January 26, 2015

My Big Fat Adware Cleaning

Tips

As a student, I had a part-time job servicing and administrating computers for SMВ customers. Years have passed, but there are occasions when I have to remember those good old days — mostly when I visit relatives who use their PCs daily, but still cannot service them properly.

My-Big-Fat-Adware-Cleaning

A couple of weeks ago, I got a plea for help from one such relative: their laptop, quite powerful and by no means obsolete, had become very laggy. Upon a close examination, I found that ¾ of its computing resources were wasted on five different ‘home page helpers’ and ‘search panels’.

They were accompanied by malicious adware which demonstrated huge and irritating banners on each web page opened. All of these little enhancements were gone in two hours, and my venture was a success – of course, they got an installation of Kaspersky Internet Security as well.

Bring in the ads!

What makes me call this adware malicious? Two reasons: First, it excessively consumes PC resources. Second, and more importantly, it’s a way to show advertisements. Any adware is, in fact, a type of malware, if banners are demonstrated on each web page you launch and it imitates the native content and characteristics of the web page.

Only after visiting websites I am very familiar with did I comprehend the magnitude of the disaster. A half dozen marginal ads were injected into every web page at the bottom or next to the main text. This makes the user think it’s the website’s owner who is greedy and packing every inch of every page with ads.

https://twitter.com/TopSportingTip/status/554575686724489216

This ‘super-useful’ functionality requires up to 300 MB of memory per  browser and consumes up to 2/3 of the CPU’s load. Also of note: There is no universal way to get rid of it.

Going away voluntarily

An attempt to stop the resource-demanding bastards by means of Task Manager was successful… for 10 seconds or so, and then many of them were back and continued devouring the PC’s processing power. Uninstallating through the dashboard had a limited impact as well. Only ‘classy’ programs, like Yandex and Yahoo’s search bars, went voluntarily with their heads held high.

Those two, in fact, appeared to have been consuming a very small part of the system’s resources. Disclaimer: Each of them was not very demanding in terms of processing power, but there were five of them. So, five programs were performing the same tasks and battling for the honor to become the home page.

tons-of-adware

This is what happens to a PC with download.com’s top 10 most popular programs installed simultaneously. Image courtesy of Howtogeek.com

However, no-name ‘search helpers’ were real badass, die-hard pieces of software: They either appeared to be absent from the list of installed programs or were un-deletable, causing an error message to appear every time I tried to press the delete button.

Rude farewell to stubborn programs

Proficient users who are fast and furious can do ‘the finger dance’ (I don’t mean this, GoT nerds), in which one has to manually delete all of an app’s files in three seconds after stopping the task in the PC’s memory. A more efficient method is based on using KVRT, or Kaspersky Virus Removal Tool. This is a free antivirus with basic functionality, which scans a computer infected with a die-hard malware and then cures it.

An efficient deletion method is based on using KVRT, or Kaspersky Virus Removal Tool. This is a free antivirus with basic functionality.

In my case, KVRT deleted two infected adware components and after a reboot, the PC was able to breath some fresh air. I had to get rid of two toolbars and helpers, which luckily offered an uninstall option and were not detected as malware.

One more reboot, and the PC was clean. Once the computer is clean, all you need to do is run simple servicing operations like deleting files from the Temp folders and defragmenting the hard drive.

The root of all evil

Where did all these undeletable malvertising banners come from? It took me mere seconds to figure it out: One quick look at the desktop was enough to get the answer. The desktop contained a couple dozen games, which are mostly given away for free by developers.

infested-games-desktop

Altruism is not a feature of the gamedev community. It is costly to develop a modern game, even a simple one, and they need to raise money somehow. If they do not charge users directly, they are earning their buck somewhere else. It could be through, for instance, a partnership with advertising networks and search engines.

Basically, this is how various ‘search helpers’ and ‘home page protectors’ get onto your computer: through games and freeware. This business model is basically acceptable, but as we’ve seen, the way it works is not ideal.

Generally, PC users don’t care about installing five different toolbars, so this is where healthy competition could be of use: upon spotting a competing toolbar on the PC, an Installation Wizard might notify the user about it in the course of the installation process.

It works fine with antiviruses: often, when installed on the same machine, two antiviruses would not live peacefully. Unless the advertising toolbar developer employs the same approach, regular ‘adware cleaning’ like the one I handled recently will be a service that’s high in demand.

How can you avoid installing adware add-ons?

It is much simpler to prevent adware slipping into your system rather than deleting it. The tips below should help:

  1. Always download apps from the developer’s official web page, and not from software aggregators.
  2. Pay attention to each Installation Wizard window when installing software and un-check all boxes which suggest you installed additional programs.

  1. Hit ‘Advanced Installation’ or ‘Installation Options’ buttons, which usually contain useful options like disabling add-on installation.