As a student, I had a little part time job of servicing and administrating computers for small businesses. Years have passed, but there are occasions when I have to remember ‘good ol’ times’ — usually when I visit relatives who bought a PC for daily use, but don’t quite know how to use it fully.
A couple of weeks ago, I got their next plea for help: their laptop, quite powerful and by no means obsolete, was developing faults. On examining it more closely, I found out that ¾ of its computing resources were wasted on five different ‘Home page helpers’ and ‘search panels’.
They were accompanied by malicious ad-ware which demonstrated huge and irritating banners on each web page you’d open. All these little enhancements were gone in two hours, but my venture was a success and, of course, ended up with installation of Kaspersky Internet Security.
Bring in the ads!
But what makes me call this adware malicious? Two reasons: first of all it excessively consumes PC resources. Second and more important: the way it shows content. Any adware is a type of malware: if banners are demonstrated on each web page you’ve launched and imitate the native content, characteristic of this web page.
Only after having visited some websites I am very familiar with did I comprehend the scale of the disaster. Half-dozen of marginal ads were injected into every web page — for instance, at the bottom or next to the main text. And this is a user which would think it is the website owner who is so greedy to have packed every inch of the page with ads.
After a bit of IT help! I have managed to get some horrible adware all over my computer! Anyone know any good tools for removing it?
— Top Sporting Tips (@TopSportingTip) January 12, 2015
This ‘super-useful’ functionality requires up to 300 MB of memory per each browser and consumes up to 2/3 or CPU’s load. One more thing you might note: there is no universal way to get rid of it.
Going away voluntarily
A blunt attempt to stop the resource-demanding bastards by means of Task Manager was successful… for 10 seconds or so, and then many of them were back and continued devouring the PC’s processing power. De-installation through the dashboard had a limited impact as well. Only ‘classy’ programs, like Yandex’ and Yahoo’s search bars, went voluntarily with their head high.
Those two, in fact, appeared to have been consuming a very small part of the resources. Disclaimer: each of them was not very demanding in terms of processing power, but there were five of them. So, five programs were performing the same tasks and battled for the honour to become the home page.
However, indistinct no-name ‘search helpers’ were real badass die-hard pieces of software: they either appeared to be absent from the list of installed programs or were undeletable by hitting the respective button, causing the error message to pop up every time I tried.
Rude farewell to stubborn programs
Proficient users who are fast and furious can do ‘the finger dance’ (luckily, I don’t mean this, GoT nerds), in which one has to manually delete all app’s files in three seconds after stopping the task in the PC’s memory. A more efficient method is based on using KVRT, or Kaspersky Virus Removal Tool. This is a free antivirus with basic functionality which scans a computer infected with a die-hard malware and then cures it.
In my case, KVRT deleted two infected adware components and after a reboot, PC breathed some fresh air. I had to get rid of two toolbars and helpers which luckily offered de-installation option and were not detected as malware.
One more reboot, and the PC is quite clean. All you need to do then is run simple servicing operations like deleting files from the Temp folders and defragmenting a hard drive.
The root of all evil
So, where did all these non-deletable ‘malvertising’ banners come from? It took me mere second to guess: one quick look at the desktop was enough to get the answer. The desktop contained a couple of dozens of games which are mostly given away for free by developers.
Altruism is not a feature of the game development community. It is costly to develop a modern game, even a simple one, and they need to raise the money somehow. If they do not charge a user directly, they are earning their buck on something else. It could be, for instance, a partnership with advertising networks and search engines.
This is, basically, how various ‘search helpers’ and ‘home page protectors’ get onto your computer: through games and freeware. This business model is basically acceptable, but, as we see, the way it works is not ideal at all.
"Do NOT Try This at Home": what happens when you install the top 10 apps from download[.]com http://t.co/14j5l8CRl7
— Virus Bulletin (@virusbtn) January 12, 2015
Generally, PC users don’t care about installing five different toolbars, so this is where healthy competition could be of use: on spotting a competing toolbar on the PC, an Installation Wizard might notify the user about it in the course of the installation process.
It works OK with antiviruses: often, when installed on the same machine, two antiviruses would not live peacefully. Unless advertising toolbar developer employs the same approach, regular ‘adware cleaning’ like the one I handled recently will be quite a demanded service from PC support folks.
How can you avoid installing adware add-ons?
It is way simpler to prevent adware sipping into your system rather that deleting it. The tips below should help:
- Always download apps from the developer’s official web page, and not from software aggregators.
- Pay attention to each Installation Wizard window when installing software and un-check all boxes which suggest you installed additional programs.
— Eugene Kaspersky (@e_kaspersky) July 24, 2014
- Hit ‘Advanced Installation’ or ‘Installation Options’ buttons which usually contain useful options like disabling add-on installation.