Removing digital pests and vermin.
Ending up with random software on your machine you never wanted in the first place is annoying as heck.
So-called PUPs (for Potentially Unwanted Programs, although there’s rarely any “potentially” about it) are tools, settings, utilities, browser toolbars, extensions, and other types of software that arrive on your computer as a result of installing something else. PUPs are rarely related to what you’re installing.
I’ll talk a little about prevention, but first, let’s walk through the steps I recommend when you realize you’ve been saddled with software you didn’t ask for and certainly never wanted.
Removing PUPs
To remove PUPs or any unwanted, unexpected software, start with an uninstall via the settings app, and then run Malwarebytes AdwCleaner. This sequence catches the most common PUPs. You can also restore to a backup taken before the PUPs’ arrival. Remember, always choose custom installation to avoid PUPs in the future.
Start with a backup
The steps we are about to take have a small chance of causing problems.
Whenever that’s the case, I recommend you take a full image backup of your machine before you do anything else. That way, you’ll have that backup to restore should anything below go wrong.
Help keep it going by becoming a Patron.
Uninstall the somewhat well-behaved
A number of unexpected toolbars and other applications that show up on your machine are “relatively” well-behaved: they are somewhat easy to uninstall using official methods.
Start in the Windows Settings app, and click on Apps (Windows 10), or Apps -> Installed Apps (Windows 11).
Look for the item by name. Sometimes this can be tricky, as some applications intentionally use obscure names to make them more difficult to remove. The well-behaved items we’re looking for here should be relatively clear. Look for names including the words toolbar or extension in particular, as those are some of the browser-behavior-altering pests that often put us in this scenario.
Click on the item you want to uninstall, and click Uninstall when it appears.
Even if that appeared to work, take the next steps, because in many cases there will be traces left over, and sometimes those traces can reinstall the PUP.
Run Malwarebytes AdwCleaner
AdwCleaner was purchased by Malwarebytes in 2016, but remains a separate tool. You can download it from Malwarebytes here.
AdwCleaner has no installation. Once downloaded, run it and answer Yes to any UAC prompt.
Click I agree to any licensing terms agreement. Click Scan Now.
Once the scan is complete, AdwCleaner will present its scan results.
If you’re not certain what AdwCleaner finds, go ahead and let it clean up anything you don’t recognize by clicking Clean & Repair. (It first warns you that all programs should be closed.)
The ultimate removal
Even with the tools I’ve outlined, and other tools that may also be used or come along later, there’s a real possibility that the unwanted software will still not be completely or successfully removed. This often happens when the PUP is new and the security software makers are catching up to the latest tricks.
It’s worthwhile to consider restoring from a recent backup image. If you have a backup image of the machine from before the pests were installed, you can restore your machine to that image, and they’re gone. No fancy tools are needed, and you needn’t just hope that it works. Restoring to a prior backup works every time.
Assuming, of course, you have one.
Prevention
PUPs and related pests arrive in several different ways, but most commonly they are “offered” to you when you install or update software.
The offer is often hidden and defaults to Yes. The technical loophole is that by choosing this default (or not unchecking the appropriate box) when you install a program, you’re requesting this other software be installed.
Don’t do that.
Whenever you install or update any software — even software you’ve purchased or already have installed — always choose the Custom or Detailed option — whatever option is not the default option.
Then pay close attention to every option you’re presented. If it offers you something that is not clearly related to the software you want, uncheck it. If it offers to change your search page, uncheck it. If it offers to install a toolbar, uncheck it.
You get the idea.
Do this
The bottom line is, if you’re not careful when installing software — even software from reputable vendors — you may end up with things you never expected or wanted.
There’s nothing “potentially” unwanted about it.
Now you know how to avoid it, but more importantly, what steps to take should any of it arrive unexpectedly anyway.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Although I have my doubts about “Unchecky,” I do confess to being intrigued by it. Anyone care to furnish a link to it, or must we all muddle through with Google®©™[Pat. Pend.]???
Thanks Leo. I wish to suggest that there is a program named, “Unchecky”. It ferrets out the hidden and insideous foistware and forces the subject (owner) to choose whether he wants he foistware. <>
Here is an article on “Unchecky”.
<>
Unfortunately your link didn’t come through (not everyone gets to do html), but unchecky can be found here: https://unchecky.com/
Malwarebytes is an excellent ‘Second Opinion’ virus scanner.
I don’t think Microsoft disables Windows Defender when Malwarebytes is installed; Malwarebytes claims it ‘works with’ your anti-virus for better security. I don’t believe that, but then again I only run the free version. I neuter its more obnoxious behavior by 1) Open it and click the gear (settings) icon, go to the Account tab and click deactivate, and 2) right-click Malwarebytes icon in the system tray and uncheck “Start with Windows.” That way it does not run all the time, only when you ask it to scan something.
I ran the test. For the two-week trial of their full version it does replace Defender. When the trial is over it behaves properly: it becomes an on-demand scanner and Defender is re-enabled.
Hi
I don’t think this has been picked up by anyone yet, but I could be wrong!
My experience with MalwareBytes and now AdwCleaner is that it finds Iobit software like Advanced System Care as a PUP, and it’s really difficult to stop everything relating to ASC being quarantined. There are some articles about this on the internet.
I understood that ASC was a useful utility to install, but is that not the case now?
Registry cleaners and system boosters often do more harm than good. ASC makes changes to the Registry and programs which do that are considered by some antimalware programs as a potential danger. Here’s what Malwarebytes has to say about it and how to whitelist ASC.
Malwarebytes on whitelisting Advanced System Care
And here’s what Leo’s said about registry cleaners and system boosters:
Do “Fix All Your Windows Problems” Utilities Work?
What’s the Best Registry Cleaner? What to Use, and Not
Thanks Mark
I used to use Malwarebytes free but now the freeware version has become the nagware version. I’ve uninstalled it as I rarely used it and I figure that if I ever need to run it, I can install it run it and uninstall it again. After over a year, I haven’t needed to use it.
I’ve got it installed on my Windows 10 Home demo virtual machine, and honestly it hasn’t been nagging that badly. I installed it here just to see what it did after the two-week trial, and in my opinion so far it’s been behaving quite appropriately. Perhaps they had to learn a lesson or two along the way?
Next time I need to run it, I’ll leave it installed 🙂 .
I am a little concerned about the advice to restore an image to get rid of a PUP. While it will certainly do that, for users who have their data in My Documents or elsewhere on their system drive, it will also wipe out any changes they’ve made to their data since the image was taken–letters, spreadsheets, emails, etc., will all vanish. Seems to me that a warning like that might be in order when suggesting that an image be restored, maybe with a suggestion that recent data be copied elsewhere and then copied back after the image is restored.
That’s one reason that step one is “Start with a backup”. Any files you care about can (carefully) be restored from that backup image.
But copying all the bits and pieces of changed data from their various sources in Program Data, Users, Application Data, and Documents is definitely non-trivial. The need to restore images is a good argument for keeping one’s data on a different drive from the system drive. It does require a bit of planning to make sure that various data which is not in Documents (e.g., profiles, email, calendar, etc.) is maintained on the data drive, but that’s a one-time effort. I’ve done this for years, and I can pretty much restore an image with impunity. I know you’ve covered this in past articles, but it might be worth a repeat discussion, with some how-to info and a discussion of the trade-offs.
In addition to following the admonition above to always use the “Custom” or “Detailed” option, when offered, to deselect PUPs (and PUMs — Potentially Unwanted Modifications) when installing software, for well over a decade I’ve also employed a nifty little free utility named “Unchecky” that I install on every Windows box I service: https://unchecky.com/ (also see
https://www.softpedia.com/get/System/OS-Enhancements/Unchecky.shtml).
Good program. There are a few comments to this article recommending Unchecky.
AdwCleaner can also be downloaded from the Malwarebytes directly, https://malwarebytes.com. Just select the “For Home” and then “View all products”.
I’ve been running the paid version of Malwarebytes for a couple of years in tandem with Windows Security. There is a setting in Malwarebytes that toggles off registering Malwarebytes with Windows Security Center. I haven’t noticed any problems with the two fighting each other, but have been bemused when one picks up on something that the other doesn’t catch. In those situations I search online about the culprit to see what it is and usually just go with the recommended actions.
I’m also grandfathered in with Malwarebytes at the old subscription rates. I would follow Leo’s advice and just use the free version if I were asked for a recommendation today.
Another good article, thanks, Leo.
Good advice but before resorting to a clean reinstall and after doing the other advice mentioned, run SuperAntiSpyware (free). If that doesn’t do it, go to Revo Uninstall. But be very careful when running Revo to check only the bold items!
Hi Leo,
Just a tip. You don’t have to wait until the two-week trial period of Malwarebytes Premium is over after updating the program. You can click on the settings/cog icon in Malwarebytes, click the Account tab and deactivate the license at any time. It immediately reverts to the free version.
Awesome, good to know. (I wanted to actually test its behavior at the two week mark, and it behaved well.)
I use older Thinkpads with Win7 that run 99% of all software fine. I have found that the nagware in the free version interferes with using SnagIt on video calls when Malwarebytes goes out to the web to prepare for its next nag. No more Malwarebytes for me ever again. Got to be a better free alternative out there by now when I need to check for malware.
Windows Defender is a fine antimalware solution.
This article already out on Ask Leo! has recommendations for anti-malware tools, including free anti-virus, anti-spyware and more:
http://ask-leo.com/what_security_software_do_you_recommend.html