Ending up with random software on your machine that you never wanted in the first place is annoying as all heck.
And unfortunately, it’s happening more and more. I’d say that PUPs (Potentially Unwanted Programs, although there’s rarely any “potentially” about it), rogue toolbars, and search-engine hijacks are some of the most common issues I see in my inbox.
I’ll talk a little about prevention, but first, let’s walk through the steps I recommend when you suddenly realize you’ve been saddled with software you didn’t know you’d agreed to and certainly never wanted.
Uninstall the somewhat well-behaved
A number of unexpected toolbars and other applications that show up on your machine are “relatively” well behaved. They are somewhat easy to uninstall using official mechanisms.
What that means is that we start in Control Panel’s Programs and Features.
Look for the item by name. Sometimes that can be tricky, as applications are intentionally named obscurely to make them more difficult to remove, but the well-behaved items we’re looking for here should be relatively clear. Look for names that include the word “toolbar”, in particular, as those are some of the browser-behavior-altering pests that often put us in this scenario.
Right-click the item you want to uninstall and click Uninstall.
We’ll do the next steps even if it appeared to work, because in many cases there will be traces left over, and sometimes those traces simply cause the PUP to be reinstalled.
If you don’t have it already, download and install the free version of Malwarebytes Anti-Malware. If it comes up, don’t bother selecting the free trial of their premium product. While it’s good and potentially worth the investment, it’s not what you need right now. Stick with the free version.
After you open the program, it automatically updates its database. Click Scan Now to perform a scan.
The Malwarebytes scan may take a while.
When it’s complete, you’ll get a notification if you have malware or PUPs.
Even if no actual malware is detected, potentially unwanted programs – PUPs – may still be found. Malwarebytes will show you the entire list. You can review the list if you like, but in general, the correct next step is to simply quarantine everything. You will likely need to reboot.
A clean scan is your goal.
It’s possible that Malwarebytes is unable to remove some PUPs. If that’s the case (or even if it’s not), I still want you to take one more step.
AdwCleaner is perhaps best downloaded from our friends over at BleepingComputer.com. It’s actually from France, and if you’re not careful, you can easily end up on their French language website (or at least I did). That’s not a big deal if you speak French, I suppose, but I don’t, and I’m guessing many of you do not as well.
Speaking of being careful, remember to avoid advertisements that say “Download” or “Free Download.” Those are not the programs you want. The button that I used simply read, “Download Now @BleepingComputer.”
AdwCleaner has no install. Once downloaded, simply run it, and answer Yes to any UAC prompt.
Once the scan is complete, AdwCleaner will present a message: “Waiting for action. Please uncheck elements you want to keep.”
Click each of the tabs in the results box at the bottom of the AdwCleaner window. This will list each item it has found which it thinks is a candidate for removal.
Here you can see that AdwCleaner found several folder it thinks should be deleted.
If you’re not certain you need it, leave it checked. In other words, go ahead and let AdwCleaner clean up anything you don’t recognize by clicking Clean. It first warns you that all programs should be closed.
It will close many programs, including some that normally start automatically when you log in. AdwCleaner will likely require a reboot when it’s done anyway, so those programs will return then.
AdwCleaner scans, cleans, and presents information on preventing this type of thing from happening in the future, similar to what I’ll discuss below.
You’ll then get a Reboot Required message.
Click OK, and your machine reboots.
After the reboot, AdwCleaner shows you a text file containing the results log of its operation in Notepad.
You can just close Notepad at this point.
The ultimate removal
Now, even with the tools I’ve outlined, and other tools that may also be used or may come along later, there’s a real possibility that the unwanted software will still not be completely or successfully removed. This often happens when the PUP is new and the security-software makers are still catching up to the latest tricks it might be playing.
So, I have to include this to be complete. It’s worthwhile to consider restoring to a recent backup image. Restoring will make these things go away every single time.
If you have a back-up image of the machine as it was prior to these pests having been installed, you can simply restore your machine to that image, and they’re gone. No fancy tools are needed, and you needn’t just hope that it’ll work. Restoring to a prior backup works every time.
Presuming, of course, you have one.
PUPs and related pests arrive in several different ways, but the most common method is by being “offered” to you when you install something else. Often, the offer is hidden and defaulted to Yes. The technicality is that by choosing this default (or not unchecking the appropriate box) when you install some program you’ve downloaded, you’re actually asking for this other software, these PUPs, to be installed.
Don’t do that.
Whenever you install any software – even software you’ve purchased – always choose the “Custom” or “Detailed” option. Choose whatever option is not the default option.
Then pay very close attention to every option you’re presented. If it’s offering you something that is not clearly related to the software you want, uncheck it. If it’s offering to change your search page, uncheck it. If it’s offering to install some toolbar, uncheck it.
You get the idea.
The bottom line is that if you’re not careful when you install software – even software from reputable vendors – you may end up with things you never expected or wanted.
There’s nothing “potentially” about it.