{"id":5356,"date":"2015-01-26T08:59:07","date_gmt":"2015-01-26T13:59:07","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5356"},"modified":"2020-02-26T15:10:50","modified_gmt":"2020-02-26T15:10:50","slug":"my-big-fat-adware-cleaning","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/my-big-fat-adware-cleaning\/5356\/","title":{"rendered":"My Big Fat Adware Cleaning"},"content":{"rendered":"

As a student, I had a little part time job of servicing and administrating computers for small businesses. \u00a0Years have passed, but there are occasions when I have to remember \u2018good ol\u2019 times\u2019 \u2014 usually\u00a0when I visit relatives who\u00a0bought a PC for daily use, but don\u2019t quite know how to use it fully.<\/p>\n

A couple of weeks ago, I got their next plea for help: their laptop, quite powerful and by no means obsolete, was developing faults. \u00a0On examining it more closely, I found out that \u00be of its computing resources were wasted on five different \u2018Home page helpers\u2019 and \u2018search panels\u2019.<\/p>\n

They were accompanied by malicious ad-ware which demonstrated huge and irritating banners on each web page you\u2019d open. All these little enhancements were gone in two hours, but my venture was a success and, of course, ended up with installation of Kaspersky Internet Security<\/a>.<\/p>\n

Bring in the ads!<\/h2>\n

But what makes me call this adware malicious? Two reasons: first of all it excessively consumes PC resources. Second and more important: the way it shows content. \u00a0Any adware is a type of malware: if banners are demonstrated on each web page you\u2019ve launched and imitate the native content, characteristic of this web page.<\/p>\n

Only after having visited some websites I am very familiar with did I comprehend the scale of the disaster. Half-dozen of marginal ads were injected into every web page \u2014 for instance, at the bottom or next to the main text. And this is a user which would think it is the website owner who is so greedy to have packed every inch of the page with ads.<\/p>\n

https:\/\/twitter.com\/TopSportingTip\/status\/554575686724489216<\/p>\n

This \u2018super-useful\u2019 functionality requires up to 300 MB of memory per each browser and consumes up to 2\/3 or CPU\u2019s load. One more thing you might note: there is no universal way to get rid of it.<\/p>\n

Going away voluntarily<\/h2>\n

A blunt attempt to stop the resource-demanding bastards by means of Task Manager was successful\u2026 for 10 seconds or so, and then many of them were back and continued devouring the PC\u2019s processing power. De-installation through the dashboard had a limited impact as well. Only \u2018classy\u2019 programs, like Yandex\u2019 and Yahoo\u2019s search bars, went voluntarily with their head high.<\/p>\n

Those two, in fact, appeared to have been consuming a very small part of the resources. Disclaimer: each of them was not very demanding in terms of processing power, but there were five of them. So, five programs were performing the same tasks and battled for the honour to become the home page.<\/p>\n

\"tons-of-adware\"<\/a>

This is what happens to a PC with download.com\u2019s top 10 most popular programs installed simultaneously. Image courtesy of Howtogeek.com<\/p><\/div>\n

However, indistinct no-name \u2018search helpers\u2019 were real badass die-hard pieces of software: they either appeared to be absent from the list of installed programs or were undeletable by hitting the respective button, causing the error message to pop up every time I tried.<\/p>\n

Rude farewell to stubborn programs<\/h2>\n

Proficient users who are fast and furious can do \u2018the finger dance\u2019 (luckily, I don\u2019t mean this<\/a>, GoT nerds), in which one has to manually delete all app\u2019s files in three seconds after stopping the task in the PC\u2019s memory. A more efficient method is based on using KVRT, or Kaspersky Virus Removal Tool<\/a>. This is a free antivirus with basic functionality which scans a computer infected with a die-hard malware and then cures it.<\/p>\n

Efficient method is based on using KVRT, or Kaspersky Virus Removal Tool. This is a free antivirus with basic functionality<\/div><\/strong><\/p>\n

In my case, KVRT deleted two infected adware components and after a reboot, PC breathed some fresh air. I had to get rid of two toolbars and helpers which luckily offered de-installation option and were not detected as malware.<\/p>\n

One more reboot, and the PC is quite clean. All you need to do then is run simple servicing operations like deleting files from the Temp folders and defragmenting a hard drive.<\/p>\n

The root of all evil<\/h2>\n

So, where did all these non-deletable \u2018malvertising\u2019 banners come from? It took me mere second to guess: one quick look at the desktop was enough to get the answer. The desktop contained a couple of dozens of games which are mostly given away for free by developers.<\/p>\n

\"infested-games-desktop\"<\/a><\/p>\n

Altruism is not a feature of the game development\u00a0community. It is costly to develop a modern game, even a simple one, and they need to raise the money somehow. If they do not charge a user directly, they are earning their buck on something else. It could be, for instance, a partnership with advertising networks and search engines.<\/p>\n

This is, basically, how various \u2018search helpers\u2019 and \u2018home page protectors\u2019 get onto your computer: through games and freeware. This business model is basically acceptable, but, as we see, the way it works is not ideal at all.<\/p>\n

\n

\"Do NOT Try This at Home\": what happens when you install the top 10 apps from download[.]com http:\/\/t.co\/14j5l8CRl7<\/a><\/p>\n

\u2014 Virus Bulletin (@virusbtn) January 12, 2015<\/a><\/p><\/blockquote>\n