|Bleeping Computer's download site for Adwcleaner
Xplode's download site for Adwcleaner
How to start Windows 8 in Safe Mode
A sample log file from an Adwcleaner scan
How to manage add-ons
Browse the Internet as a Standard User (by John)
miss any of John's other HTML Emails? Click Here.
Services Web Site
Adware infections are very common these days. Adware programs are
typically bundled with free programs that you download from the web.
These programs produce multiple, annoying pop-ups that offer for a fee
to clean out or speed up your computer, for example; and that hijack
your browser so that your ordinary home page is replaced by a
quasi-familiar search engine that only let's you browse to web sites
that it considers safe for itself; and that adds extra toolbars to your
browsers. Further, adware programs include the ability to let more such
programs “in the back door,” so to speak, and over time these programs
increase in number. Eventually, Windows' own security features are
removed, restore points are deleted, and the only way to clean up the
mess when it gets this bad is to erase the hard drive and reinstall
Windows. So far, these infections are apparently inactive when the
computer is used in Safe Mode, which makes it possible to clean them
out if caught in time.
Adwcleaner (pronounced “adware cleaner”) is the program that searches
for and deletes these infections. It's free and pretty easy to use, and
it's compatible with 32- and 64-bit versions of Windows XP, Vista, 7,
8.0 and 8.1. It doesn't update itself so it's best to download a fresh
copy of it just before you need to use it. The author of Adwcleaner, a
French fellow who calls himself Xplode, updates it regularly to keep up
with the development of the adware programs. The updated version is
always available from bleepingcomputer.com and from Xplode's own web
Before you begin
Depending on how infected the computer is, it may or may not be
possible to use the infected computer to download Adwcleaner, so for
the purposes of this tutorial, we assume you have the use of another,
uninfected computer (even a Macintosh), and a USB drive to transfer
Adwcleaner to the infected one. Browse to one of the linked Adwcleaner
sites below, and download and save it to the USB drive.
Adwcleaner works best in Safe Mode. To get to Safe Mode in versions of
Windows through 7, you just need to repeatedly tap the <F8> key
(among the Function keys in the top row of the keyboard) when the
splash screen appears, soon after powering on. This is the black screen
that shows in large letters the word, “Dell” or whatever is the name of
the manufacturer that made the computer. Another black screen appears
with a menu of Startup Options in white letters. Use <arrow> keys
to select Safe Mode and then press the <Enter> key. You may need
to enter your system password. Eventually you'll arrive at your Safe
Mode desktop. For Windows 8.0 and 8.1 users, this is a little trickier.
Microsoft has left out the F8 option in order to speed up booting.
Bleeping Computer and Lawrence Abrams have a well-illustrated tutorial
you can follow through the link below to get to Safe Mode in these
latest versions of Windows.
1. Start the infected computer in Safe Mode.
2. When you see the Safe Mode desktop and before you get started with
Adwcleaner, you should check the Security control panel (Windows Vista)
or the Security section of the Action Center (Windows 7 and higher) for
errors. It may be that the infection has disabled these parts of
Windows and you can stop right here and think about saving your
documents, erasing your hard drive, and reinstalling Windows-- it's too
late for Adwcleaner to help you now.
3. Assuming Windows is still intact, insert the USB drive and wait 30
seconds or so for the system to recognize it and to install drivers for
it if needed.
4. Click the [Start] button and then click the [Computer] button.
5. Double-click the icon for the USB drive to open it.
6. Double-click the icon for Adwcleaner to open it. Adwcleaner comes ready to run so there's no time lost installing it.
7. When Adwcleaner starts, click the [Scan] button. The scan takes
longer the more adware programs there are. Adwcleaner lets you know
it's done with the scan by showing these words near the top of the
display: “Pending. Please uncheck elements you don't want to remove.”
In the Results portion of the display, you'll see a list of items under
tabs for Services, Folders, Files, and Registry, among others.
8. Click each of the tabs and scroll down, especially though the Folders tab to get an idea of the extent of the infection.
9. Finally, click the [Clean] button to begin the cleanup process.
10. When it's finished with cleaning, Adwcleaner reboots the computer.
Normal Mode is OK here- you're done with Safe Mode. Adwcleaner shows a
log that lists all the files, folders and registry entries that were
In most cases, and especially if the infection has not progressed past
a certain point, that's it. You're mostly done. Sometimes, however,
Adwcleaner just pauses and can't continue because it can't delete one
or more folders (or files). In those cases, follow this alternate
1. When it balks, stop Adwcleaner using the Task Manager if necessary:
right-click the taskbar, and then click Start Task Manager. In the Task
Manager, click the Programs tab, and then click Adwcleaner in the
Programs tab, and then click the [End Program] button near the bottom
of this tab of the Task Manager window. This stops Adwcleaner and puts
you back in control of the computer.
2. Restart in Safe Mode, but this time log in to an Administrator account.
3. When you see the Administrator desktop in Safe Mode (step 1 in the
first procedure above), open the USB drive again (steps 3 and 4 in the
first procedure above).
4. Drag the Adwcleaner icon from the USB drive onto the desktop to make a copy of it there.
5. Now start the copy of Adwcleaner that you put on the desktop, and click the [Scan] button.
6. When the scan has finished, click the Folders tab. Now click to
uncheck all but the first of the folders listed, leaving the first one
as the only one checked and to be cleaned.
7. Click the [Clean] button. The clean process should complete quickly.
If it balks again however, you've found a hard-to-delete folder-- make
a note of it. Now you need to stop Adwcleaner (as in step 1, here) and
just proceed from step 5 of this alternate procedure. When you get to
step 6, leave selected a number (say one or two, or even more) of
different folders from the one you left selected the first time.
8. Click [Clean] and when Adwcleaner reboots after a successful clean,
again in Safe Mode and again with the Administrator account, just
repeat these last two steps (7 and 8) with a number of the remaining
folders, saving the hard-to-delete ones for last.
9. Finally, repeat as in steps 7 and 8, but select and clean out those
hard-to-delete folders one at a time. In this way, Adwcleaner can get
to even the difficult ones.
The adware programs are gone, but you should use Adwcleaner's log (see
sample by clicking the link below) and the Programs control panel to
uninstall any adware you see in the Programs list. You're likely to get
an “...already deleted...” message. Just choose to have the entry
removed from the Programs list and go on to the next one. You should
also take a look at the Manage Add-ons window in Internet Explorer (in
the Tools menu) and disable and/or remove any of the adware toolbars
you find there. Microsoft has a pretty good tutorial for this that's
linked below in case you're not familiar with it.
If your Windows computer starts to show pop-ups and/or your home page
is suddenly different, consider running the above procedures
immediately, or call John for help. The longer you let it go, the worse
the infection becomes and the more risk there is of damage to your
Windows. Finally, be careful how and where you browse and what you
click. John has a good article about this that's also linked below.
September 3, 2014