When Adware Infection Goes Deep into Windows 7 and Vista
My article on Adwcleaner


Adwcleaner download page in Bleepingcomputer.com


Junkware Removal Tool download page in Bleepingcomputer.com


Flyfoxtwo's video tutorial on Junkware Removal Tool in YouTube


AVG Software's download page for the latest version of their Rescue CD (features both CD AND USB stick files


AVG's Rescue CD User Manual


Bleeping Computer's guide to repairing Windows Vista using Startup Repair


Bleeping Computer's guide to creating and using a Windows System Repair Disc in Windows 7 and Windows 8


How to use the Command Prompt and the bootrec Tool


Thomas Computer Services Web Site
Adware is the most common type of Windows infection that we see these days. Folks who download shopping coupons, free music and other entertainment, as well as free utilities for their system are the most likely targets. It's typically characterized by pop-up windows of adware programs offering, for example, to clean up or speed up your computer for a fee. They seem to open the door for other adware programs, and so these pop-ups become increasingly frequent as the number of adware programs increases. Finally it becomes impossible to get any work done because as soon as you cancel one window, another immediately pops up. Adware as a means to an end is so lucrative to the bastards who promulgate it that they are constantly "improving" it so as to make it harder to remove. Lately it has the ability to a] remove the Windows Security Center service, a little program that Windows uses to help guard against infection; and b] to infect the Master Boot Record (MBR) of a hard drive, the part of Windows that early in the startup (or "boot") process loads and executes Windows proper. The effect is to re-infect Windows every time the computer is started and thereby frustrate the effort to clean up the infection. To deal with it, 1] run whatever dis-infecting software you have, then 2] disinfect the MBR, and finally 3] repair Windows.

1] Disinfect by removing the adware
Adwcleaner is still recommended for this job. Read my tutorial on the subject by following the link below. Run it repeatedly, as directed there, until the results stabilize and show that nothing more can be done with it. Next, download and run the Junkware Removal Tool (JRT) from Bleeping Computer (see link). As with Adwcleaner, run this tool repeatedly until its results stabilize. Watch the YouTube tutorial for JRT if you'd like, but once you run the thing, there's not much else to do except let it run its course, and then view the results. Next, do the same (including the repeating part) with Malwarebytes Anti-Malware. Next, update and then run a scan with your anti-virus software. Take the time to run the scan a couple times with this one also. Finally, use the Programs and Features Control Panel to delete any adware that remains in the Programs list there.

2] Disinfect the MBR
The AVG Rescue CD is a standalone set of tools that can be downloaded for free, placed on a blank CD or USB flash drive, and then booted from that CD or flash drive in an infected Windows Vista or Windows 7 computer. It can update itself as long as the infected box can be connected to the Internet via ethernet cable, as wireless connection is not available to the OS on the rescue disc. Follow the links below to obtain this rescue CD and then to learn to prepare the tool, to boot from it, and to run a scan of the Master Boot Record. It may take a couple hours of prep time, but it only takes a few minutes to run the MBR scan. The USB flash drive version is quicker than the CD.

3] Repair Windows
You can determine whether the infection has disabled the Windows Security Center service by opening the Action Center (click Start, then Control Panel, then System and Security, then Action Center) where you'll see that issues are divided into Security and Maintenance. Click Security. If Windows has not been compromised by the adware, you'll see a list of security features like Network firewall, Windows Update, Virus protection, and so forth, along with the status of each: (On or Off or OK.) Now if the adware has disabled the Windows Security Center service, you'll instead see a message stating that the service has been turned off, along with a button to click to turn it back on. You click the button, but you get another message that it can't be started. Your Windows Security Center service has been removed and you need to repair it before proceeding with removing the infection.

The program needed for this repair is known as the Windows Recovery Environment. If you have a DVD that can install Windows Vista or Windows 7 and 32-bit or 64-bit, depending on which you're running, that DVD also gives you the option to Repair your computer. When you click the Repair link, you are in the Recovery Environment. You'll see there an option called Startup Repair. This is the program that is able to examine your copy of Windows and replace any missing or damaged parts. Study the last two articles in the links section below. After Startup Repair has run, a text log with diagnostic information and repair results is generated. The log file is located at:

C:\Windows\System32\Logfile\Srt\SrtTrail.txt

Windows 8 and Windows 10 use a different boot process than earlier versions. The repair process described in Step 2 above may be completed using a boot version of the Windows Command Prompt program, but that is too technical for the scope of this article.
September 7, 2015


John G. Thomas,  your all-natural geek for

• Training • Troubleshooting • Setups • Installs • Maintenance • Home networks • Windows • Mac • Unix • Android • Chrome OS • Very good rates • Special rate for seniors • Satisfaction guaranteed
Picture of John by Angie Milinowicz

Click here to get off John's mailing list. He knows you get enough emails already. Your email program will open and show you a blank New Message form with the subject filled in. Just click the Send button.

You can also use this trick to send him feedback. He'd love to hear from you.