That's real bad! |
How to (not) install junk programs on your computer.
From time to time people bring their computers to me and they tell me, "It's not working right. I get popups and stuff."
So I slyly ask them, "Did you install anything recently?"
"No, I don't think so." Or they reply, "No, but my [children, cousins, neighbors, etc] used it and when it came back it didn't work right anymore."
Let me guess, you have several toolbars, your home page is either called "MyWebSearch" or "Conduit" and when you click on a link it takes you somewhere unexpected.
So how did you get these programs installed? The unofficial name for them is "PUP" (Potentially Unwanted Programs). I decided to give some illustrations and some removal tips. Perhaps I can save you a few dollars and a trip to the local computer repair shop. Don't worry I don't think I will suffer from a lack of work.
What you need to learn to do is look for extra programs that are trying to "sneak" along with another install. Here are a few...and some are extremely sneaky.
Several culprits
Adobe Flash Player. Flash itself is not a problem but have a look at this:
See the "Optional offers". Even Google likes to get into the act. Simply uncheck the offers.
Ever wonder where McAfee Security Scan comes from?
Java is yet another:
These programs are actually important and useful. 95% (maybe more) of all Windows computer have them installed. But be careful.
Then you have the really sneaky ones:
I decided to download some YouTube video and I found this nifty software called FreeSmartSoft Downloader. Safe? No. I found this in the user agreement :)
Wonder what "supplemental software" is?(c) Support Services.FreeSmartSoft may provide you with support services related to the SOFTWARE PRODUCT ("Support Services"). Any supplemental software code provided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to the terms and conditions of this EULA.
The next series was from an install of PowerISO, something useful but contained a total of 3 junkware installers. In fact Chrome marked it as malicious. (A little side note: The version I downloaded from CNet was clean, this version was straight from PowerISO's site. Nasty.)
BTW Pay attention to things like this. |
Search Protect certainly messes with your internet, it does nothing to protect you. |
I guess you can't call them dishonest, but how do you skip this install? |
Oh, there it is. |
Deja Vu? |
Another sneaky trick played by some "legit" download sites is to put an advertisement on their download page that says "DOWNLOAD NOW". Here is an example from bleepingcomputer.com, I clicked on the download button which took me to the download page complete with an ad that is begging me to download something.
The tricky part is that the download will start automatically, but if you are not observant or impatient and you click on the "Start Download" button you will get the next webpage. |
Not at all what I wanted to download. |
Removal tips
- Go to Programs and Features and begin uninstalling the junk. To find this screen click on your Start button and type: "Programs" and the icon should appear. This part can be a little tricky because some drivers and required system programs can appear here. I look for programs named Search Protect, Default Tab, Coupon [anything], Savings [something], or any other generically named software published by no one familiar (ie. not Microsoft or Google).
- Download, install and run MalwareBytes. Make sure you get it from the right place, especially if you are attempting to download straight to an infected computer. www.malwarebytes.org is the correct site. Download the free version and at the last step of the install uncheck the box that says "Malwarebytes Pro Trial". Next run the Malwarebytes scan and quarantine all the items found.
- Download and run TDSSKiller from Kaspersky. Download from this list. (Sometimes I run this first)
- If you are having trouble downloading or running #3 and #4, you might have to go for the bigger guns. Try scrolling down to the Kaspersky virus removal tool here. Or Emsisoft standalone scanner from here. Just remember my point about the "Start Download" button. This download starts automatically.
- If that doesn't work, maybe you do need professional help. No pun intended.
- There are cases where virus removal leads to other problems. I have had computers where the viruses were removed but the computer was left in a broken state. You may even need to re-install windows or "Reset to Factory".
Prevention Tips
- Use Firefox or Google Chrome. As noted above Chrome marked the one installer as malicious. These are browsers and essentially replace Internet Explorer.
- Find the Adblock extension for Firefox or Chrome. These extension eliminate the ads on the websites you visit. Often times the ads attempt to lure you into clicking on them in order to install their bad programs, and it cleans up the webpage.
- Run an anti-virus, and please make sure it's getting it's updates. If it says your subscription has expired, you are not getting the updates. Yes I have a preference, but I have found that almost any anti-virus is better than no anti-virus. If you like free you can try Avast, Avira, AVG, Panda Cloud, or Microsoft Security Essentials. If you want something better try Norton, GData, ESET, Trend Micro, or F-Secure.
- Be observant. Does it look like a junk program? It probably is.
- Is the site you are visiting a bit sleazy?
- I really shouldn't have to mention this but it is a well known fact that porn sites are big distributors of viruses...'nuf said.
- Buy a Mac, Chromebook, or run Linux...ok most of you won't and that's fine :) They are less susceptible, but not perfect.
Good write-up. I wish it would make a difference.
ReplyDeleteI have found AdwCleaner helpful to recommend to non-technical users for quick-and-dirty PUP removal. Its scans tend to be faster than MBAM although not as thorough.
I have also used CCleaner, not for its registry cleaner, but for its access to startup and task scheduler items. It will occasionally reveal issues that MBAM missed. I don't recommend it for non-technical use, though.
Yes, good point. the other one I found useful is the Junkware Removal Tool. All found on bleepingcomputer.com
Delete