Adwares / Malwares / Browser Hijackers/ PUPs Removal guide[hr][/hr] These days, adwares are everywhere. Right from softwares you install, to links you click, to pages you visit and what not. Apart from nasty adwares, which will irritate you to the core, PUPs (Potentially Unwanted Programs) and Browser Hijackers are also very common these days. The very basic reason behind all this is pure marketing. So first of all, how to identify if you're infected with any of these ? Unwanted browser add ons which might even not go away Clicking on a link leads to elsewhere or maybe clicking just on an empty space in a browser leads you to a predefined target Adwares might show up like these: Spoiler Spoiler They can be hugely annoying and irritating, so let's get started with how can you get your calm back: Solution: Check your computer for any unwanted program installed You can check this list for reference: Spoiler Bad programs to remove from Add/Remove Programs: 180searchAssistant 2020Search 360Share (P2P program; all kinds of junk comes in on these) 404Search 411Ferret Toolbar 7FaSSt Search ABCSearch Active Alert ActualNames Advanced Search AdvSearch Alexa AllAdvantage Viewbar AltPayments AM Server Appswebservice.com search assistant AUREAL autoSearch AXDownload B3d Projector BackWeb Bargain Buddy BearShare (P2P program) BetterInternet Big Fish Games toolbar (causes TrueFindPage hijack) Bonzi Buddy Brows er Enhancer, Browser Enhance r, and other variations. BrowserAid BrowserPal BullsEye Network CashToolbar CashBack by BargainBuddy Chinese keywords Click2FindNow ClickTheButton ClientMan ClockSync CnsMin Comet Cursor Command (this one you'll probably have to download their removal tool) CommonName Cpr CtxPls CuteFTP Cydoor DailyToolbar Dashbar Date Manager Delfin Download Receiver DownloadWare E2Give Browser Add On E2give Plug-in eAcceleration eAnthology EasySearchBar ErrorGuard eWallet eXact Search Bar ezcybersearch ezSearchBar Ezula F1 FirstLook FlashTrack Uninstall flt Free Scratch Cards FreeScratchAndWin Friend Greetings FT remove FTApp Fun Web Products Easy Installer GAIN Gator or Gator eWallet Go GO Network Express Search GogoTools version (some number) Grokster Home Search Assistant (For instructions to remove click here) HotBar Httper HuntBar Hyperlinker IconForge IE Search Toolbar Plugin IE Toolbar IEDriver iLookup iMesh (P2P program; all kinds of junk comes in on these) InetDoor Insterstitial ad delivery by n-Case Internet 404 Internet Optimizer Internet Tools Internet Washer Pro IPInsight (not same as IP Insight which is valid) Ipinsigt ISTbar ISTsvc or ISTBar iWon EZ Setup iWon Plus Kazaa KeenValue KeywordPlugin L O.P. Un instal1, L.O P. Un insta1, and other variations. Live 0n line Portal, Live.0nli ne Porta1, and other variations. Lycos Sidesearch Main class MarketScore masterbarHallmedia.net mc Media Gateway Media Motor Medialoads MediaLoads Enhanced Media Pipe MegaSearch toolbar MemoryMeter Midaddle Mirar, Mirar Toolbar, etc. MoreResults MS AUpdate MS AUpdate MS T-Media Display MS Updates MS Updates mscman MSIETS My Search Bar My Web Search My Web Search Bar MyFunCards MySearch MyWay MyWeb MyWebSearch MyDailyHoroscope MyWay Speed Bar Napster NavHelper NaviSearch Neo Technology Search Engine Network Monitor NetworkEssentials New.net Domains (some number) New.net. NewtonKnows NoAdware NowBox OnFlow Onflow OpenSite Orbit Outlook Tools by Hotbar P2Pnetworks PAD lookups by n-Case POP PowerStrip Precision Time Premium Search Start Page Preview AdService Pure Networks Port Magic qidion - toolbar qsuvzeonfw Quicklinks QuickSearch Toolbar RapidBlaster rb32 lptt01 Recommended Hotfix - 421701D Related Page RVP RX Bar Save SaveNow SBFullInst Control Search 2020 Search Assistant Utility Search Assistant Uninstall Search Extender (For instructions to remove click here) Search Toolbar SearchBus Searchit - toolbar SearchSquire Seekmo Search Assistant Select Cashback ShopAtHomeSelect Agent Shopper Reports Shopping Community Sibelius Scorch Sidefind Shopping Wizard (For instructions to remove click here) SmileyCentral SnackMan SongSpy SpecialOffers! Spedia SpeedBlaster StatBlaster Static Wallpaper Stop-Sign supaseek supaseek - Toolbar SuperBar IE Plugin Surf Accuracy Surf+ Surfairy SysAI The ABI Network - A Division of Direct Revenue The Best Offers The BullsEye Network TinyBar Toolbar - My toolbar Tools for Internet Explorer TopText TopText iLookup Trellix Web Express, Trellix Web TrueFindPage TSA TurboDownload TV Media TV Media Display UCmore - The Search Accelerator Ultimate Browse r Enhancer, Ultimate Browser En hancer, and other variations. Uninstall 180Search Assistant Uninstall Seekmo Viewpoint Media Manager, Viewpoint Media Player, Viewpoint Manager, Viewpoint, etc. WAST Weatherbug (see article here) Web Search Toolbar Web Search Tools Web Tools by Hotbar Web Toolbar WebEnh WebHancer Webhancer Customer Companion WebInstall WebOffer WebRebates (by TopRebates.com) WebUpdate WebSearch Toolbar whazit tools WhenU Search WildMedia Win-Tools Easy Installer WinAntivirus Winfixer, WinFixer 2005, etc. (This is a really bad one.) win32 Window Active WinSrv Reg Win-Tools Easy Installer wintrim XDiver XXXToolbar Your Sidebar Your Sitebar YuupSearch Toolbar Zango Zipclix zSearch ZZ Taken from - List of Unwanted Programs in Add / Remove Programs This is not complete list so you might have a PUP out of this list, and chances are very high of that case. If you are unsure about any listing, Google it or post here. IMPORTANT: Please use third party uninstallers to remove any such unwanted program. You may use any of the following: Revo Portable - Best of the lot but slowest. Good to remove minutest trace present. IOBit Uninstaller - Batch uninstallation in free version is the only plus if compared to others, otherwise good enough. Geek Uninstaller - Fastest of the lot, and very handy keyboard shortcuts but sometimes, it misses out on some traces, but only sometimes. Reset your browsers and check for any unwanted or unknown addons. Make sure your remove all the suspicious addons; some of them might not get removed, but don't worry about that, we'll deal with them later. IE - Run -> inetcpl.cpl -> Restore advanced settings -> Reset Chrome - Settings -> Show advanced settings -> Reset Firefox - Help -> Troubleshooting Information -> Refresh Firefox. Alternatively, hold down shift key, and double click FF shortcut icon, that'll give you option to refresh FF. Fire up CCleaner, yes, you heard it right. Clean up the junk and reg entries using it. Note: It's never recommended to blindly delete the %temp% folder directly as they might contain some useful files used in background by some program. Go to Tools, now remove all the suspicious entries in Windows, Browsers (it basically shows add ons from the browsers, and some of the addons which do not show up in respective browsers, are shown here) and Scheduled Tasks. Scheduled tasks are most used by PUPs to keep running in background as one never checks them apart from normal windows start up. 95% of the items in scheduled tasks are usually not required. Check start up services in msconfig. Make sure you hide all Microsoft services, then do any experiment. Check Task Manager for any suspicious process running. Make sure you check file location of the process to be double sure about the authenticity of the process, and the effects of ending it. Basic problems are fixed till this step, but 95% problems are not basic, because the way PUPs/adwares are deployed, they always leave a trace, thus the requirement of running some advanced tools. One important thing to note is that you must run tools in the order I'm mentioning because of the multiple reasons, viz, effectiveness and risk/side-effects. AdwCleaner - The most powerful tool in the sense being so small in size but being most effective, relatively. Running this tools should clean most if not all the items. A reboot is mandatory by default. JRT - A CLI tool which is quite effective. However, in most cases, it fails to remove what AdwCleaner can't remove, but in some cases, it does. Malwarebytes - Needs no introduction. It's like de facto tool for malware/adware/PUP removal. Make sure you update it before running. Malwarebytes has a modified version called Malwarebytes Chameleon, which basically comes handy when the infection doesn't allow it to run. Chameleon can run faking mbam.exe as firefox.exe, svchost.exe, winlogon.exe, etc. Apart from the primary benefit, Chameleon is a tad better in catching the infections which normal mbam can't, such cases are rare though. Hitman Pro - Using Kaspersky scan engine, it really shines out in what others (the above list) struggle to do till now. Be extra cautious in using Hitman Pro, as sometimes it wipes out the MBR (rare though), thus creating a no boot scenario. So make sure you manually scroll down the scan results. Your computer should now be free of any kind of adwares if you followed all the above steps barring exceptions, which I'll discuss in the later part of this tutorial. Some other tools which you may try if everything above fails: Rogue Killer - A very powerful tool. It even removes critical infections (virus/worm/trojan), fixes proxy issue and resets host file. YAC - Nothing over the board, but sometimes, it just works. TDSSKiller - Worth a try, a powerful tool in it's arena. Autoruns - A Microsoft tool, very very powerful. So be very careful while using it. DO NOT mess with any entry you're unsure of. You just have to uncheck all the highlighted items, which actually are missing from the system. HijackThis - Developed by Trend Micro, deploying old school methodology but giving you flexibility to choose your own consequences. It scans through the computer and then it depends upon your retina scanner to filter the suspicious items and remove them. So, careful ! Important Note: All the advanced tools are suggested to run in safe mode as sometimes infections escape somehow, which doesn't happen in safe mode. Some cases and pointers: In some cases, addon from IE is not removable. All the enable/disable buttons are grayed out and there is nothing you could do. In this case, follow this method - http://superuser.com/a/268408 In following locations - Program Files(x86), ProgramData, AppData, look for any gibberish files or folders, and delete them. They'll be most probably malwares/adwares. In Chrome, I've seen couple of occasions, where a specific add on is not removed and the ad doesn't go away, that's very very rare though. In this case, back up your user data of Chrome, which is anyway synced if you're signed in to your Chrome Google account, and delete AppData folder of Chrome as last resort. Never ever directly run the tools. First remove the unwanted programs, if any, then only run these tools. I faced a scenario, where I had to apply reverse engineering to remove a single trace left somewhere deep inside the system. I had to install the PUP (and believe me, finding the setup for that PUP was such a pain in the back), then remove it through Revo, and problem was solved. Sometimes, after removing a unwanted programs, you might face proxy issue. In that case, Hitman Pro, Rogue Killer are your best friends. However, there are some other manual methods used for advanced troubleshooting. Also, the proxy issue sometimes doesn't allow you to even download these softwares. So, Firefox is comes to rescue as it's network settings do not follow global settings as governed by inetcpl. Still, you if you face any proxy issue which is not resolved, do post here for advanced resolutions. All of the above step should solve your problem. If not, feel free to share it here. Now, some pointers as in how can you prevent these nasty pieces of codes to come in to your beloved machine: Make sure you have a security software (anti-virus) which supports PUP detection. Most anti-viruses do support, so make sure it's enabled. I for one, use ESET; been using for 5 years, and it is pretty good. There's one harsh reality though: no anti-virus program could match the level of those anti-malwares/adwares which are specifically built to remove them. So, having them is good, but not full-proof. Always keep Malwarebytes as your On Demand Scanner. Scan regularly whenever you feel the need to. Use good ad blocking extensions in browsers. In Chrome, use uBlock (by gorhill). It is by far the best ad blocker available across all browsers. It also blocks many suspicious redirections, harmful sites, and has quite low memory footprint. The Firefox version is no where near, and provides ad blocking even worse than AdBlock Plus. Still, having one reduces the risk. Genuine bloats such as flash and all other programs which offer PUPs, toolbars, and other stuff to install, even though can be evaded manually. A program called Unchecky claims to do that for you. It automatically unchecks the required check boxes when such a program installation is underway. Power users won't require it, but it's good for people who tend to miss such things. Last but not least, keep your eyes, open. Your instinct is the best protection mechanism/software you have. Good Luck ! Regards.