Hi everyone,
So recently, I have noticed a certain adware (Adware.SpecialSearchOffer) that keeps on reappearing after I delete it. I am using malwarebytes pro to detect and get rid of it. After every time I delete it, it gets detected by malwarebytes again after a few hours after I shut down my pc. I am on windows 10. It doesn't do any problems other than open up internet explorer on launch, which I assume is to get ad revenue. Any help would be appreciated to get rid of it.
There are other malware apps that you can try however with all of them make sure you update definitions.
Spybot Search and Destroy is another good malware removal app to try.
Hard to remove malware usually leave a trace in your registry and will modify the
registry to make sure it can launch itself after a reboot, to better hide, or to integrate with an existing legitimate process.
Searching your registry and
How to Check the Windows Registry for Malware?
To keep your Registry keys safe, you’d better
back up your registry key or
create a system restore point in advance. Then, you can do the following things:
- Press Win+R to open Run.
- Type regedit and press Enter to open the Registry Editor.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.
- Scroll down and find the folders which start with Run. As per your computer, you can find one to up to six such folders in that path. Then, you can click each folder to open the program list.
You can search for the suspect program on Google to confirm whether it is malware. If yes, do a search where you can right-click on that entry and select
Delete to remove it from Windows Registry. After you delete the entry, the Registry malware should be removed.
Malware may also use other Registry keys like:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
Take care with registry entries as deleting the wrong keys can have dire consequence.