Ending up with random software on your machine that you never wanted in the first place is annoying as all heck.
Unfortunately, it’s happening more and more. I’d say that PUPs (Potentially Unwanted Programs, although there’s rarely any “potentially” about it), rogue toolbars, and search-engine hijacks are some of the most common issues I see in my inbox.
I’ll talk a little about prevention, but first, let’s walk through the steps I recommend when you suddenly realize you’ve been saddled with software you didn’t know you’d agreed to and certainly never wanted.
Become a Patron of Ask Leo! and go ad-free!
Start with a backup
Even though we have a machine with known unwanted programs installed on it, the steps we are about to take have a small chance of causing problems.
Start by taking a full image backup of your machine, and you’ll have that backup to restore should anything below go wrong.
Uninstall the somewhat well-behaved
A number of unexpected toolbars and other applications that show up on your machine are “relatively” well behaved. By that, I mean they are somewhat easy to uninstall using official mechanisms.
Start in the Windows Settings app, and click on Apps.
Look for the item by name. Sometimes that can be tricky, as some applications are intentionally named obscurely to make them more difficult to remove, but the well-behaved items we’re looking for here should be relatively clear. Look for names that include the word “toolbar”, in particular, as those are some of the browser-behavior-altering pests that often put us in this scenario.
Select the item you want to uninstall and click Uninstall.
We’ll do the next steps even if it appeared to work, because in many cases there will be traces left over, and sometimes those traces simply cause the PUP to be reinstalled.
Important: The free version is, at first, a free trial of their paid version. It will nag you to register/upgrade/license the product. You do not need to do so. Simply use the product as described here. After a period of time (two weeks as this is written) the trial will revert to the purely free version, with some nags remaining, but it will keep working.1
After you open the program, it automatically updates its database. Click Scan Now to perform a scan.
The Malwarebytes scan may take a while.
When it’s complete, you’ll get a notification if you have malware or PUPs.
Even if no actual malware is detected, potentially unwanted programs may still be found. Malwarebytes will show you the entire list. You can review the list if you like, but in general, the next step is to simply quarantine everything. You will likely need to reboot.
A clean scan is your goal.
It’s possible that Malwarebytes is unable to remove some PUPs. If that’s the case (or even if it’s not), I still want you to take one more step.
AdwCleaner is perhaps best downloaded from our friends over at BleepingComputer.com. (AdwCleaner was purchased by Malwarebytes in 2016, but remains a separate tool.)
Speaking of being careful, remember to avoid advertisements that say “Download” or “Free Download.” Those are not the programs you want. The button that I used simply read, “Download Now @BleepingComputer.”
AdwCleaner has no install. Once downloaded, simply run it, and answer Yes to any UAC prompt.
Click Scan Now.
Once the scan is complete, AdwCleaner will present its scan results.
Here you can see that AdwCleaner found something it thinks should be deleted.
If you’re not certain you need it, leave it checked. In other words, go ahead and let AdwCleaner clean up anything you don’t recognize by clicking Clean & Repair. (It first warns you that all programs should be closed.)
Click on Clean & Restart Now.
AdwCleaner will perform its scan and reboot when it’s done. After the reboot, it presents a summary.
The ultimate removal
Even with the tools I’ve outlined, and other tools that may also be used or come along later, there’s a real possibility that the unwanted software will still not be completely or successfully removed. This often happens when the PUP is new and the security-software makers are catching up to the latest tricks.
It’s worthwhile to consider restoring to a recent backup image. Restoring will make these things go away every single time.
If you have a backup image of the machine as it was prior to these pests getting installed, you can simply restore your machine to that image, and they’re gone. No fancy tools are needed, and you needn’t just hope that it’ll work. Restoring to a prior backup works every time.
Presuming, of course, you have one.
The offer is often hidden and defaulted to “Yes”. The technicality is that by choosing this default (or not unchecking the appropriate box) when you install some program you’ve downloaded, you’re requesting this other software be installed.
Don’t do that.
Whenever you install any software — even software you’ve purchased — always choose the “Custom” or “Detailed” option. Choose whatever option is not the default option.
Then pay very close attention to every option you’re presented. If it offers you something that is not clearly related to the software you want, uncheck it. If it’s offering to change your search page, uncheck it. If it’s offering to install some toolbar, uncheck it.
You get the idea.
The bottom line is that if you’re not careful when you install software — even software from reputable vendors — you may end up with things you never expected or wanted.
There’s nothing “potentially” about it.
1: You can uninstall Malwarebytes when you are done. You will need to exit Malwarebytes before doing so, as it seems to prevent the “Apps & Features” panel, described above, from being displayed.