views
Removing Adware in Windows
Boot into Safe Mode with Networking Support. With all removable media (such as CDs and flash drives) removed, restart the computer in Safe Mode. Windows 8 and 10: Press ⊞ Win+X and select “Shut down or Sign Out,” then choose “Restart.” When the computer boots to the login screen, hold down the ⇧ Shift key as you click the power icon. The computer will restart again. When it comes back up, click “Troubleshoot,” then “Advanced Options,” then “Startup Settings,” then “Restart.” At the resulting boot options screen, press the key next to “Safe Mode with Networking” (it will be either F5 or 5, depending on your computer). Windows 7 and prior: Click the Start menu, then click the arrow next to “Shut Down.” Select Restart. Once the computer clicks off and then turns back on, start tapping the F8 key to launch a boot menu. Use the arrow keys to navigate to “Safe Mode With Networking” and press ↵ Enter.
Start your browser to check for rogue extensions or add-ons. Often adware takes the form of browser extensions or add-ons. In Chrome: Click the Chrome menu (in the top right corner of the browser, marked by three horizontal lines) and select “Settings.” Click “Extensions,” then look for any extensions you don’t recognize. If anything looks unfamiliar, click the associated trash icon. Firefox: Check your Add-ons by clicking the Open menu (three horizontal lines) in the top right corner of the screen and selecting “Add-ons.” Now click “Extensions” and look for anything you don’t recognize. To disable an extension, click it once then click “Disable.”
Check your browser start page, search engines and other defaults. Sometimes adware will hijack your browser’s default webpage and search engines. Chrome: Click “Settings” in the Chrome menu, then click “Set Pages” (just below “On Startup”). If you see anything other than a blank page or a page you specifically configured to show up when you start the browser, select the listed site, then press the X to delete. Make sure the Chrome buttons haven’t been messed with. In the same Settings menu, find the Appearance section. Select “Show Home Button.” Now click “Change,” then select “Use the New Tab Page.” Click “Ok” to save your changes. Verify your search engine settings in the Settings menu by clicking “Manage Search Engines” under “Search.” Choose the search engine you use and select “Make default.” Make sure the URL on the right side of the screen matches the name of the search engine! If you see Yahoo.com on the left, but the URL on the right starts with anything other than search.yahoo.com, delete it with the X marker on the screen. Firefox: In the Open menu, select “Options,” then “Restore to Default.” Click OK to continue. To verify Search Engine settings, click the Open menu and select “Options.” On the left bar, click “Search” and set your default search engine to something reputable like Google or Bing. If anything you don’t recognize is listed beneath “One-click search engines,” click it once, then click “Remove.”
See what programs are set to start automatically. Press ⊞ Win+S to launch the search field. Type msconfig into the blank to launch the System Configuration panel. When it appears in the search results, click the file. If you are asked to confirm, select “Yes” or “OK.” Click the Startup tab to see a list of all programs set to start when the computer boots (Windows 8 and 10 users may be redirected to the Task Manager, but the rest of the steps will be similar). Browse through the list and see if anything stands out as adware. It’s a good idea to search the internet from a non-infected computer for the names of anything you don’t recognize—some things may look legitimate when they actually aren’t, and vice-versa. Next to the name of the software you’ll find the company who published it. The companies listed can help you figure out which startup programs are legitimate. To disable anything you don’t recognize, remove the check from the box preceding it (or if you’re on Windows 8 or 10, click the program, then click “Disable”).
Save your settings and restart the computer. If you’re using Windows 7 or earlier, click “Apply,” then “OK.” If you’re using Windows 8 or later, just click the X to close the Task Manager window.
Check for programs that can be uninstalled. If your computer still has pop-ups or intrusive ads upon reboot, see if there’s any software that can be removed by a typical uninstallation. Open the search bar and type Programs and click “Programs and Features” when it appears. In the list of installed software, look for anything you don’t recognize. You can sort the list by install date by clicking on the date at the top of the list. To uninstall a piece of software, click it once, then click “Uninstall.” Restart the computer after uninstalling software.
Run an antivirus scan. Using Microsoft Defender or your preferred antivirus, run a scan to catch any adware programs on your computer. It will let you know that the malicious apps were removed. If you’re unable to remove the adware (this is rare but it happens), write down the name of the adware and proceed.
Get removal instructions from Symantec. In Safe Mode or on a different computer, visit Symantec’s A to Z listing of Malware. This frequently-updated site contains links to removal instructions of nearly every type of adware in existence. Select the first letter of the name of your adware and scroll down until you find it. Click the name of your adware.
Click “Removal” to view instructions. The first set of instructions pertains to users of Symantec security software. If you don’t use their software, scroll to the second step and follow the removal instructions as indicated. All adware is different, and some are more difficult to remove than others. Reboot the computer when you’re finished with all of the instructions on the page that corresponds to your adware.
Run a System Restore. If you’ve made it this far and have not had success removing the adware, run a System Restore to bring your PC back to a date when it was functioning properly.
Removing Adware on a Mac
Block pop-up windows in your browser. This crucial step makes it possible to complete the rest of this method with minimal annoyances. Safari: In the “Safari” menu, select “Preferences.” Click “Security” and select “Block pop-up windows. Deselect “Allow WebGL” and “Allow Plugins.” Chrome: In the Chrome menu (the three horizontal lines), click “Settings,” and then scroll to the bottom to click on “Show advanced settings.” Click “Privacy,” then “Content Settings,” and select “Do not allow any site to show pop-ups.”
Check your browser settings for rogue search engines and extensions. Safari: In the Safari menu, select “Preferences,” then “Extensions.” If anything is listed that you don’t recognize, click “Uninstall.” Now, click to the “General” tab and make sure your default search engine is set to something you recognize. If not, set it to the search engine you use regularly. Safari has some defaults pre-programmed into the software. Choosing Google is a safe bet. Chrome: In the Chrome menu, select “Settings,” then “Extensions.” Click the trash icon next to any extensions you don’t recognize. Next, click “Settings” on the left menu and scroll down to “Advanced Settings” and follow the link. Scroll down to “On Startup” and make sure “Open the New Tab page” is selected. Scroll down to “Search” and click “Manage Search Engines.” Make sure every search engine listed in the top box is one you recognize. Pay special attention to the URL on the right side, as adware programs might pretend to be Google but actually be pointing you to another website. Delete anything suspicious by clicking the X next to the site.
Download Apple Support article HT203987 as a PDF. Because the next steps require the browser to be closed, you’ll need to save the website to your computer. Point your browser to https://support.apple.com/en-us/HT203987. Once the site has loaded, click “File,” then “Print,” then “Save as PDF.” Select your Desktop as the saving location so you can easily find it in a moment.
Use the “Go to Folder” method to locate adware. You’ll be using this action a lot, so try to become familiar with it. Open the PDF file you just created and scroll down to the list of files that begins with /System/Library/Frameworks/v.framework. Highlight the first line in that list of files (it’s the one in the example) and click “Edit,” then “Copy.” Open Finder and click “View,” then “As Columns.” Click “Go,” then “Go to Folder.” Click “Edit,” then “Paste” to paste the file you highlighted previously into the box. Press ⏎ Return to search for the file. If the file is found, drag it to the Trash. If not, copy the next file in the list from the PDF and do the same. Repeat the “Go to Method” with each of the files in the list. When finished, empty the Trash by clicking “Finder,” then “Empty Trash.” Restart the computer.
See if other known Adware is running. If the computer comes back up and there’s still adware, open Finder, click “Applications,” and select “Utilities.” Click “Activity Monitor.” On the CPU tab, click “Process Name” to alphabetize the column and look for processes called either “InstallMac” or “Genieo.” If you see either of these programs running in Activity Monitor, repeat the “Go to Folder” process with the following text: /private/etc/launchd.conf. Once that’s finished, restart your computer again. Return to the Apple PDF and scroll down to “Remove Genieo, InstallMac” and repeat the process with each of the files listed beneath “Restart your Mac.” Once you’ve gone through each file and dragged any necessary files to the Trash, restart your computer. Use “Go to Folder” once the computer comes back up, this time with the file /Library/Frameworks/GenieoExtra.framework. Empty the Trash (in Finder).
Restart the computer. Your computer should now be adware-free. If, when the computer comes back up, it is still infected with adware, you’ll need to install an Adware removal tool.
Download and install Malwarebytes Anti-Malware for Mac. Malwarebytes is the gold standard for at-home adware removal. Click “Download” and choose a location to save the file. Once it has downloaded, double-click the file to run it. If you’re unable to download Anti-Malware for Mac because of the adware, use a different computer to download the installer and save it to a flash drive or CD/DVD. The first time you run Anti-Malware for Mac, you’ll likely be asked if you’re sure you want to open it. Click “Open.” If you see a different message about your security preferences, click the Apple menu and select “System Preferences,” then “Security and Privacy.” On the General tab, click “Open Anyway” and the software will launch. The first time you run Anti-Malware, you’ll be asked for a username and password for your administrator account. Type it and click “Install Helper.”
Click “Scan.” If Adware is found, it will display in a list after the scan is complete. Click the name of the Adware and select “Remove selected items” to delete. Restart the computer and your adware should be removed.
Comments
0 comment