{"id":4505,"date":"2015-01-26T10:00:22","date_gmt":"2015-01-26T15:00:22","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4505"},"modified":"2020-02-26T18:59:32","modified_gmt":"2020-02-26T14:59:32","slug":"my-big-fat-adware-cleaning","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/my-big-fat-adware-cleaning\/4505\/","title":{"rendered":"My Big Fat Adware Cleaning"},"content":{"rendered":"

As a student, I had a part-time job servicing and administrating computers for SM\u0412 customers. Years have passed, but there are occasions when I have to remember those good old days\u00a0\u2014 mostly when I visit relatives who use their PCs daily, but still cannot service them properly.<\/p>\n

\"My-Big-Fat-Adware-Cleaning\"<\/a><\/p>\n

A couple of weeks ago, I got a plea for help from one such relative: their laptop, quite powerful and by no means obsolete, had become very laggy. Upon a close examination, I found that \u00be of its computing resources were wasted on five different \u2018home page helpers\u2019 and \u2018search panels\u2019.<\/p>\n

They were accompanied by malicious adware which demonstrated huge and irritating banners on each web page opened. All of these little enhancements were gone in two hours, and my venture was a success \u2013 of course, they got an installation of Kaspersky Internet Security<\/a>\u00a0as well.<\/p>\n

Bring in the ads!<\/h4>\n

What makes me call this adware malicious? Two reasons: First, it excessively consumes PC resources. Second, and more importantly, it\u2019s a way to show advertisements. Any adware is, in fact, a type of malware, if banners are demonstrated on each web page you launch and it imitates the native content and characteristics of the web page.<\/p>\n

Only after visiting websites I am very familiar with did I comprehend the magnitude\u00a0of the disaster. A half dozen marginal ads were injected into every web page at the bottom or next to the main text. This makes the user think it\u2019s the website\u2019s owner who is greedy and packing every inch of every page with ads.<\/p>\n

https:\/\/twitter.com\/TopSportingTip\/status\/554575686724489216<\/p>\n

This \u2018super-useful\u2019 functionality requires up to 300 MB of memory per \u00a0browser and consumes up to 2\/3 of the CPU\u2019s load. Also of note: There is no universal way to get rid of it.<\/p>\n

Going away voluntarily<\/h4>\n

An attempt to stop the resource-demanding bastards by means of Task Manager was successful\u2026 for 10 seconds or so, and then many of them were back and continued devouring the PC\u2019s processing power. Uninstallating through the dashboard had a limited impact as well. Only \u2018classy\u2019 programs, like Yandex and Yahoo\u2019s search bars, went voluntarily with their heads held high.<\/p>\n

Those two, in fact, appeared to have been consuming a very small part of the system\u2019s resources. Disclaimer:<\/strong> E<\/em>ach of them was not very demanding in terms of processing power, but there were five of them. So, five programs were performing the same tasks and battling for the honor to become the home page.<\/p>\n

\"tons-of-adware\"<\/a><\/p>\n

This is what happens to a PC with download.com\u2019s top 10 most popular programs installed simultaneously.<\/em> Image courtesy of How To Geek.<\/a><\/p>\n

However, no-name \u2018search helpers\u2019 were real badass, die-hard pieces of software: They either appeared to be absent from the list of installed programs or were un-deletable, causing an error message to appear\u00a0every time I tried to press the delete button.<\/p>\n

Rude farewell to stubborn programs<\/h4>\n

Proficient users who are fast and furious can do \u2018the finger dance\u2019 (I don\u2019t mean this<\/a>, GoT nerds), in which one has to manually delete all of an app\u2019s files in three seconds after stopping the task in the PC\u2019s memory. A more efficient method is based on using KVRT, or Kaspersky Virus Removal Tool<\/a>. This is a free antivirus with basic functionality, which scans a computer infected with a die-hard malware and then cures it.<\/p>\n

An efficient deletion method is based on using KVRT, or Kaspersky Virus Removal Tool. This is a free antivirus with basic functionality.<\/div>\n

In my case, KVRT deleted two infected adware components and after a reboot, the PC was able to breath some fresh air. I had to get rid of two toolbars and helpers, which luckily offered an uninstall option and were not detected as malware.<\/p>\n

One more reboot, and the PC was clean. Once the computer is clean, all you need to do is run simple servicing operations like deleting files from the Temp folders and defragmenting the hard drive.<\/p>\n

The root of all evil<\/h4>\n

Where did all these undeletable malvertising banners come from? It took me mere seconds to figure it out: One quick look at the desktop was enough to get the answer. The desktop contained a couple dozen games, which are mostly given away for free by developers.<\/p>\n

\"infested-games-desktop\"<\/a><\/p>\n

Altruism is not a feature of the gamedev community. It is costly to develop a modern game, even a simple one, and they need to raise money somehow. If they do not charge users directly, they are earning their buck somewhere else. It could be through, for instance, a partnership with advertising networks and search engines.<\/p>\n

Basically, this is how various \u2018search helpers\u2019 and \u2018home page protectors\u2019 get onto your computer: through games and freeware. This business model is basically acceptable, but as we\u2019ve seen, the way it works is not ideal.<\/p>\n

\n

\"Do NOT Try This at Home\": what happens when you install the top 10 apps from download[.]com http:\/\/t.co\/14j5l8CRl7<\/a><\/p>\n

\u2014 Virus Bulletin (@virusbtn) January 12, 2015<\/a><\/p><\/blockquote>\n