• Happy holidays, folks! Thanks to each and every one of you for being part of the Tom's Hardware community!

[SOLVED] Adware keeps on coming back

Sep 15, 2020
9
0
10
Hi everyone,
So recently, I have noticed a certain adware (Adware.SpecialSearchOffer) that keeps on reappearing after I delete it. I am using malwarebytes pro to detect and get rid of it. After every time I delete it, it gets detected by malwarebytes again after a few hours after I shut down my pc. I am on windows 10. It doesn't do any problems other than open up internet explorer on launch, which I assume is to get ad revenue. Any help would be appreciated to get rid of it.
 
Solution
Hi everyone,
So recently, I have noticed a certain adware (Adware.SpecialSearchOffer) that keeps on reappearing after I delete it. I am using malwarebytes pro to detect and get rid of it. After every time I delete it, it gets detected by malwarebytes again after a few hours after I shut down my pc. I am on windows 10. It doesn't do any problems other than open up internet explorer on launch, which I assume is to get ad revenue. Any help would be appreciated to get rid of it.

There are other malware apps that you can try however with all of them make sure you update definitions.
Spybot Search and Destroy is another good malware removal app to try.

Hard to remove malware usually leave a trace in your registry and will modify...
Make sure you delete all your system restore points. Also check out a tool called adware removal tool by tsa. Make sure you put it in Google like that or you may get the wrong app.

If you are using Windows Defender, under scan options maybe try an offline scan that should intercept the boot of the pc and scan.
 
Hi everyone,
So recently, I have noticed a certain adware (Adware.SpecialSearchOffer) that keeps on reappearing after I delete it. I am using malwarebytes pro to detect and get rid of it. After every time I delete it, it gets detected by malwarebytes again after a few hours after I shut down my pc. I am on windows 10. It doesn't do any problems other than open up internet explorer on launch, which I assume is to get ad revenue. Any help would be appreciated to get rid of it.

There are other malware apps that you can try however with all of them make sure you update definitions.
Spybot Search and Destroy is another good malware removal app to try.

Hard to remove malware usually leave a trace in your registry and will modify the registry to make sure it can launch itself after a reboot, to better hide, or to integrate with an existing legitimate process.

Searching your registry and How to Check the Windows Registry for Malware?

To keep your Registry keys safe, you’d better back up your registry key or create a system restore point in advance. Then, you can do the following things:

  1. Press Win+R to open Run.
  2. Type regedit and press Enter to open the Registry Editor.
  3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.
  4. Scroll down and find the folders which start with Run. As per your computer, you can find one to up to six such folders in that path. Then, you can click each folder to open the program list.

You can search for the suspect program on Google to confirm whether it is malware. If yes, do a search where you can right-click on that entry and select Delete to remove it from Windows Registry. After you delete the entry, the Registry malware should be removed.

Malware may also use other Registry keys like:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

Take care with registry entries as deleting the wrong keys can have dire consequence.
 
Solution