This page aims to show you how to remove pop-up “virus” ads also known as Adware. The removal of Ads from Chrome, Firefox, and Internet Explorer works for all versions and iterations of Windows (including removal of ads from Mac/OS X).
Pop-up Adware
Pop-up Adware is a type of aggressive add-on for browsers that keeps spamming the affected browser with aggressive pop-up messages. If you notice the symptoms of Pop-up Adware inside your browser, you ought to quickly find and remove the source of those symptoms.
Pop-under adware
In addition to the regular adware, there is what is called pop-under alternate adware. The pop-under adware opens a new window under the currently active browser windows. Unlike pop-ups, the pop-under will not immediately disrupt and alert the user of its existence, but only when the “covering” windows get closed down. This is an especially tricky practice as it makes it that much harder to determine the exact website that caused the pop-under adware to appear.
The whole reasoning behind the development of pop-under adware is that as the pop-ups ads became something more and more common many users developed the useful habit to close down the pop-ups as soon as they begin to appear, thus avoiding even a look at them. The pop-unders are believed to be less intrusive and thus make for better overall advertising results than the pop-ups according to some behavioral studies.
Security experts classify Adware threats as the least dangerous (because they rarely harm your computer directly), but they don’t take into consideration the negative experience for the user. You will get constantly harassed by the Ads and the Ads can also be harmful if clicked on. For these reasons, it’s highly recommended that you find the application responsible remove the pop-up ads immediately from your system. Adware like Weknow.ac is not to be confused for a computer virus, but it is still a type of unwanted software you need to clean from your system – the sooner the better.
Online Advertisements are something we already expect to find on most web pages, yet sometimes their numbers can get excessive. If you constantly have to plow through several different pop-up ads to get to the web page underneath and that happens on almost every page you visit, then it’s likely that your computer has been infected with some kind of Adware or PUP (Potentially Unwanted Program). Regardless of what exactly has infected your computer, you’ll likely also experience general slowdown and/or instability. Your CPU has to effectively download and render the information for the Ads in addition to whatever content needs to be displayed for the page itself. This process can be excruciatingly slow on older computers or if the Ads have any animation or sounds attached to them.
How did you find yourself looking to remove the Ads?
If you are wondering how your PC came in contact with these Ads – there are several ways in which you might have been infected. One of the oldest and still going strong tricks as e-mail attachments. Be careful not to open/download any attachments from e-mails with senders you don’t recognize. Be extra careful for “Phishing Scams” attempts, e-mails that look like the real thing but are in fact malicious. Another form of Ads spread out is through compromised executables downloaded from file-sharing websites or torrents. Be very careful and, if possible, scan the downloaded files first, before commencing any installation process. By far the most likely way though is through an infected executable file location in a “software bundle”. Most commonly these are installers for some kind of program, most often free, that have several other programs bundled inside of them. Most people use the Default installation option, which is a bad idea because it will install all the extra programs bundled in the installer. A much better alternative is to always select Advanced because you’ll get detailed information about what exactly is about to get installed. Remove the ticks from any additional programs and you’ll greatly decrease the chance of obtaining Adware viruses.
How to discern normal Ads from Adware generated pop-up ads
There are a couple of signs to look after. Here is a shortlist of the most easily recognizable ones.
- Adware generated Ads are much more aggressive than normal Ads and will follow you on most pages you visit (forget what I said – they will follow you on ALL pages until you get rid of the pop-up ads.
- pop-up ads often cover the screen and make your browser unusable by simply cluttering your screen. You will have click on them to close them, which can in turn open new pages and tabs.
- Some words are highlighted and transformed into hyperlinks and an Ad is displayed if the word is hovered over. This effect survives between multiple pages.
- New tabs and pages are automatically opened without your permission and link to sites you are unfamiliar with.
- Ads offer free software or crazy discounts, which you can never see in a normal shop.
Why are Ads like these being created?
If you have ever wondered why would anyone bother creating such an annoying software, then you probably already know the answer without realizing it – for profit at the expense of your time and nerves. Many of these pop-up ads generating programs are actually affiliated with the websites they advertise for. Whenever one of the Ads displayed by them is clicked on they get a small sum as royalty. If any purchase is made the amount of money earned is increased. There are two major implications to this
- These pop-up ads will get displayed on your screen regardless of whether you want them or not and the only way to stop the process is to remove the underlying cause.
- Shady and less known companies are much more likely to advertise in such a way compared to well-known reputable software developers.
This bears the question of why is this preferred as a form of advertising in the first place? The truth is for all concerns and purposes this is cheaper than a more traditional and above board form of online advertising like using Google Ads for example. If an owner of such a company or website decides quick traffic is exactly what he needs then it is not that hard to imagine him contacting creators of Adware software and commissioning the creation of Software specifically designed to redirect traffic in the form of unsuspecting users to his website. You might wonder how is the creation of such Software a cheaper form of Advertising? Well for starters by all accounts it’s not very hard for Adware to be created, in fact, only small changes to the program code are required for each new “client”. This allows for quick results, although it is undoubtedly a pretty shady practice.
The sad reality is nothing useful ever comes out of these pop-up ads
Ads created by Adware applications and PUPs are well known to link to other infected software. Useless bloatware applications are also often distributed this way. These programs usually pretend to be error fixing and optimization software, but they don’t actually do anything. They’ll entice you into downloading them for free, but when you try to use them for anything you’ll find you need the full/pro PAID version. In the meantime, you will be bombarded with different kind of error reports about non-existent or over-exaggerated problems prodding you to pay for the useless software. People that actually pay the scammers will get a confirmation message that everything was fixed, but no actual threat is removed or fixed. Instead, the fake error generating code is merely suppressed until the subscription for the program wears off. Another variant of this scam is when an online scan program detected viruses on your computer and you are offered to download it so it can clean them. Please remember that no online program can ever scan your computer unless you give it permission to do so!
There are several other such schemes used to install malicious software via the help of pop-up ads. They include
- Fake prompts to do system or program updates.
- Claims that you need to install a certain video codec, media player or missing plug-in before you can watch videos online.
- Messages about missing .DLL files. (Downloading a .dll file from the Internet is almost always a BAD idea!)
Finally please remember that in order to display these Ads into your browser the Adware/PUP has attached itself to your Chrome, Firefox or IE browser as an add-on. This gives it an almost unlimited ability to display stuff on your screen. Any system message that is closed when you close the browser is likely the product of the Ads and is entirely fake!
SUMMARY:
Name | The pop-up ads usually have some sort of name – look for it at the edges of the ads, or within your browser extensions. |
Type | Adware |
Detection Tool |
How to Get Rid of Pop Up Virus
The guidelines offered below will show you a possible way to remove this Adware app from your PC and browser so follow them carefully and if you aren’t sure about something, ask us in the comments and we will explain to you what needs to be done.
Before the actual removal steps, we suggest that you boot the PC into Safe Mode as this could help prevent the Adware from interrupting your uninstallation attempts. If you need guidance on how to access Safe Mode, you can find it right here.
The first step from the removal process is to go to the Processes tab of the Task Manager, to find the process behind the Adware, and to quit it. You can access the Task Manager though the Ctrl + Alt + Del or the Ctrl + Shift + Esc key combinations. Usually, the process of the Adware would have an unfamiliar name that doesn’t seem to be related to programs that are currently open on your computer. Another common red flag is if a given process is constantly using lots of RAM memory and CPU. We suggest that you look up the names of any processes you think are suspicious to find out if they aren’t essential OS processes because those could sometimes look questionable despite being legitimate and even needed for the normal performance of the computer.
If a given process seems like it can be coming from the Adware, right-click on that process, select the Open file location option, and scan each file located in that folder using the following free malware scanner:
If the scanner flags any of the files you scanned as potential threats, go back to the process, right-click on it again, and select End Process Tree. After that, delete the folder where its files are contained.
After this, search for system configuration from the Start Menu, open the System Configuration app, and look for suspicious entries in the Startup section. Disable anything you don’t recognize and/or that has “Unknown” listed as manufacturer by unchecking the checkbox in front of the item and clicking on Ok.
Type Unisntall a Program in the Start Menu, select the first icon from the results, and, in the window that opens, look for any programs that could be carrying the adware. Items that you don’t remember installing or don’t recognize, or ones that have been installed around the time you’ve started noticing the Pop-up Adware apps are most likely to be connected to the Adware problem. Uninstall any app that seems suspicious to you by selecting it and then clicking on the Uninstall option at the top of that window.
There will likely be a uninstallation wizard to guide you through the process so carefully follow its steps, making sure that everything gets uninstalled and nothing (not even personalized settings) are allowed to remain stored on your computer.
Next, you must copy this next line and paste it in the Start Menu and open the file that is found: notepad %windir%/system32/Drivers/etc/hosts. In the notepad file named Hosts that you open, check for any lines entered below Localhost. Different programs, including malicious and unwanted ones add IP addresses and rules to the Hosts file in order to operate so, if there are Adware entries there, you must delete them. We suggest that you copy anything written below Localhost and paste it in the comments below. We will take a look at the entries and if we tell you that the entries are probably from the Adware, delete them and press Ctrl + S in the Hosts file so that the change you’ve made to it is saved.
Type View Network Connections in the Start Menu and right-click on the icon of the network that you are currently using to connect to the Internet. Select the Properties option > Internet Protocol Version 4 (ICP/IP) > Properties and enable Obtain DNS server address automatically if that option isn’t checked. Then go to Advanced > the DNS tab and remove all items from the DNS server addresses list. Remember to click Ok on everything to save the changes while exiting the windows.
Open the system Registry (Start Menu > type regedit > select regedit.exe) and navigate to these three Registry directories:
- HKEY_CURRENT_USER/Software/*Folder with suspicious name*
- HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run/ *Folder with suspicious name*
- HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main/*Folder with suspicious name*
Here, look for folders with long names comprised of random characters that look out of place among the other folders. If you see anything like this, select the suspicious folder and press the Del key to delete it. If you are unsure whether any given folder must be deleted, ask us in the comments.
You can also press Ctrl + F and type the name of the program you uninstalled in Step 2 and search for it. If any entries with its name are found in the Registry, delete them too.
Finally, go to the browser that has been affected by the adware and open its Extensions manager – for different browsers the Extensions manager can be opened differently but you will almost always have to click on the browser’s menu and select the Extensions option. On Chrome, you must first select More Tools and then click on Extensions.
Now look if you can find any suspicious browser extensions – ones that haven’t been installed by you, ones you don’t recognize, or extensions that have been installed just before the problem with the Pop-up Adware started should be prime suspects. Remove any extension that looks like it could be causing problems in the browser. If you cannot directly uninstall the extension or if it keeps getting reinstalled immediately after you remove it, first disable it and then quickly try to uninstall it again.
Next, from the browser’s main menu, select Settings and type Permissions. Select the Notifications option and see what sites are allowed to show notifications in your browser. Revoke the permissions of those of them that you do not trust or simply don’t want to be allowed to show pop-ups in the browser.
Finally, scroll back up and find the Sites can ask to send notifications setting and disable it if you don’t want sites to be able to send you permission requests to show notifications in your browser.
im hacked
Hi, Emil,
Can you elaborate on this? Did you see something in the hosts files, or somewhere else? Can you please share here what you saw, because I can’t help you until you do so.
in hosts(im hacked) :
127.0.0.1 down.baidu2016..com
127.0.0.1 123.sogou..com
127.0.0.1 http://www.czzsyzgm..com
127.0.0.1 http://www.czzsyzxl..com
Yes,
Please delete all of these entries, then do the rest of the guide.
Let me know if all is OK afterwards.
how to delete virus creator’s ip?
Hi Yash,
Simply delete it, then save the file.
Let me know how it goes.
Hi Llyr,
This like shouldn’t be there, so most likely you are. Delete it, then save the file.
Did you do the rest of the guide? Did you stop getting pop-ups?
I couldn’t find anything in task manager. I used Chrome cleanup tool and it found shopper pro and got rid of it, but when I reset chrome capricornus was still there. I don’t know what to do about it
Try creating a new use in Chrome, then delete the old one. Do you know how to that?
Hi pedro,
Did you go through your control panel and remove any suspicious programs from there?
Hi Harii,
Did you do every other step before that?
Hi again,
If you’ve done everything correctly the virus should have been removed or there is something entirely new.
Please now try downloading SpyHunter from one of our banners and scan your computer for it. The scan functionality is free to use and it should pin-point you to the directories that hold the remaining virus files.
Hi Lynn,
It may be possible that you are uninstalling some old programs you’ve manually deleted in the past. That is the most common reason for getting no reaction at all.
Can you get me a screenshot of one of the messages you receive?
Is it okay to exit safe mode to do that?
Yes, it should be OK.
Hi Rez,
This sounds troublesome. Have you tried resetting your chrome browser? It’s possible that you’ve already removed it, but the changes to your settings remain in effect.
Hi Lynn,
Do you get any Ads or other unwanted behavior from the remaining app?
Not that I know of, though I probably wouldn’t be able to tell even if I did. Is it okay to just ignore it? Nothing happens when I press uninstall.
Hi again Lynn,
If it is giving you no trouble at all it is best to ignore it.
hi, I have the same issue, no entry in registry, nor in programs, I have deleted the chrome, after that it showing on EDGE .. what to do ?
Hi there,
Can you press Win Button+R and type MsConfig
Now look at the start up tab and tell me if there is anything suspicious there.
I HAVE THE SAME ISSUE
Hi Rami,
Can you put them here?
127.0.0.1 down..baidu2016.com
127.0.0.1 down..sogou.com
127.0.0.1 http://www..czzsyzgm.com
127.0.0.1 http://www..czzsyzxl.com
[ added two periods due to links ]
I’ve seen that you’ve told others to delete the lines then save, but when I tried it told me that I do not have permission to save in the location and it is asking me if I want to save in a file instead ?
Hi Rami,
You need to search for Notepad in windows search, right click on it and select Run as admin. When the program runs use the inside “Open” menu to open the hosts file and delete the lines.
Hi there,
Delete those lines, then save the file.
Hi there,
I am going to need more details than this. Where did you spot this process?
Hi there, are you sure you removed it? Because if you had you wouldn’t be getting the spam. I suggest you download Spyhunter from one of the banners and our site and do a system scan – its free. Let me know if it finds any threats.
Hi again, please check my other comment and download Spyhunter. From the way you describe it you may have more then one Adware hiding on your computer.
Okay, right click on each process and chose open location, then shut down the process and delete its files from the folder. If it prevents you from doing so write down the file path location and reboot your PC in safe mode (Step 1). You’ll then be able to delete em.
It’s OK. Did Spyhunter find anything?
Hi Ramone, did you try our guide already?
Hi Matus, there are some DNS unlockers that add as extensions. You have the worse type.
You are getting the redirects because the executable is still on your computer. Can you try downloading Spyhunter and running a system scan? You don’t need to pay for the scan, it’s free. Does it find anything?
Okay, did you check the browser shortcut for added lines? Also did you try resetting the browser already?
Check my other reply on things you can try to do.
Well to be honest I am as perplexed as you are. Are you sure its the DNS unlocker only and not another Adware installed on the computer? That has happened to me before.
Did you reset the browsers before or after you deleted the files? If you did it before please reset them again.
Hi Michelle,
Can you go to your network settings and look if the DNS unlocker has changed your preferred DNS server? If you don’t know how to do that let me know, so i can give you more detailed instructions.
Download the scanner from one of our ads – it will help you detect the infected files.
Delete them all and save the file. They are part of the infection 🙂
Hello Roronoa,
If our general advice doesn’t seem to do the trick consider downloading the software from our banners. It might help you locate the problem.
I have serious problem with DNS unlocker. I would do a format but I like my windonws 7 and I can’t find them. So I decided to remove almost everything on my computer to fix this problem. The only browser I have now is Internet Explorel. When I open it a creepy message window appears “Hello new User!” and then pop up adds by DNS unlocker. In the end I can’t click anywhere, IE freezes and then I force to close it. Then I found this guide here, thank you for that. I do these steps again and again but DNS unlocker is still in my computer. Let me show you.
– Step 1 and 2 done. My IE Adds-on are the adds-on image.
– Step 3 done.
– Step 4 in the control panel I had some suspicious installs, but doing the steps again and again they disappeared. Now it’s clean and almost empty. I share with you my host note and as for DNS settings is the same as your picture. I don’t think that I’m hacked.
– Step 5 I share with you my task manager, so if you see something that I didn’t see please inform me. I printed it when I had IE open.
– Step 6 msconfig done. I know the problem is in the regedit. If you have time I can show you what is going on there. I deleted almost everything and I’m going to delete more!
Hi Mayia,
everything looks good to me. Your addons are clear. Did you manage to complete all of the steps in Safe Mode ? Here are guides on how to remove DNS Unlocker https://howtoremove.guide/dns-unlocker-removal/ and “Hello, New User” pop-up https://howtoremove.guide/hello-new-user-virus-pop-up-removal/ . Keep us in touch if you have further questions.
You are most welcome. We are glad that our instructions have helped you successfully deal with your issue. Should you ever run into any similar problems again, be sure to contact us!
excellent website to remove POP up virus which created a DNS.
I was struggling from 30 days.
thanks a lot
We are happy to hear that you have successfully removed the undesirable software from your computer using our guide. Be sure to contact us again should you ever run into another similar problem!
127.0.0.1 cpm.paneladmin. pro
127.0.0.1 publisher .hmdiadmingate. xyz
127.0.0.1 distribution. hmdiadmingate. xyz
127.0.0.1 hmdicrewtracksystem. xyz
127.0.0.1 linkmate. space
127.0.0.1 space1. adminpressure. space
127.0.0.1 trackpressure. website
127.0.0.1 doctorlink. space
127.0.0.1 dscdn. pw
127.0.0.1 beautifllink. xyz
I have this on that txt you had me look at. what can I do? Does spyhunter handle the threat?
You will need to manually delete the IP’s that you’ve send us from your Hosts file and then save the changes to it.
I have a folder in regedit named as ciskt.. i searched on google and only found cisk (without the t) in there.. so i wonder if this is one of the unwanted or not…
Good question. For now, we advise you to keep it that way. See if things go back to normal without you removing it. Did you complete the rest of the steps from the guide?
I have completed the rest of the steps.. and without removing it, the pop up ads still exist 🙁 and btw, the pop up im having is named liveadoptimizer, and I’ve searched google too, and found nothing specific about this one.
Did you find anything suspicious in the Hosts file or in the Registry Editor?