Removing digital pests and vermin.

Ending up with random software on your machine you never wanted in the first place is annoying as heck.
So-called PUPs (for Potentially Unwanted Programs, although thereās rarely any āpotentiallyā about it) are tools, settings, utilities, browser toolbars, extensions, and more software installed on your computer as a result of installing something else. PUPs are rarely even related to what youāre installing.
Iāll talk a little about prevention, but first, letās walk through the steps I recommend when you suddenly realize youāve been saddled with software you didnāt ask for and certainly never wanted.
Become a Patron of Ask Leo! and go ad-free!

Removing PUPs
To remove PUPs (and other unwanted, unexpected software), start with an Uninstall via the settings app, then run Malwarebytes free version, then run AdwCleaner. This sequence catches the most common PUPs. You can also simply restore to a backup taken prior to the PUPās arrival. Remember: always choose custom installation to avoid PUPs in the future.
Start with a backup
The steps we are about to take have a small chance of causing problems.
Whenever thatās the case, I strongly recommend you take a full image backup of your machine before you do anything else. That way, youāll have that backup to restore should anything below go wrong.
Uninstall the somewhat well-behaved
A number of unexpected toolbars and other applications that show up on your machine are ārelativelyā well behaved. By that I mean they are somewhat easy to uninstall using official mechanisms.
Start in the Windows Settings app, and click on Apps.

Look for the item by name. Sometimes this can be tricky, as some applications intentionally use obscure names to make them more difficult to remove. The well-behaved items weāre looking for here should be relatively clear. Look for names including the words ātoolbarā or āextensionā, in particular, as those are some of the browser-behavior-altering pests often putting us in this scenario.
Click on the item you want to uninstall and click Uninstall when it appears.
Weāll do the next steps even if it appeared to work, because in many cases there will be traces left over. Sometimes those traces can reinstall the PUP.
Run Malwarebytes
If you donāt have it already, download and install the free version of Malwarebytes Anti-Malware.
Important: The free version is, at first, a free trial of their paid version. It will nag you to register/upgrade/license the product. You do not need to do so. Simply use the product as described here. After a period of time (two weeks, at thisĀ writing) the trial will revert to the purely free version. It may continue to nag you, but it will keep working.
Run the program, if it hasnāt started automatically, and click Scan to perform a scan.

The Malwarebytes scan may take a while.

When itās complete, youāll get a notification if you have malware or PUPs.
Even if no actual malware is detected, potentially unwanted programs may still be found. Malwarebytes will show you the entire list. You can review the list if you like, but in general, the next step is to simply quarantine everything. You will likely need to reboot.
A clean scanĀ is your goal.
Note that you may want to uninstall Malwarebytes, as its trial version will have disabled Windows Defender in Windows Security. This isnāt really a problem; you shouldnāt have two fully-featured security solutions running at the same time, and Windows Security knows to step aside when Malwarebytes is installed. That being said, if you donāt plan on keeping Malwarebytes, youāll probably want to remember to uninstall it when all is said and done. If you donāt, after the trial period it will step aside; Windows Security will resume full real-time protection, and Malwarebytes will remain available for on-demand scans.

Itās possible Malwarebytes may be unable to remove some PUPs. If thatās the case (or even if itās not), I want you to take one more step.
Run AdwCleaner
AdwCleaner is perhaps best downloaded from our friends over at BleepingComputer.com. (AdwCleaner was purchased by Malwarebytes in 2016, but remains a separate tool.)
Speaking of being careful, remember to avoid advertisements that say āDownloadā or āFree Download.ā Those are not the programs you want. The button that I used simply read, āDownload Now @BleepingComputer.ā

AdwCleaner has no install. Once downloaded, simply run it, and answer Yes to any UAC prompt.

Also click I agree to any licensing terms agreement. Click Scan Now.

Once the scan is complete, AdwCleaner will present its scan results.
If youāre not certain about what AdwCleaner finds, go ahead and let it clean up anything you donāt recognize by clicking Clean & Repair. (It first warns you that all programs should be closed.)
The ultimate removal
Even with the tools Iāve outlined and other tools that may also be used or come along later, thereās a real possibility that the unwanted software will still not be completely or successfully removed. This often happens when the PUP is new and the security-software makers are catching up to the latest tricks.
Itās worthwhile to consider restoring to a recent backup image. Restoring will make these things go away every single time.
If you have a backup image of the machine as it was prior to these pests getting installed, you can simply restore your machine to that image, and theyāre gone. No fancy tools are needed, and you neednāt just hope that it works. Restoring to a prior backup works every time.
Presuming, of course, you have one.
Prevention
PUPs and related pests arrive in several different ways, but the most commonĀ methodĀ is by being āofferedā to you when you install or even update something else.
The offer is often hidden and defaulted to āYesā. The technicality is, by choosing this default (or not unchecking the appropriate box) when you install a program youāve downloaded, youāre requesting this other software be installed.
Donāt do that.
Whenever you install or update any software ā even software youāve purchased or already have installed ā always choose the āCustomā or āDetailedā option. Choose whatever option is not the default option.
Then pay very close attention to every option youāre presented. If it offers you something that is not clearly related to the software you want, uncheck it. If it offers to change your search page, uncheck it. If it offer to install some toolbar, uncheck it.
You get the idea.
The bottom line is, if youāre not careful when you install software ā even software from reputable vendors ā you may end up with things you never expected or wanted.
Thereās nothing āpotentially unwantedā about it.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
I had some PUPs that showed up in Malwarebytes. They were all registry entries. I had Malwarebytes remove them, but they always came back. This is what prompted me to try a few other solutions. When I ran Adwcleaner, it found a few .exe files scattered around in different folders which it removed. After that, the PUP never came back. So even if an antimalware program tells you it removed the problem, It might not have removed all of the problem, and running a few different antimalware programs might be necessary.
Restoring from my backup would have been a lot of work as I wasnāt sure how far back this PUP had been on my machine, so I wouldnāt know which backup I would have had to restore from.
Iām a firm believer in Revo Uninstaller. It seems to do a decent job in removing unwanted BS. But not always. So, against advice from people that know more than I do, I open Regedit and hunt down anything that looks like it has anything to do with my headache, delete the bastoid and anything to do with it and reboot. Thereās multiple places where the insidious sucker install a register entry ā delete all ā reboot. Oh yeah, save your registry somewhere on an external (thumb) drive JIC.
Editing the registry can be dangerous unless you know what youāre doing, but if you understand what you are doing, itās usually ok. A backup is the key.
SuperAntiSpyware, Junkware removal tool (JRT), and Root Killer (RKill) are my go toās. Malwarebytes is good, but SAS finds things it misses and vice versa.
A couple of other things to watch out for. Sometimes the PUP authors will put in a screen with the box checked which uses confusing language which can lead you to believe that it is an important component of the program you are installing and will put in something like Recommended to fool you into thinking itās necessary or useful.
Also, if you have Java installed (generally unrecommended), Oracle and Adobe try to install this kind of crapware on your system every time they updates. So be very careful when installing Java and Flash updates.
Another program to consider is Adobe Flash Player: I have seen it offer Google Toolar+Chrome or McAfee security scan plus: Potentially unwanted software that obviously canāt be removed from a tool. (although I believe McAfee has a removal tool on their website in addition to add/remove programs, or on vista/7/8, programs and features.)
The Adobe Flash player is particularly tricky, because you make the choice of whether to include the PUP before actually downloading the installer. Itās a check box on the download web page. Since this is uncommon, even seasoned ācustom installersā can get bit by it. I have downloaded the PUP version a couple of times. Luckily you still can stop the install once you realize you donāt have the choice to exclude the PUP installation, and go get the correct version. But itās very tricky and sometimes alarming to see that āMcAfee scanner is going to be installedā without the option to say no.
Iāve been using MalwareBytes for some time now and have a lot of confidence in it so was intrigued when you mentioned AdwCleaner. I downloaded and ran it on my XP machine (yes, I know) and reviewed what it found and didnāt see anything that seemed to be interesting. Ran the cleanup and rebooted then got this error: Bootmgr is missing. Restarts a few times same problem. Luckily I had a Macrium recovery CD and was able to repair the bootup but Iām concerned that this product could have deleted something that rendered the machine unbootable.
I too suffered an unexpected ādeletionā. I ran Adwcleaner and because I didnāt recognize any of the 12 items it picked out for quarrantining, I duly quarrantined them. After the reboot my text reader NoteTab lite stopped working. More exactly I couldnāt open any txt document by my usual method of double clicking it. I read the quarrantine log even more carefully and could not decipher a related, deleted item. So, I restored all the quarrantined items, rebooted and my txt reading came back. I have no idea why, the program did not explain, and I wonder if other facilities had been lost which I hadnāt found.
One thing about AdwCleaner is that it works in a way similar to antimalware programs and therefore relies on antiadware definitions. AdwClenaer will not run if it is 10 days old: it will link you to itās homepage. Bleeping Computer must keep up as well.
I was unchecking boxes before I was old enough to grasp the concept of advertising: I declined things in a very mild āNo Thank youā kind of attitude without questioning why the products was offered. For years I took unchecking completely for granted, but recently I found out that people fly through installations without thinking.
This might be of some interest to you:
http://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx (How Microsoft antimalware products identify potentially unwanted software)
I like their number one unwanted behavior, āLack of Choice.ā That takes it right out of āpotentiallyā unwanted and straight into unwanted!
Unwanted behavior: The software runs unwanted processes or programs on your PC, does not display adequate disclosures about its behavior
Advertising: The software delivers out-of-context advertising that interferes with the quality of your computing experience, regardless of whether you consented to this behavior or not.
Advertisements: The advertisement should not mislead you into visiting another site or downloading files.
All of these examples could be used to describe the GWX campaign MS is running on everyoneās PC.
My thought exactly, Brian McD!
I use both Malwarebytes, and Revo Uninstaller. Revo will find all of the registry entries and remove them for you. When using MWB and finding that the problem is not solved when you reboot means that you have to restart in ā safe mode Without networking ā and run the program again. This almost always works.
Leo, I have never thanked you for the many wonderful articles that you provide to help us be more informed users. Today, I just couldnāt help myself from responding to your fun alliteration (Pesky / Problematic / Painful / Potentially Unwanted Programs or PUPs). You make what could be dry, unappealing information into stuff I want to read ā aw, shucks ā couldnāt do an alliteration myself :(. Anyway, thanks again and again!
Doesnāt everyone have System Restore? Leo, Iād have thought that should be your first solution. Assuming one spots the foistware as it comes in or very soon afterwards . . . Whenever I click on a link that takes an age (about 1 minute before anything comes up) ā and the computer totally jams up so I get āNot Respondingā all the time ā I get the sinking feeling in my stomach that the computer is being hijacked so Iām inclined to run System Restore every single time. Apparently it works (though I never actually see whatās been added or removed!) . . . So isnāt S.R. the complete solution for everyone? Isnāt it on everyoneās computer? . . . (Or is it just a feature of X.P.? ā In which case, yet another reason for staying with X.P. I would have thought!!)
System Restore is great when it works, but it has so many problems, that itās not good to rely on it as a solution. Even if it works, it wonāt necessarily remove every kind of foistware.
http://askleo.com/why_i_dont_like_system_restore/
Iāll point you at this article: Why I donāt like System Restore
Another terrific article Leo, thank you. I will definitely be saving this one.
Thanks Leo for the update. Iām currently using MSW 8.1 non-touch on my new computer. I use Malwarebytes because for some reason manufacturers are bundling in quite a lot of ridiculous programs on new computers right out of the box. It took me a few days to set up using Defender, CCleaner, and Malwarebytes. I also used Microsoftās forums to figure out how to fix the display.
After reading the update on this page, I tried downloading AdwCleaner, but my computer stopped the installation. Should I turn off real-time protection and install anyways? Or should I simply rely on the software Iām using sans AdwCleaner?
AdwCleaner is a standalone program that doesnāt have to be installed. Just run it and it should work. If it doesnāt Iād download it again and see if it runs. There should be no need to disable your real-time protection unless for some reason your AV complains about AdwCleaner.
I had to turn off my virus scanner to let Adwcleaner run. If it wasnāt for my longstanding trust for Leoās advice, I would have hesitated. It actually found a few minor things, but it also deleted my OpenDNS software. So it isnāt totally foolproof either.
Restoring from backup is the best solution; if not the only solution, certainly the safest. But it may not be easy to get your data back to where you want it. Step one in any restore is to take a new backup of all your data, and preferably a full image backup, in case you donāt know exactly where all your data resides. Then restore the whole system from an older backup, then restore your data from the immediate backup. Depending on what applications youāre using, if you donāt know exactly what youāre doing you could really make a mess of things. Outlook or Live Mail alone can be nightmares. Proceed with care, take precise notes, test everything, and be prepared to start over.
I also use hitman pro and scan my computer. You can get a one time usage. There is one for system 32 and 64. I also download Web of Trust and put that in each browser.
This kind of thing is so prevalent anymore that I take the sandbox approach. I use Toolwiz which is a good freeware program that has several good tools and features, but the best is their Timefreeze. Start it before installing anything at all questionable, if the results from the install are not what you expected or wanted, just roll it back to before you did the install. If the install was OK you can turn off the timefreeze and continue. As with everything else this is not a perfect solution but seems to be the best approach for me.
Leo, I commend you for your information on PUPS and Malware, it has been most enlightening. I have been assisting retired folks computers for some years now and your recommendations are most helpful in assisting me in maintaining their PCās, mine included.
Many thanks.
Thank you for this article. I thought I had cleaned my PC of this stuff but your suggested program found more of it!!!! May I suggest a free software app which runs in the background called āUncheckyā it unchecks all those unwanted bits before you instal. If you try to instal anything with checks in it it will warn you.
I never heard about Unchecky till I read your comment. I Googled it and one of the results was CNET. I wonder if CNET bundles it with malware :-).
One thing I have learned over the years, is that CNET ( or itās derivative Downloads . com ) are not to be trusted at all. Almost everything at DL.C is infested with malware. Do the extra work, and find the original sites for any free programs that you think you might need.
Spot onā¦lots of questionable stuff on CNET. I try to use the software publisherās site.
Iāve written on this before: Is it safe to download from download sites?
The way around Unchecky would ve for some wise-guy PUP-maker to say, for example,
[ ā ] No, DONāT install my marvellous FoistWare Pro v 18.42 (10-Day Trialware, $482.17 USD/month afterwards) !!!
So, Unchecky ādoes its thing,ā and the next thing you know, youāre shelling out $500 a month for software you never wanted!!!
I have seen options worded that way, (though without that particular pricing
). Never thought of as āUnchecky baitā.
I donāt think any PUP creator or bundler would go to the effort to create Unchecky bait. Those sound more like distracted user bait.
Agreed.
Did the above and adw cleaner wiped out an important program packed with needed data and now google chrome wonāt open. More fool me I guess.
I love ninite.com for installing and updating program like Java. No toolbars, no clicking next, just installs. I use the pro version to push out these updates at work.
Leo, one commentator stated, āRan the cleanup and rebooted then got this error: Bootmgr is missing.ā I donāt think that AdwCleaner actually caused this problem. Do you think so? Also I have read many reviews on AdwCleaner and the only consistent negative item that many people have stated is that it wipes out the settings for the Chrome browser. I donāt use Chrome. Firefox is my default browser so I am not concerned with that one negative aspect of AdwCleaner but I would be concerned if it deleted my Bootmgr.
I donāt have enough experience yet with AdwCleaner to rule it out, but I agree ā it seems unlikely. But of course I donāt have another explanation since we donāt know the entire story of whatās been done to the machine or itās overall state of health.
THANK YOU. I was having an issue with unwanted pop-ups and hyperlinks and found out it was PureLeads causing the problem. I was able to uninstall it with the control panel, as you did.
Download Unchecky it Works
Thank you for the great information on PUPS and other malware. My computer was clean but my wife downloads games and recipes with the result that it sometimes took 30 minutes to get online because of the ad-ware. Once installed the two free programmes you recommended did a fantastic job. My wife is happy to have a useable computer again. I always look forward to receiving your newsletter. Thank you again.
Bill.
takes it a few steps further,,,, remember to run every update the MS offers,,,, you can also get one of the program checks/update programs like patch my pc,,,, at least it will check flash and Java if nothing else,,,, AND REMEMBER AFTER YOU CLEAN OFF THE JUNK,,, DELETE THE PREVIOUS SYSTEM RESTORES AND MAKE A COUPLE OF NEW ONES,,,, :)
http://malwaretips.com/blogs/malware-removal-guide-for-windows/
Iām glad it worked.
MalwareBytes ALSO misses alot that MSE missesā¦most of the time when I run either, nothing shows up be it a virus, PUP etcā¦where other programs that are well known and Ask Leo has recommended DO find and I am able to remove.
Looking forward to receiving the newsletter
The AdwCleaner can remove things that you donāt want removed and there isnāt a choice beforehand. AdwCleaner removed a folder from my Favourites folder that I had put together for finding things like reverse addresses, telephone numbers etc. I think I made the mistake of calling it āSearchā and it was a subfolder of the Favorites Bar. Other than that it seems to have done no other harm and removed a couple of things that mbam missed.
You mention CCleaner somewhere. I use it regularly, but only the upmost (āwipeā) option. I have been a little hesitant to use the āregisterā option. Can you recommend that I accept all the corrections to the register which CCleaner suggests, without having to be afraid that problems result (never got problems with the āwipeā option) ?
I tend to avoid registry cleaners as a rule ( https://askleo.com/whats_the_best_registry_cleaner/ ). If you must run one, BACK UP FIRST. :-)
āIf youāre not certain you need it, leave it checked. In other words, go ahead and let AdwCleaner clean up anything you donāt recognize by clicking Clean.ā ā Sorry, but I think thatās bad advice. While AdwCleaner is certainly effective, it also seems to be somewhat aggressive and Iāve seem numerous mentions of it causing problems, especially when used incautiously. And those problems can be quite serious ā for example, Iāve seen several mentions systems being rendered unbootable by AdwCleaner. Even one of the comments above talks about it causing problems: āI downloaded and ran it on my XP machine (yes, I know) and reviewed what it found and didnāt see anything that seemed to be interesting. Ran the cleanup and rebooted then got this error: Bootmgr is missing. Restarts a few times same problem.ā
A better option would be to research items detected by AdwCleaner prior to deletion to make sure that they are indeed things that should be deleted. And, of course, to create a backup prior to running it.
I agree with you Ray. Iām no techie and I have no idea what these folders and registry entries mean. Leo cautions about registry cleaners, but then says to go ahead and let AdwCleaner do its thing. What?!! AdwCleaner found so many registry entries I was afraid to let it clean anything. So Iām back to square one. My question is this: How does a āregular guyā not a ācomputer whizā know which folders/files/entries are important and which are not? Iām not ready to gamble and find out my computer wonāt work after running AdwCleaner. Due to my ignorance I always err on the side of caution, hence Iām sure my computer is loaded with PUPs.
In your shoes, Iād back up the data, restore the system using the recovery partition, reinstall the software and then restore the data from the backup. This is the #1 best option. The #2 best option is to create an image backup ā using the utility that comes with Windows or an app like Macrium Reflect ā and, once youāve done this, let AdwCleaner do its thing. If it doesnāt work out well ā and likely will work out well ā you can use the backup to get your computer back to the exactly how it was prior to running AdwCleaner.
That said, you really need to think about how this stuff is finding its way onto your PC and stop it from happening. The vast majority of malware infections ā more than 99% ā happen due to 1) carelessness with email attachments; 2) the operating system or apps not being kept up to date; or 3) being installed side-by-side along with some other application. If you take action to address each of these things, thereāll be a close to zero chance of your PC being infected in future.
The backup technique I use, especially now that Samsung SSD are more affordable, for all your readers to consider. FIRST, use Leoās recommended cleaners, update all programs, and optimize your primary SSD. NEXT, in my case, I unplug the SATA DVD burner, and plug in a new SDD. (120Gb is right size for me [@$70 Amazon]ā¦I use a large, standard, back up internal hdd: Therefore NOTHING is saved in C:\ W10 Libraries!!). THEN Computer Management to partition/format new SDD. FINALLY using free Macrium Reflect I simply CLONE my primary SDD onto the back up SDD!!! LAST, sticky-note the date on the back up SDD, put it in the box it came in, and store it in a safe place. IF my primary SDD ever crashes, all I have to do is plug in my back up SDD!!!
Side note: My wifeās laptop hdd died so I put in my back up SDD and away she went!! FORTUNATELY she saves all her IMPORTANT files on a thumb drive. Ordered my another Samsung 120Gb SDD and repeated back up technique I describe above!!!
i must be pretty careful because there was nothing in the box after the scan. but i run an MBAM scan and an MSE scan 3 or 4 times a week. and i also clear my cashe and cookies and do a disk clean too almost daily after logging off everything. so that`s probably why.
Thanks Leo, i`ve been with you for years and don`t regret one minute of it.
āI also clear my cashe and cookies and do a disk clean too almost daily after logging off everything. so that`s probably why.ā ā You know, while thereās nothing wrong with doing this, thereās really not much point in doing it either. It does nothing whatsoever to prevent malware infections and isnāt the reason that your MBAM/MSE scans are coming up clean. Nor does clearing the cache speed up either your PC or browsing. In fact, itās probably slowing things down somewhat. Windows caches stuff in order to speed up your browsing and, if you clear the cache, you prevent that from happening.
Clearing cookies might prevent some tracking cookies from showing up in MBAM, but those are harmless and in a way a kind of false positive. Clearing cookie is rarely a good idea as you will be forced to log in again to all of your websites.
Iām not sure that MBAM even detects cookies, does it?
I could be wrong, but I thought it finds tracking cookies.
It doesnāt and never has detected cookies. SUPERAntiSpyware does, but does not do well at detecting actual malware.
Tried ADWClearner twice and both times it locked up my computer when it was supposedly doing the clean. Didnāt have that much to do, so Iām not sure why it would do that, but I had to do a soft reset in order to get the computer to do ANYTHING. Deletedā¦
CAUTION using AdwCleaner: Before you scan, check the Options drop-down menu and UNCHECK EVERYTHING, otherwise many important settings on your computer can be reset. Another caution: After first use, AdwCleaner creates a settings.ini file under C:\AdwCleaner. If this settings file is deleted by accident, AdwCleaner will start again with the default options and can possibly reset your computer settings. So, check Options every time before a scan.
I find SpywareBlaster is a real help, stops a lot of nasty stuff getting there before hand.
Also, be aware some supposedly āreputableā companies add PUPs to their offering. Iām looking at you, NVidia!
In Windows 10 when you click on the Windows logo (start button) and then click on All Apps, note if there is the word NEW. This means that something new has been installed on your computer. Go down the list of Apps until you come across NEW beside an App. If you didnāt install this yourself, it very well could be a PUP or other unwanted software. If there is an uninstall, uninstall if you donāt want it then check in the Control Panel, Programs and Features to see if it is there. It very well could be even if you had chosen to uninstall. You may or may not be able to uninstall from the Control Panel. If that is the case, give CCleaner a chance to uninstall the App. Items show up in CCleaner that do not show in Programs and Features. Use the uninstall supplied by CCleaner.
An example of the above was installed during Windows Update (it wasnāt there previously). It was called Microsoft Solitaire Collection. I did not ask for it, have not visited the store, but there it was in my list of apps. There was no uninstall nor did it show up in Programs and Features. CCleaner however uninstalled it. At the same time I uninstalled Xbox as I donāt have one and never will as far as I can see. Xbox was not available to uninstall in Programs and Features but CCleaner showed it and uninstalled it.
I know you tend to emphasize free programs but I just thought that Iād put in a plug for Acronis True Image Home. Iāve been using it quite happily for six years
Leo used to recommend Acronis TrueImage. This article explains why he switched to Macrium Reflect.
http://ask-leo.com/acronis_trueimage_home_backup_software.html
Hi, This is the maximum that one could get away with nasty tool bars. But i do not know about some programs which would ask you to close your browser, and installing something, of which we do not know what it involves.It will also sidetrack you by giving some attractive dubious advertisements. Once you downloaded , it would have injected and the program icon would not be shown anywhere.
By the time you search with the exe file, you may find your computer is having changed search engine, and also malicious programs that disguise as svchose.exe , ultimately connected to the computer and do the herculean task of repairing all your applications .
Just do not download anything from sites like {removed}coms. Those are waiting you to click and suffer
Another vote for āuncheckyā. Has saved my life more than a couple of times and seems infallible, despite my deliberately having done some VERY naughty downloads (immediately after a full backup of course!!) by way of a test.
Adwcleaner removed RegistryCleanerKit by Uniblue and YouTube Downloader. Had to re-install both But it did delete many other programs of which I was not aware.
Those are often confused as malware, as they comes bundled with some nasty PUPs, and if you donāt carefully read the misleading installation screens, youāll get the foistware.
Iād advise against using RegistryCleanerKit or, for that matter, any registry cleaner. Such apps do not improve performance and nor do they usually solve problems. They can, however, create a whole bunch of problems by deleting things that shouldnāt be deleted. In other words, the benefits are pretty much zero and are far, far outweighed by the risks.
Malware Bytes AntiMalware: Once I downloaded the āFreeā version you recommended, it installed it as a ātrial Freeā version and then gave a message later after some time (I do not how long) that my trial period expired and it did not run. I restarted, uninstalled, ran Registry Scan cleaner, then restarted and downloaded the āfreeā version again, but it did not work due to same message above! I even ran from an older stored image, and that also did not work as it recognized the current date, so I removed that āolderā copy.
So, it is not really FREE as you described it! Your comment?
It appears that you downloaded the free trial version instead of the free version. There is a completely free version. It should be available using this link:
https://www.malwarebytes.org/dl-confirm/
Itās the same download for both versions. You simply choose whether to run it in trial mode during the install ā and if you select that option, it automatically reverts to free mode at the end of the trial period (unless you pony up, of course).
Thereās free and paid versions of MBAM: the paid version runs in real-time; the free version is simply an on-demand scanner. When you first install MBAM it, you have the option of choosing to run it in paid mode for a trial period (which is what I assume you did). At the end of that trial period, it automatically reverts to the free version.
On a separate note, registry cleaners arenāt really a good idea. They really donāt serve any useful purpose, but can cause all sorts of problems.
There is a truly free version, and thatās what I intended for you to use.
I was glad to see *prevention* emphasized. But the purveyors of PUPs are getting very creative and Iāve inadvertently ended up with an unwanted toolbar (or worse) after an installation. Thatās why I also rely on Ruiwareās WinPatrol Plus. It has many useful features and alerts me to PC changes, providing opportunity to deny unwanted programs/changes before they actually install. They have two other helpful programs, WinPrivacy and WinAnti-Ransom. These supplement whatever security suite is on board.
An abundance of caution is always needed about software installations. And program updates ā especially those tagged as being for security ā must be done religiously. I donāt like the fact that Windows 10 updates on its schedule, not yours. In the past Iād frequently initiate Windows Update manually, select what seemed to be warranted, get the download, and let it install-reboot before continuing with my engineering work. Now it could be days between a critical update being released and when my PC gets it.
Finally, Iāve used your recommended MBAM Free and CCleaner Free for years and consider both of them to be essential PC tools. THANKS for the info on AdwCleaner, as I was not familiar with it.
āI donāt like the fact that Windows 10 updates on its schedule, not yours. In the past Iād frequently initiate Windows Update manually, select what seemed to be warranted, get the download, and let it install-reboot> ā You can still check for updates manually and schedule the restart.
http://www.howtogeek.com/221903/how-to-schedule-restarts-for-updates-in-windows-10/
Before doing any process that looks at every file on the drive, I run the free version of cCleaner (www.piriform.com) to get rid of thousands of unneeded files. Fewer files to scan=faster scan.
I downloaded AdwCleaner using āDownload Now @BleepingComputerā as recommended. However, before I executed it I had the file scanned by VirusTotal at https://www.virustotal.com. This resulted in findings of āMalware.Undefined!8.C-HzyytRqxDXR (Cloud)ā and āTrojan.Generic ā and now I am afraid to run it.
Are these true positives indicating an infected file that should be eliminated or false positives meaning I can use it, or something else entirely?
Itās a false-positive, for sure. That said, Iād recommend not using AdwCleaner unless you believe that your system has been compromised. As I said above, while itās certainly an effective removal tool, it does have the potential to cause problems.
When I used to run gmail on google chrome I always ended up with 7 or 8 pups. Never hardly ever have them when I run gmail on Firefox. Needless to say I never install chrome anymore.
Iāve just run Adware Cleaner. It found one problematic program, Freemake, which I donāt think is malware and was left alone.
Then I ran Malwarebytes. Took MUCH longer, and found five problems, none of which were Freemake, but all of which looked unsavory and were OKed to be deleted/quarantined.
My conclusion: Forget AWC, stick with MWB. Iāve twice now seen MWB find about 500 PUPs on client computers, after which they ran much faster.
AdwCleaner gets some adware that Malwarebytes misses. Freemake is legit, but it comes bundled with garbage. Thatās possibly why it was flagged by AdwCleaner.
JRT (Junkware Removal Tool) catches a few things that neither MBAM nor AdwCleaner does.
Some time ago, I had a long-running battle with a certain toolbar. It was so dubious even Windows Defender recognized it and disabled it. This was fine ā I could find it and remove it (manually, it had no āuninstallā as such) until one day I tried to install an anti-virus program from a company I had previously trusted and used. Lo and behold, this toolbar got installed again, and got disabled again by windows. Trouble was, the anti-virus program refused to run without it. This effectively destroyed this companyās reputation for me, and I found a different company to protect my system.
Whatās the deal with uninstalling bundled software; how did it get so complicated? On a new Dell PC, after I login as the main user and uninstall a bunch of stuff, like MS Office Trial (which Dell installed) or Skype, News, Weather, Sway (which I assume Microsoft installed) the next user that logs in to that PC sees everything I just uninstalled. Very frustrating. I know thereās Powershell hacks out there but I refuse to use them because they typically donāt work and frankly, itās too many hoops to jump through (meaning, I can teach other users to do it). Any opinions?
I have decided to move away from Malwarebytes. I can install in if I have any problems with PUPs and then remove it afterwards. Malwarebytes seemed to cause problems with Windows Defender after I updated to Windows 10 version 1903.
I will use Microsoft software like Windows Defender, the Windows firewall, The Malicious Software Removal Tool, Process Explorer at Tech.net, RKill and AdwCleaner from Bleeping Computer, and the ESET online scan.
Also there is a way to have Windows Defender be more effective against PUPs. I saw an article about that at Howtogeek.
Although I have my doubts about āUnchecky,ā I do confess to being intrigued by it. Anyone care to furnish a link to it, or must we all muddle through with Google®©ā¢[Pat. Pend.]???
Thanks Leo. I wish to suggest that there is a program named, āUncheckyā. It ferrets out the hidden and insideous foistware and forces the subject (owner) to choose whether he wants he foistware. <>
Here is an article on āUncheckyā.
<>
Unfortunately your link didnāt come through (not everyone gets to do html), but unchecky can be found here: https://unchecky.com/
Malwarebytes is an excellent āSecond Opinionā virus scanner.
I donāt think Microsoft disables Windows Defender when Malwarebytes is installed; Malwarebytes claims it āworks withā your anti-virus for better security. I donāt believe that, but then again I only run the free version. I neuter its more obnoxious behavior by 1) Open it and click the gear (settings) icon, go to the Account tab and click deactivate, and 2) right-click Malwarebytes icon in the system tray and uncheck āStart with Windows.ā That way it does not run all the time, only when you ask it to scan something.
I ran the test. For the two-week trial of their full version it does replace Defender. When the trial is over it behaves properly: it becomes an on-demand scanner and Defender is re-enabled.
Hi
I donāt think this has been picked up by anyone yet, but I could be wrong!
My experience with MalwareBytes and now AdwCleaner is that it finds Iobit software like Advanced System Care as a PUP, and itās really difficult to stop everything relating to ASC being quarantined. There are some articles about this on the internet.
I understood that ASC was a useful utility to install, but is that not the case now?
Registry cleaners and system boosters often do more harm than good. ASC makes changes to the Registry and programs which do that are considered by some antimalware programs as a potential danger. Hereās what Malwarebytes has to say about it and how to whitelist ASC.
Malwarebytes on whitelisting Advanced System Care
And hereās what Leoās said about registry cleaners and system boosters:
Do āFix All Your Windows Problemsā Utilities Work?
Whatās the Best Registry Cleaner? What to Use, and Not
Thanks Mark
I used to use Malwarebytes free but now the freeware version has become the nagware version. Iāve uninstalled it as I rarely used it and I figure that if I ever need to run it, I can install it run it and uninstall it again. After over a year, I havenāt needed to use it.
Iāve got it installed on my Windows 10 Home demo virtual machine, and honestly it hasnāt been nagging that badly. I installed it here just to see what it did after the two-week trial, and in my opinion so far itās been behaving quite appropriately. Perhaps they had to learn a lesson or two along the way?
Next time I need to run it, Iāll leave it installed :-) .
I am a little concerned about the advice to restore an image to get rid of a PUP. While it will certainly do that, for users who have their data in My Documents or elsewhere on their system drive, it will also wipe out any changes theyāve made to their data since the image was takenāletters, spreadsheets, emails, etc., will all vanish. Seems to me that a warning like that might be in order when suggesting that an image be restored, maybe with a suggestion that recent data be copied elsewhere and then copied back after the image is restored.
Thatās one reason that step one is āStart with a backupā. Any files you care about can (carefully) be restored from that backup image.
But copying all the bits and pieces of changed data from their various sources in Program Data, Users, Application Data, and Documents is definitely non-trivial. The need to restore images is a good argument for keeping oneās data on a different drive from the system drive. It does require a bit of planning to make sure that various data which is not in Documents (e.g., profiles, email, calendar, etc.) is maintained on the data drive, but thatās a one-time effort. Iāve done this for years, and I can pretty much restore an image with impunity. I know youāve covered this in past articles, but it might be worth a repeat discussion, with some how-to info and a discussion of the trade-offs.
In addition to following the admonition above to always use the āCustomā or āDetailedā option, when offered, to deselect PUPs (and PUMs ā Potentially Unwanted Modifications) when installing software, for well over a decade Iāve also employed a nifty little free utility named āUncheckyā that I install on every Windows box I service: https://unchecky.com/ (also see
https://www.softpedia.com/get/System/OS-Enhancements/Unchecky.shtml).
Good program. There are a few comments to this article recommending Unchecky.
AdwCleaner can also be downloaded from the Malwarebytes directly, https://malwarebytes.com. Just select the āFor Homeā and then āView all productsā.
Iāve been running the paid version of Malwarebytes for a couple of years in tandem with Windows Security. There is a setting in Malwarebytes that toggles off registering Malwarebytes with Windows Security Center. I havenāt noticed any problems with the two fighting each other, but have been bemused when one picks up on something that the other doesnāt catch. In those situations I search online about the culprit to see what it is and usually just go with the recommended actions.
Iām also grandfathered in with Malwarebytes at the old subscription rates. I would follow Leoās advice and just use the free version if I were asked for a recommendation today.
Another good article, thanks, Leo.
Good advice but before resorting to a clean reinstall and after doing the other advice mentioned, run SuperAntiSpyware (free). If that doesnāt do it, go to Revo Uninstall. But be very careful when running Revo to check only the bold items!
Hi Leo,
Just a tip. You donāt have to wait until the two-week trial period of Malwarebytes Premium is over after updating the program. You can click on the settings/cog icon in Malwarebytes, click the Account tab and deactivate the license at any time. It immediately reverts to the free version.
Awesome, good to know. (I wanted to actually test its behavior at the two week mark, and it behaved well.)
I use older Thinkpads with Win7 that run 99% of all software fine. I have found that the nagware in the free version interferes with using SnagIt on video calls when Malwarebytes goes out to the web to prepare for its next nag. No more Malwarebytes for me ever again. Got to be a better free alternative out there by now when I need to check for malware.
Windows Defender is a fine antimalware solution.
This article already out on Ask Leo! has recommendations for anti-malware tools, including free anti-virus, anti-spyware and more:
http://ask-leo.com/what_security_software_do_you_recommend.html