How do I get rid of this advertising popup that keeps coming back?

If your anti-malware tools removed the malware but this browser hijack keeps coming back, then you might be doing something to invite it back on to your system.

//
I use Windows Vista and my browser is IE9. I have an annoying window that pops up whenever I search for a website. It briefly comes up as (and there’s a domain name here) and then morphs into a window that seems to correspond with a website I searched for and selected. It’s typically advice that I’ve won a prize of some sort. I’ve tried many ways to remove this issue: malware removal, pop-up blocker, and full virus scan. The full virus scan got rid of it briefly but it returned very quickly. How can I get rid of this problem?

The fact that the virus scan fixed this problem at least for a little while tells me a lot. This sounds like a browser hijack.

What’s a browser hijack?

A browser hijack is a type of malware that infects your system. Once downloaded, it waits until you do an internet search; when it sees a page with search results, it updates the results with its own links to advertisements or other websites. No matter what you click on, you see what the malware wants to show you.

If you’re just getting pop-up advertisements, consider yourself lucky. Sometimes, people get redirected to more damaging stuff.

So how do you deal with it?

Fixing browser hijacks

You definitely want to treat this as malware. My first suggestion would be to make sure you’re running up-to-date anti-virus and anti-spyware scans.

It sounds like whatever tool that you’re using worked once before, but I would also consider running Malwarebytes, a free tool available for download at malwarebytes.org. In my experience, Malwarebytes does a good job of catching things that other anti-malware packages sometimes miss.

Once the malware is gone, you want to think about how this happened so it doesn’t come back.

Where is the malware coming from?

If your anti-malware tools removed the malware, but this browser hijack keeps coming back, then you might be doing something to invite it back on to your system. For instance, a browser hijack may happen to someone because they’re:

  • Downloading files or visiting sites that they shouldn’t be.
  • Turning off their real-time anti-malware protection.
  • Using lower quality anti-malware software.

There are many possibilities.

This kind of hack could also happen indirectly. For example, you may visit a website that’s been hacked; it looks fine, but some hacker modified it surreptitiously so it actually downloads malware on your machine.

A website hack is something that most website owners (like me) fear because hackers can target just about any website. It could be a site that you know and trust or one that you’ve simply used for a long time. Although website owners and moderators take steps to prevent these attacks, hacks still happen every now and then. Once a site is hacked and you visit, it’s likely that your machine may be infected.

It’s no one’s fault – not yours or that of the site.

Nonetheless, you still get the malware.

What do I do if problems return?

After you’ve taken the malware off of your computer, my first suggestion is to watch what you’re doing.

If you aren’t doing the things that I’ve bulleted above but your browser is still being hijacked, then you want to keep a careful watch. Track which sites you visit and what you do between the time that the malware was removed and when the browser hijack reappears.

As always, the key to preventing problems like this is vigilance and good anti-malware software that’s up-to-date.  Watch what you do and it’s likely that your browser won’t by hijacked by this malware anymore.

There are 3 comments:

  1. Steve Reply

    My browser has been hijacked, ads popup under highlighted words. I ran Malwarebytes but it was unable to find it, even after updating before I ran the pgm. Are there any alternatives ?

    • Leo Reply

      If this is for every site you visit, then I would make sure malwarebytes is as up to date as possible, and also run scans with your regular anti-virus and anti-spyware tools (again, also as up to date as possible).

      If this is only on one or a couple of sites, it’s very possible it’s nothing more than advertising implemented by those sites.

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.