Advertisements and marketing are inseparable concepts. It’s embedded e-commerce content that allows various online services to exist without charging their customers a penny. There are unspoken guidelines that the interested parties follow along the way, such as avoiding the redundancy of ads and only promoting commodities that are safe. Ideally, these campaigns aren’t overly intrusive, both the service providers and the end users are satisfied. This remarkable equilibrium, however, is amazingly easy to disrupt.
Malicious programs categorized as adware drastically diminish one’s online experience by injecting obnoxious ads into all websites that the person visits. Note the fundamental difference between regular advertisements and the ones spawned by adware. The former are authorized and generated on the server side while the latter are isolated strictly to a particular computer.
Since the evil counterparts aren’t bound by regulations of any sort, they tend to get superfluous and may even cram up the greater part of an arbitrary web page. Virus-borne items include ads above the fold, coupons, banners, price comparison charts, bogus software updates, inline text and full-page interstitials. Such a diversity enables the cyber criminals to get the biggest bang from their ad click fraud campaigns, but the infected users suffer the consequences big time.
Although adware removal may be a challenge to perform, below are the techniques worth adopting to get rid of nasty ads on sites.
- Windows uninstall functionality should be the starting point. This feature is built into the operating system and allows removal of any installed program in a couple of clicks. All it takes is go to Control Panel from Windows Start menu, select Uninstall a Program, examine the software list, pick the malicious entry and hit Uninstall. Some malware, though, obfuscates its presence on a PC and may not be listed, in which case it’s recommended to proceed to the next step.
- Manual removal from web browsers is very efficient when it comes to adware troubleshooting. Since it’s the web browsing facet that gets hit by these infections in the first place, spotting and trashing the offending browser add-on is one of the prerequisites of a successful cleanup. Nevertheless, adware can add a scheduled task to reanimate the extension after such action on the user’s end. A full reset of the affected browser’s configuration is, more efficient, moreover, it remediates the unwanted changes. In Google Chrome, this option is under Advanced Settings; in Mozilla Firefox, you need to go to Help – Troubleshooting Information; and in Internet Explorer, it’s under the Advanced tab of the Internet Options interface. Please be advised all personalized browsing data will be obliterated as a result of this procedure.
- Registry troubleshooting may be necessary because adware usually creates new registry entries to persevere on the PC. This way, its executable is automatically launched as part of the system startup routine. To access the registry, type ‘regedit’ in the Start menu’s Search box, select the respective command and hit Enter. Then go to Edit and pick the Find option. In the box named ‘Find what’, type the name of the adware and press Enter. To figure out the name, take a look at the ads that are causing issues – there is typically an inscription down at the bottom, for instance ‘Ads by Shopperz’ or alike. If the registry search returns something for that query, do not hesitate to delete those entries.
- Temp folder cleanup is another recommendation that’s worthwhile. Having attacked a computer, PUAs (potentially unwanted programs) tend to download auxiliary components to the Temp directory, which is located on the system volume under AppData – Local. An easy way to access that folder is by typing %temp% in the Search box. Deleting all entries there is safe. File traces of the infection will thus be removed as well.
- ‘Show hidden files’ is a must-enable option. Some adware strains try to thwart removal by hiding their folder. Most of the time, the obfuscated malicious objects lurk inside Program Files or AppData directory. To view and delete those, go to Control Panel, select Appearance and Personalization, and choose Folder Options. Proceed to the View tab, scroll down to Advanced settings, pick the ‘Show hidden files, folders and drives’ option and save the changes. Take a look at the contents of the above-mentioned folders, locate suspicious entries that were recently added, and remove the ones that are related to the adware program.
- Automatic removal of remaining adware traces is strongly advised. No matter how thorough you believe the manual cleaning was, the infection’s fragments are still likely to be scattered across the system. Be sure to use a reliable security suite that proved to be efficient in adware scenarios, such as free Malwarebytes Anti-Malware or AdwCleaner. Run a full scan and get all detected artifacts removed.
Last but certainly not least, a few simple prevention techniques can keep ad-injecting viruses away. First off, treat freeware installations with caution. Most of the known adware samples are distributed through bundling schemes, where a harmless free product and unwanted items go in one package. The presence of dangerous extras is typically mentioned in fine print during the setup, which is why users overlook them. Technically, this is a legal spreading method, but its ethical facet is questionable.
Be careful when using Torrent Trackers. The tactic dubbed Torrent poisoning can be leveraged to distribute malicious code via the P2P protocol. It is currently a growing attack vector. Also, do not install anything recommended by nagging popup alerts on websites, whether it’s a Flash Player update or the “best” movie downloader. All in all, just be prudent when online and steer clear of stuff that looks fishy.
[su_box title=”About David Balaban” style=”noise” box_color=”#336588″]
David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the www.Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.