Removing digital pests and vermin.

Ending up with random software on your machine you never wanted in the first place is annoying as heck.
So-called PUPs (for Potentially Unwanted Programs, although there’s rarely any “potentially” about it) are tools, settings, utilities, browser toolbars, extensions, and other types of software that arrive on your computer as a result of installing something else. PUPs are rarely related to what you’re installing.
I’ll talk a little about prevention, but first, let’s walk through the steps I recommend when you realize you’ve been saddled with software you didn’t ask for and certainly never wanted.

Removing PUPs
To remove PUPs or any unwanted, unexpected software, start with an uninstall via the settings app, and then run Malwarebytes AdwCleaner. This sequence catches the most common PUPs. You can also restore to a backup taken before the PUPs’ arrival. Remember, always choose custom installation to avoid PUPs in the future.
Start with a backup
The steps we are about to take have a small chance of causing problems.
Whenever that’s the case, I recommend you take a full image backup of your machine before you do anything else. That way, you’ll have that backup to restore should anything below go wrong.
Help keep it going by becoming a Patron.
Uninstall the somewhat well-behaved
A number of unexpected toolbars and other applications that show up on your machine are “relatively” well-behaved: they are somewhat easy to uninstall using official methods.
Start in the Windows Settings app, and click on Apps (Windows 10), or Apps -> Installed Apps (Windows 11).

Look for the item by name. Sometimes this can be tricky, as some applications intentionally use obscure names to make them more difficult to remove. The well-behaved items we’re looking for here should be relatively clear. Look for names including the words toolbar or extension in particular, as those are some of the browser-behavior-altering pests that often put us in this scenario.
Click on the item you want to uninstall, and click Uninstall when it appears.
Even if that appeared to work, take the next steps, because in many cases there will be traces left over, and sometimes those traces can reinstall the PUP.
Run Malwarebytes AdwCleaner
AdwCleaner was purchased by Malwarebytes in 2016, but remains a separate tool. You can download it from Malwarebytes here.
AdwCleaner has no installation. Once downloaded, run it and answer Yes to any UAC prompt.

Click I agree to any licensing terms agreement. Click Scan Now.

Once the scan is complete, AdwCleaner will present its scan results.
If you’re not certain what AdwCleaner finds, go ahead and let it clean up anything you don’t recognize by clicking Clean & Repair. (It first warns you that all programs should be closed.)
The ultimate removal
Even with the tools I’ve outlined, and other tools that may also be used or come along later, there’s a real possibility that the unwanted software will still not be completely or successfully removed. This often happens when the PUP is new and the security software makers are catching up to the latest tricks.
It’s worthwhile to consider restoring from a recent backup image. If you have a backup image of the machine from before the pests were installed, you can restore your machine to that image, and they’re gone. No fancy tools are needed, and you needn’t just hope that it works. Restoring to a prior backup works every time.
Assuming, of course, you have one.
Prevention
PUPs and related pests arrive in several different ways, but most commonly they are “offered” to you when you install or update software.
The offer is often hidden and defaults to Yes. The technical loophole is that by choosing this default (or not unchecking the appropriate box) when you install a program, you’re requesting this other software be installed.
Don’t do that.
Whenever you install or update any software — even software you’ve purchased or already have installed — always choose the Custom or Detailed option — whatever option is not the default option.
Then pay close attention to every option you’re presented. If it offers you something that is not clearly related to the software you want, uncheck it. If it offers to change your search page, uncheck it. If it offers to install a toolbar, uncheck it.
You get the idea.
Do this
The bottom line is, if you’re not careful when installing software — even software from reputable vendors — you may end up with things you never expected or wanted.
There’s nothing “potentially” unwanted about it.
Now you know how to avoid it, but more importantly, what steps to take should any of it arrive unexpectedly anyway.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.


Although I have my doubts about “Unchecky,” I do confess to being intrigued by it. Anyone care to furnish a link to it, or must we all muddle through with Google®©™[Pat. Pend.]???
Thanks Leo. I wish to suggest that there is a program named, “Unchecky”. It ferrets out the hidden and insideous foistware and forces the subject (owner) to choose whether he wants he foistware. <>
Here is an article on “Unchecky”.
<>
Unfortunately your link didn’t come through (not everyone gets to do html), but unchecky can be found here: https://unchecky.com/
Malwarebytes is an excellent ‘Second Opinion’ virus scanner.
I don’t think Microsoft disables Windows Defender when Malwarebytes is installed; Malwarebytes claims it ‘works with’ your anti-virus for better security. I don’t believe that, but then again I only run the free version. I neuter its more obnoxious behavior by 1) Open it and click the gear (settings) icon, go to the Account tab and click deactivate, and 2) right-click Malwarebytes icon in the system tray and uncheck “Start with Windows.” That way it does not run all the time, only when you ask it to scan something.
I ran the test. For the two-week trial of their full version it does replace Defender. When the trial is over it behaves properly: it becomes an on-demand scanner and Defender is re-enabled.
Hi
I don’t think this has been picked up by anyone yet, but I could be wrong!
My experience with MalwareBytes and now AdwCleaner is that it finds Iobit software like Advanced System Care as a PUP, and it’s really difficult to stop everything relating to ASC being quarantined. There are some articles about this on the internet.
I understood that ASC was a useful utility to install, but is that not the case now?
Registry cleaners and system boosters often do more harm than good. ASC makes changes to the Registry and programs which do that are considered by some antimalware programs as a potential danger. Here’s what Malwarebytes has to say about it and how to whitelist ASC.
Malwarebytes on whitelisting Advanced System Care
And here’s what Leo’s said about registry cleaners and system boosters:
Do “Fix All Your Windows Problems” Utilities Work?
What’s the Best Registry Cleaner? What to Use, and Not
Thanks Mark
I used to use Malwarebytes free but now the freeware version has become the nagware version. I’ve uninstalled it as I rarely used it and I figure that if I ever need to run it, I can install it run it and uninstall it again. After over a year, I haven’t needed to use it.
I’ve got it installed on my Windows 10 Home demo virtual machine, and honestly it hasn’t been nagging that badly. I installed it here just to see what it did after the two-week trial, and in my opinion so far it’s been behaving quite appropriately. Perhaps they had to learn a lesson or two along the way?
Next time I need to run it, I’ll leave it installed 🙂 .
I am a little concerned about the advice to restore an image to get rid of a PUP. While it will certainly do that, for users who have their data in My Documents or elsewhere on their system drive, it will also wipe out any changes they’ve made to their data since the image was taken–letters, spreadsheets, emails, etc., will all vanish. Seems to me that a warning like that might be in order when suggesting that an image be restored, maybe with a suggestion that recent data be copied elsewhere and then copied back after the image is restored.
That’s one reason that step one is “Start with a backup”. Any files you care about can (carefully) be restored from that backup image.
But copying all the bits and pieces of changed data from their various sources in Program Data, Users, Application Data, and Documents is definitely non-trivial. The need to restore images is a good argument for keeping one’s data on a different drive from the system drive. It does require a bit of planning to make sure that various data which is not in Documents (e.g., profiles, email, calendar, etc.) is maintained on the data drive, but that’s a one-time effort. I’ve done this for years, and I can pretty much restore an image with impunity. I know you’ve covered this in past articles, but it might be worth a repeat discussion, with some how-to info and a discussion of the trade-offs.
In addition to following the admonition above to always use the “Custom” or “Detailed” option, when offered, to deselect PUPs (and PUMs — Potentially Unwanted Modifications) when installing software, for well over a decade I’ve also employed a nifty little free utility named “Unchecky” that I install on every Windows box I service: https://unchecky.com/ (also see
https://www.softpedia.com/get/System/OS-Enhancements/Unchecky.shtml).
Good program. There are a few comments to this article recommending Unchecky.
AdwCleaner can also be downloaded from the Malwarebytes directly, https://malwarebytes.com. Just select the “For Home” and then “View all products”.
I’ve been running the paid version of Malwarebytes for a couple of years in tandem with Windows Security. There is a setting in Malwarebytes that toggles off registering Malwarebytes with Windows Security Center. I haven’t noticed any problems with the two fighting each other, but have been bemused when one picks up on something that the other doesn’t catch. In those situations I search online about the culprit to see what it is and usually just go with the recommended actions.
I’m also grandfathered in with Malwarebytes at the old subscription rates. I would follow Leo’s advice and just use the free version if I were asked for a recommendation today.
Another good article, thanks, Leo.
Good advice but before resorting to a clean reinstall and after doing the other advice mentioned, run SuperAntiSpyware (free). If that doesn’t do it, go to Revo Uninstall. But be very careful when running Revo to check only the bold items!
Hi Leo,
Just a tip. You don’t have to wait until the two-week trial period of Malwarebytes Premium is over after updating the program. You can click on the settings/cog icon in Malwarebytes, click the Account tab and deactivate the license at any time. It immediately reverts to the free version.
Awesome, good to know. (I wanted to actually test its behavior at the two week mark, and it behaved well.)
I use older Thinkpads with Win7 that run 99% of all software fine. I have found that the nagware in the free version interferes with using SnagIt on video calls when Malwarebytes goes out to the web to prepare for its next nag. No more Malwarebytes for me ever again. Got to be a better free alternative out there by now when I need to check for malware.
Windows Defender is a fine antimalware solution.
This article already out on Ask Leo! has recommendations for anti-malware tools, including free anti-virus, anti-spyware and more:
https://askleo.com/security-software-recommend/
That page can’t be found.
Oops! Fixed it.
My father-in-law’s pattern was to install just about anything that caught his eye. To install he would just go all Woody Woodpecker on the Next button until the install was done. I would regularly have to de-crapify his computer after it slowed to a crawl, usually from having several browser toolbars and 2-3 anti-virus programs installed.
While I could not stop him from installing crap apps, i did find a little utility called unchecky that would watch during installs and automatically uncheck almost all of the free offers.
Of course, for serious crapification I would just restore a Macrium Reflect image of his C drive.
Next time, get him a Chromebook. 😉
Unwanted browser extensions don’t show up as apps so they can’t be “uninstalled” like an app can. But browsers can show you all of their installed extensions (go to settings) & you have the option to uninstall them from the browser.
UniGetUI is my tool of choice for third-party software management on Windows 11 Pro 25H2. The app is a graphical wrapper for WinGet, the Microsoft command line software repository as well as many others. I have Scoop, Chocolaty, Pip, PowerShell 7.x, and PowerShell 5.x installed/configured alongside WinGet (the default repository) on UniGetUI, because I use Python, and PowerShell scripts for a few specific purposes (like scanning proposed software updates for malware before I allow them to be installed, which is prompted by the recent malware episodes encountered on various GNU/Linux repositories – Arch’s AUR in particular, and to round out/enhance the selection of software that’s available for installation.
With UniGetUI running in the background, when an update for any third party app that I have installed on my computer becomes available, UniGetUI notifies me so I can permit the update. With it I’ve exported and saved a list of installed apps that I keep up to date, and stored in a folder that’s synchronized with my cloud storage space on Mega.nz so when I inevitably must perform a fresh install of Windows, once the install/setup process and Windows Update are completed, I can install UniGetUI from the command line in the Terminal or PowerShell with ‘winget install marticliment.UniGetUI’, configure it with my choice of software repositories, and get everything installed again with only a few additional clicks.
For me, another advantage of using UniGetUI to install the software I choose to use on Windows is that I never get any PuPs along with the packages I install, and I keep quite a variety of third party apps on my computer, not-so-well-known system maintenance and security focused utilities in particular, and more main stream apps like LibreOffice. The only app I’ve been unable to get and install with UniGetUI has been Greenfish Icon Editor Pro, a graphics app I use to generate custom Windows icon files for stand-alone/portable apps I use. All-in-all, UniGetUI is the only tool I’ve found that’s as flexible and useful or complete for managing the third party software I choose to use, and when I hear of software that I think may be useful, my first move is to search for it with UniGetUI. If it’s not found, my second move is to ask my AI agent if there is a UniGetUI repository that contains it. Only if these two steps fail do I execute an Internet search for the app I’m interested in. By following my procedure, I’ve avoided the need of dealing with PuPs all together since the first time I used it to start downloading new/desired software.
By way of clarity, I have no affiliation with UniGetUI other than that of a very satisfied user, and I get nothing beyond the satisfaction of helping others by posting my honest opinion of this very useful third party package manager, and it’s my hope that something I’ve written here is helpful to others,
Ernie