Adware Removal

The best method for dealing with Adware is to avoid and prevent it. However, if you get adware, this article may help you.

How do I remove Adware?

The adware removal process is best attempted in safe mode. In windows 2000, you can boot to safe mode by pressing F8 when prompted for advanced booting options, then select "Safe Mode". If you are fortunate, you can use a software program to automatically remove adware. Some of these programs may be found at the following links:

Many times Adware must be removed manually. The Avoiding Adware page under the title "Adware Removal" discusses some manual removal processes. It explains how to use a Windows 2000 system task manager to find and remove the processes that the adware program may be running. It also provides links to sites that will help you identify which processes may be harmful or may be a legitimate part of your computer system. To remove adware you must do the following:

  • Identify and kill any adware processes on your system. - Some (but currently rare) adware programs may change file associations for executable programs to require the adware program to run before any other programs can run. If this happens and you remove the adware program, your system will be effectively disabled unless you allow it to run again. It is worthwhile to check your file associations before trying to remove adware or viruses. This can be done by opening "My Computer", click on "Tools" and select "Folder options", then click the "File Types" tab. Scroll to see if there are any COM or EXE entries. If there are, the adware may have modified these settings. You will probably need the help of a computer professional.
  • Remove adware files from your computer - Either rename or delete them.  You may want to rename or move them at first until you are sure they are adware and the adware has not modified your system to require them.

After Removal

Many times, after the adware is removed, it may start again. This is because the program creator may have a latent process configured to run to download and install the adware program again. If this happens, it is best to use a personal firewall to identify adware processes over a several week period of time and remove them. I like to use the free version of zonalarm from Zone Alarm. Some personal firewalls like ZoneAlarm are written to allow access to the internet by identifying the program trying to access the internet.

What I do is configure zonalarm to notify me and get my permision when any program tries to access the internet. So what happens is that when you start running zonealarm you find the processes that try to access the internet and look them up either on Google or at Task List Processes. If I cannot identify a process, I would kill it, make a note of it, find it on your hard drive, and rename it. This way you can restore it if you decide later that you need it. Once you decide you don't need it, search the registry and delete keys that refer to it (back up your registry first) and remove it from your hard drive. These are technical things to do, so you may need to get some help if you are not comfortable doing it.

I would leave the personal firewall active for at least two weeks to be sure you get any processes that may try to re-activate more adware programs later (they cannot download more adware programs if your firewall won't let them access the internet).

Author: Mark Allen - June 14, 2004