Defeat adware infection
Bleeping Computer's download site for Adwcleaner


Xplode's download site for Adwcleaner


How to start Windows 8 in Safe Mode


A sample log file from an Adwcleaner scan


How to manage add-ons


Browse the Internet as a Standard User (by John)


Did you miss any of John's other HTML Emails?  Click Here.


Thomas Computer Services Web Site
The Infection
Adware infections are very common these days. Adware programs are typically bundled with free programs that you download from the web. These programs produce multiple, annoying pop-ups that offer for a fee to clean out or speed up your computer, for example; and that hijack your browser so that your ordinary home page is replaced by a quasi-familiar search engine that only let's you browse to web sites that it considers safe for itself; and that adds extra toolbars to your browsers. Further, adware programs include the ability to let more such programs “in the back door,” so to speak, and over time these programs increase in number. Eventually, Windows' own security features are removed, restore points are deleted, and the only way to clean up the mess when it gets this bad is to erase the hard drive and reinstall Windows. So far, these infections are apparently inactive when the computer is used in Safe Mode, which makes it possible to clean them out if caught in time.

The Tool
Adwcleaner (pronounced “adware cleaner”) is the program that searches for and deletes these infections. It's free and pretty easy to use, and it's compatible with 32- and 64-bit versions of Windows XP, Vista, 7, 8.0 and 8.1. It doesn't update itself so it's best to download a fresh copy of it just before you need to use it. The author of Adwcleaner, a French fellow who calls himself Xplode, updates it regularly to keep up with the development of the adware programs. The updated version is always available from bleepingcomputer.com and from Xplode's own web site.

Before you begin
Depending on how infected the computer is, it may or may not be possible to use the infected computer to download Adwcleaner, so for the purposes of this tutorial, we assume you have the use of another, uninfected computer (even a Macintosh), and a USB drive to transfer Adwcleaner to the infected one. Browse to one of the linked Adwcleaner sites below, and download and save it to the USB drive.

Adwcleaner works best in Safe Mode. To get to Safe Mode in versions of Windows through 7, you just need to repeatedly tap the <F8> key (among the Function keys in the top row of the keyboard) when the splash screen appears, soon after powering on. This is the black screen that shows in large letters the word, “Dell” or whatever is the name of the manufacturer that made the computer. Another black screen appears with a menu of Startup Options in white letters. Use <arrow> keys to select Safe Mode and then press the <Enter> key. You may need to enter your system password. Eventually you'll arrive at your Safe Mode desktop. For Windows 8.0 and 8.1 users, this is a little trickier. Microsoft has left out the F8 option in order to speed up booting. Bleeping Computer and Lawrence Abrams have a well-illustrated tutorial you can follow through the link below to get to Safe Mode in these latest versions of Windows.

The Process
Let's begin.
1. Start the infected computer in Safe Mode.
2. When you see the Safe Mode desktop and before you get started with Adwcleaner, you should check the Security control panel (Windows Vista) or the Security section of the Action Center (Windows 7 and higher) for errors. It may be that the infection has disabled these parts of Windows and you can stop right here and think about saving your documents, erasing your hard drive, and reinstalling Windows-- it's too late for Adwcleaner to help you now.
3. Assuming Windows is still intact, insert the USB drive and wait 30 seconds or so for the system to recognize it and to install drivers for it if needed.
4. Click the [Start] button and then click the [Computer] button.
5. Double-click the icon for the USB drive to open it.
6. Double-click the icon for Adwcleaner to open it. Adwcleaner comes ready to run so there's no time lost installing it.
7. When Adwcleaner starts, click the [Scan] button. The scan takes longer the more adware programs there are. Adwcleaner lets you know it's done with the scan by showing these words near the top of the display: “Pending. Please uncheck elements you don't want to remove.” In the Results portion of the display, you'll see a list of items under tabs for Services, Folders, Files, and Registry, among others.
8. Click each of the tabs and scroll down, especially though the Folders tab to get an idea of the extent of the infection.
9. Finally, click the [Clean] button to begin the cleanup process.
10. When it's finished with cleaning, Adwcleaner reboots the computer. Normal Mode is OK here- you're done with Safe Mode. Adwcleaner shows a log that lists all the files, folders and registry entries that were removed.

In most cases, and especially if the infection has not progressed past a certain point, that's it. You're mostly done. Sometimes, however, Adwcleaner just pauses and can't continue because it can't delete one or more folders (or files). In those cases, follow this alternate procedure:

1. When it balks, stop Adwcleaner using the Task Manager if necessary: right-click the taskbar, and then click Start Task Manager. In the Task Manager, click the Programs tab, and then click Adwcleaner in the Programs tab, and then click the [End Program] button near the bottom of this tab of the Task Manager window. This stops Adwcleaner and puts you back in control of the computer.
2. Restart in Safe Mode, but this time log in to an Administrator account.
3. When you see the Administrator desktop in Safe Mode (step 1 in the first procedure above), open the USB drive again (steps 3 and 4 in the first procedure above).
4. Drag the Adwcleaner icon from the USB drive onto the desktop to make a copy of it there.
5. Now start the copy of Adwcleaner that you put on the desktop, and click the [Scan] button.
6. When the scan has finished, click the Folders tab. Now click to uncheck all but the first of the folders listed, leaving the first one as the only one checked and to be cleaned.
7. Click the [Clean] button. The clean process should complete quickly. If it balks again however, you've found a hard-to-delete folder-- make a note of it. Now you need to stop Adwcleaner (as in step 1, here) and just proceed from step 5 of this alternate procedure. When you get to step 6, leave selected a number (say one or two, or even more) of different folders from the one you left selected the first time.
8. Click [Clean] and when Adwcleaner reboots after a successful clean, again in Safe Mode and again with the Administrator account, just repeat these last two steps (7 and 8) with a number of the remaining folders, saving the hard-to-delete ones for last.
9. Finally, repeat as in steps 7 and 8, but select and clean out those hard-to-delete folders one at a time. In this way, Adwcleaner can get to even the difficult ones.

Afterwards
The adware programs are gone, but you should use Adwcleaner's log (see sample by clicking the link below) and the Programs control panel to uninstall any adware you see in the Programs list. You're likely to get an “...already deleted...” message. Just choose to have the entry removed from the Programs list and go on to the next one. You should also take a look at the Manage Add-ons window in Internet Explorer (in the Tools menu) and disable and/or remove any of the adware toolbars you find there. Microsoft has a pretty good tutorial for this that's linked below in case you're not familiar with it.

If your Windows computer starts to show pop-ups and/or your home page is suddenly different, consider running the above procedures immediately, or call John for help. The longer you let it go, the worse the infection becomes and the more risk there is of damage to your Windows. Finally, be careful how and where you browse and what you click. John has a good article about this that's also linked below.
September 3, 2014


John G. Thomas,  your all-natural geek for

• Training • Troubleshooting • Setups • Installs • Maintenance • Home networks • Windows • Mac • Unix • Very good rates • Special rate for seniors • Satisfaction guaranteed
Picture of John by Angie Milinowicz

Click here to get off John's mailing list. He knows you get enough emails already. Your email program will open and show you a blank New Message form with the subject filled in. Just click the Send button.

You can also use this trick to send him feedback. He'd love to hear from you.