Ending up with random software on your machine you never wanted in the first place is annoying as heck.
So-called PUPs (for Potentially Unwanted Programs, although there’s rarely any “potentially” about it) are tools, settings, utilities, browser toolbars, extensions, and more software installed on your computer as a result of installing something else. PUPs are rarely even related to what you’re installing.
I’ll talk a little about prevention, but first, let’s walk through the steps I recommend when you suddenly realize you’ve been saddled with software you didn’t ask for and certainly never wanted.
Become a Patron of Ask Leo! and go ad-free!
To remove PUPs (and other unwanted, unexpected software), start with an Uninstall via the settings app, then run Malwarebytes free version, then run AdwCleaner. This sequence catches the most common PUPs. You can also simply restore to a backup taken prior to the PUP’s arrival. Remember: always choose custom installation to avoid PUPs in the future.
Start with a backup
The steps we are about to take have a small chance of causing problems.
Uninstall the somewhat well-behaved
A number of unexpected toolbars and other applications that show up on your machine are “relatively” well behaved. By that I mean they are somewhat easy to uninstall using official mechanisms.
Start in the Windows Settings app, and click on Apps.
Look for the item by name. Sometimes this can be tricky, as some applications intentionally use obscure names to make them more difficult to remove. The well-behaved items we’re looking for here should be relatively clear. Look for names including the words “toolbar” or “extension”, in particular, as those are some of the browser-behavior-altering pests often putting us in this scenario.
Click on the item you want to uninstall and click Uninstall when it appears.
We’ll do the next steps even if it appeared to work, because in many cases there will be traces left over. Sometimes those traces can reinstall the PUP.
If you don’t have it already, download and install the free version of Malwarebytes Anti-Malware.
Important: The free version is, at first, a free trial of their paid version. It will nag you to register/upgrade/license the product. You do not need to do so. Simply use the product as described here. After a period of time (two weeks, at this writing) the trial will revert to the purely free version. It may continue to nag you, but it will keep working.
Run the program, if it hasn’t started automatically, and click Scan to perform a scan.
The Malwarebytes scan may take a while.
When it’s complete, you’ll get a notification if you have malware or PUPs.
Even if no actual malware is detected, potentially unwanted programs may still be found. Malwarebytes will show you the entire list. You can review the list if you like, but in general, the next step is to simply quarantine everything. You will likely need to reboot.
A clean scan is your goal.
Note that you may want to uninstall Malwarebytes, as its trial version will have disabled Windows Defender in Windows Security. This isn’t really a problem; you shouldn’t have two fully-featured security solutions running at the same time, and Windows Security knows to step aside when Malwarebytes is installed. That being said, if you don’t plan on keeping Malwarebytes, you’ll probably want to remember to uninstall it when all is said and done. If you don’t, after the trial period it will step aside; Windows Security will resume full real-time protection, and Malwarebytes will remain available for on-demand scans.
It’s possible Malwarebytes may be unable to remove some PUPs. If that’s the case (or even if it’s not), I want you to take one more step.
AdwCleaner is perhaps best downloaded from our friends over at BleepingComputer.com. (AdwCleaner was purchased by Malwarebytes in 2016, but remains a separate tool.)
Speaking of being careful, remember to avoid advertisements that say “Download” or “Free Download.” Those are not the programs you want. The button that I used simply read, “Download Now @BleepingComputer.”
AdwCleaner has no install. Once downloaded, simply run it, and answer Yes to any UAC prompt.
Also click I agree to any licensing terms agreement. Click Scan Now.
Once the scan is complete, AdwCleaner will present its scan results.
If you’re not certain about what AdwCleaner finds, go ahead and let it clean up anything you don’t recognize by clicking Clean & Repair. (It first warns you that all programs should be closed.)
The ultimate removal
Even with the tools I’ve outlined and other tools that may also be used or come along later, there’s a real possibility that the unwanted software will still not be completely or successfully removed. This often happens when the PUP is new and the security-software makers are catching up to the latest tricks.
It’s worthwhile to consider restoring to a recent backup image. Restoring will make these things go away every single time.
If you have a backup image of the machine as it was prior to these pests getting installed, you can simply restore your machine to that image, and they’re gone. No fancy tools are needed, and you needn’t just hope that it works. Restoring to a prior backup works every time.
Presuming, of course, you have one.
The offer is often hidden and defaulted to “Yes”. The technicality is, by choosing this default (or not unchecking the appropriate box) when you install a program you’ve downloaded, you’re requesting this other software be installed.
Don’t do that.
Whenever you install or update any software — even software you’ve purchased or already have installed — always choose the “Custom” or “Detailed” option. Choose whatever option is not the default option.
Then pay very close attention to every option you’re presented. If it offers you something that is not clearly related to the software you want, uncheck it. If it offers to change your search page, uncheck it. If it offer to install some toolbar, uncheck it.
You get the idea.
The bottom line is, if you’re not careful when you install software — even software from reputable vendors — you may end up with things you never expected or wanted.
There’s nothing “potentially unwanted” about it.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!