Ezula
F1
FirstLook
FlashTrack Uninstall
flt
Free Scratch Cards
FreeScratchAndWin
Friend Greetings
FT remove
FTApp
Fun Web Products Easy Installer
GAIN
Gator or Gator eWallet
Go
GO Network Express Search
GogoTools version (some number)
Grokster
Home Search Assistant (For instructions to remove click here)
HotBar
Httper
HuntBar
Hyperlinker
IconForge
IE Search Toolbar Plugin
IE Toolbar
IEDriver
iLookup
iMesh (P2P program; all kinds of junk comes in on these)
InetDoor
Insterstitial ad delivery by n-Case
Internet 404
Internet Optimizer
Internet Tools
Internet Washer Pro
IPInsight (not same as IP Insight which is valid)
Ipinsigt
ISTbar
ISTsvc or ISTBar
iWon EZ Setup
iWon Plus
Kazaa
KeenValue
KeywordPlugin
L O.P. Un instal1, L.O P. Un insta1, and other variations.
Live 0n line Portal, Live.0nli ne Porta1, and other variations.
Lycos Sidesearch
Main class
MarketScore
masterbarHallmedia.net
mc
Media Gateway
Media Motor
Medialoads
MediaLoads Enhanced
Media Pipe
MegaSearch toolbar
MemoryMeter
Midaddle
Mirar, Mirar Toolbar, etc.
MoreResults
MS AUpdate
MS AUpdate
MS T-Media Display
MS Updates
MS Updates
mscman
MSIETS
My Search Bar
My Web Search
My Web Search Bar
MyFunCards
MySearch
MyWay
MyWeb
MyWebSearch
MyDailyHoroscope
MyWay Speed Bar
Napster
NavHelper
NaviSearch
Neo Technology Search Engine
Network Monitor
NetworkEssentials
New.net Domains (some number)
New.net.
NewtonKnows
NoAdware
NowBox
OnFlow
Onflow
OpenSite
Orbit
Outlook Tools by Hotbar
P2Pnetworks
PAD lookups by n-Case
POP
PowerStrip
Precision Time
Premium Search Start Page
Preview AdService
Pure Networks Port Magic
qidion - toolbar
qsuvzeonfw
Quicklinks
QuickSearch Toolbar
RapidBlaster
rb32 lptt01
Recommended Hotfix - 421701D
Related Page
RVP
RX Bar
Save
SaveNow
SBFullInst Control
Search 2020
Search Assistant Utility
Search Assistant Uninstall
Search Extender (For instructions to remove click here)
Search Toolbar
SearchBus
Searchit - toolbar
SearchSquire
Seekmo Search Assistant
Select Cashback
ShopAtHomeSelect Agent
Shopper Reports
Shopping Community
Sibelius Scorch
Sidefind
Shopping Wizard (For instructions to remove click here)
SmileyCentral
SnackMan
SongSpy
SpecialOffers!
Spedia
SpeedBlaster
StatBlaster
Static Wallpaper
Stop-Sign
supaseek
supaseek - Toolbar
SuperBar IE Plugin
Surf Accuracy
Surf+
Surfairy
SysAI
The ABI Network - A Division of Direct Revenue
The Best Offers
The BullsEye Network
TinyBar
Toolbar - My toolbar
Tools for Internet Explorer
TopText
TopText iLookup
Trellix Web Express, Trellix Web
TrueFindPage
TSA
TurboDownload
TV Media
TV Media Display
UCmore - The Search Accelerator
Ultimate Browse r Enhancer, Ultimate Browser En hancer, and other variations.
Uninstall 180Search Assistant
Uninstall Seekmo
Viewpoint Media Manager, Viewpoint Media Player, Viewpoint Manager, Viewpoint, etc.
WAST
Weatherbug (see article here)
Web Search Toolbar
Web Search Tools
Web Tools by Hotbar
Web Toolbar
WebEnh
WebHancer
Webhancer Customer Companion
WebInstall
WebOffer
WebRebates (by TopRebates.com)
WebUpdate
WebSearch Toolbar
whazit tools
WhenU Search
WildMedia
Win-Tools Easy Installer
WinAntivirus
Winfixer, WinFixer 2005, etc. (This is a really bad one.)
win32
Window Active
WinSrv Reg
Win-Tools Easy Installer
wintrim
XDiver
XXXToolbar
Your Sidebar
Your Sitebar
YuupSearch Toolbar
Zango
Zipclix
zSearch
ZZ
Taken from - List of Unwanted Programs in Add / Remove Programs
This is not complete list so you might have a PUP out of this list, and chances are very high of that case. If you are unsure about any listing, Google it or post here.
IMPORTANT: Please use third party uninstallers to remove any such unwanted program.
You may use any of the following:
- Revo Portable - Best of the lot but slowest. Good to remove minutest trace present.
- IOBit Uninstaller - Batch uninstallation in free version is the only plus if compared to others, otherwise good enough.
- Geek Uninstaller - Fastest of the lot, and very handy keyboard shortcuts but sometimes, it misses out on some traces, but only sometimes.
- Reset your browsers and check for any unwanted or unknown addons. Make sure your remove all the suspicious addons; some of them might not get removed, but don't worry about that, we'll deal with them later.
- IE - Run -> inetcpl.cpl -> Restore advanced settings -> Reset
- Chrome - Settings -> Show advanced settings -> Reset
- Firefox - Help -> Troubleshooting Information -> Refresh Firefox. Alternatively, hold down shift key, and double click FF shortcut icon, that'll give you option to refresh FF.
- Fire up CCleaner, yes, you heard it right.
- Clean up the junk and reg entries using it. Note: It's never recommended to blindly delete the %temp% folder directly as they might contain some useful files used in background by some program.
- Go to Tools, now remove all the suspicious entries in Windows, Browsers (it basically shows add ons from the browsers, and some of the addons which do not show up in respective browsers, are shown here) and Scheduled Tasks. Scheduled tasks are most used by PUPs to keep running in background as one never checks them apart from normal windows start up. 95% of the items in scheduled tasks are usually not required.
- Check start up services in msconfig. Make sure you hide all Microsoft services, then do any experiment.
- Check Task Manager for any suspicious process running. Make sure you check file location of the process to be double sure about the authenticity of the process, and the effects of ending it.
- Basic problems are fixed till this step, but 95% problems are not basic, because the way PUPs/adwares are deployed, they always leave a trace, thus the requirement of running some advanced tools. One important thing to note is that you must run tools in the order I'm mentioning because of the multiple reasons, viz, effectiveness and risk/side-effects.
- AdwCleaner - The most powerful tool in the sense being so small in size but being most effective, relatively. Running this tools should clean most if not all the items. A reboot is mandatory by default.
- JRT - A CLI tool which is quite effective. However, in most cases, it fails to remove what AdwCleaner can't remove, but in some cases, it does.
- Malwarebytes - Needs no introduction. It's like de facto tool for malware/adware/PUP removal. Make sure you update it before running. Malwarebytes has a modified version called Malwarebytes Chameleon, which basically comes handy when the infection doesn't allow it to run. Chameleon can run faking mbam.exe as firefox.exe, svchost.exe, winlogon.exe, etc. Apart from the primary benefit, Chameleon is a tad better in catching the infections which normal mbam can't, such cases are rare though.
- Hitman Pro - Using Kaspersky scan engine, it really shines out in what others (the above list) struggle to do till now. Be extra cautious in using Hitman Pro, as sometimes it wipes out the MBR (rare though), thus creating a no boot scenario. So make sure you manually scroll down the scan results.
Your computer should now be free of any kind of adwares if you followed all the above steps barring exceptions, which I'll discuss in the later part of this tutorial.
Some other tools which you may try if everything above fails:
- Rogue Killer - A very powerful tool. It even removes critical infections (virus/worm/trojan), fixes proxy issue and resets host file.
- YAC - Nothing over the board, but sometimes, it just works.
- TDSSKiller - Worth a try, a powerful tool in it's arena.
- Autoruns - A Microsoft tool, very very powerful. So be very careful while using it. DO NOT mess with any entry you're unsure of. You just have to uncheck all the highlighted items, which actually are missing from the system.
- HijackThis - Developed by Trend Micro, deploying old school methodology but giving you flexibility to choose your own consequences. It scans through the computer and then it depends upon your retina scanner to filter the suspicious items and remove them. So, careful !
- AdwCleaner - The most powerful tool in the sense being so small in size but being most effective, relatively. Running this tools should clean most if not all the items. A reboot is mandatory by default.
Important Note: All the advanced tools are suggested to run in safe mode as sometimes infections escape somehow, which doesn't happen in safe mode.
Some cases and pointers:
- In some cases, addon from IE is not removable. All the enable/disable buttons are grayed out and there is nothing you could do. In this case, follow this method - *superuser.com/a/268408
- In following locations - Program Files(x86), ProgramData, AppData, look for any gibberish files or folders, and delete them. They'll be most probably malwares/adwares.
- In Chrome, I've seen couple of occasions, where a specific add on is not removed and the ad doesn't go away, that's very very rare though. In this case, back up your user data of Chrome, which is anyway synced if you're signed in to your Chrome Google account, and delete AppData folder of Chrome as last resort.
- Never ever directly run the tools. First remove the unwanted programs, if any, then only run these tools. I faced a scenario, where I had to apply reverse engineering to remove a single trace left somewhere deep inside the system. I had to install the PUP (and believe me, finding the setup for that PUP was such a pain in the back), then remove it through Revo, and problem was solved.
- Sometimes, after removing a unwanted programs, you might face proxy issue. In that case, Hitman Pro, Rogue Killer are your best friends. However, there are some other manual methods used for advanced troubleshooting. Also, the proxy issue sometimes doesn't allow you to even download these softwares. So, Firefox is comes to rescue as it's network settings do not follow global settings as governed by inetcpl. Still, you if you face any proxy issue which is not resolved, do post here for advanced resolutions.
All of the above step should solve your problem. If not, feel free to share it here.
Now, some pointers as in how can you prevent these nasty pieces of codes to come in to your beloved machine:
- Make sure you have a security software (anti-virus) which supports PUP detection. Most anti-viruses do support, so make sure it's enabled. I for one, use ESET; been using for 5 years, and it is pretty good. There's one harsh reality though: no anti-virus program could match the level of those anti-malwares/adwares which are specifically built to remove them. So, having them is good, but not full-proof.
- Always keep Malwarebytes as your On Demand Scanner. Scan regularly whenever you feel the need to.
- Use good ad blocking extensions in browsers. In Chrome, use uBlock (by gorhill). It is by far the best ad blocker available across all browsers. It also blocks many suspicious redirections, harmful sites, and has quite low memory footprint. The Firefox version is no where near, and provides ad blocking even worse than AdBlock Plus. Still, having one reduces the risk.
- Genuine bloats such as flash and all other programs which offer PUPs, toolbars, and other stuff to install, even though can be evaded manually. A program called Unchecky claims to do that for you. It automatically unchecks the required check boxes when such a program installation is underway. Power users won't require it, but it's good for people who tend to miss such things.
Good Luck !
Regards.
