Pop Broker is one of the simplest types of browser-hijacking sites I’ve encountered recently, but it’s precisely its simplicity that makes it potentially hard to remove. It’s basically a redirect site that’s designed to gather browsing data and gain artificial traffic by triggering automatic redirects to itself. The interesting part is how it triggers those redirects. Other such sites like boyu.com.tr or maxask.com rely on a rogue extension, for example SEEKSE or Porseek, to take control of the browser and open their redirects.
In the case of Pop Broker, there’s often no rogue extension installed in the browser. Furthermore, the default search engine and homepage might not even be replaced. But then how do the Pop Broker redirects happen? Simple – with the help of a scheduled task in your system. This is the key to this hijacker’s success, but it’s also the information you need to get rid of it.
Pop Broker Removal Guide
So now that you know that Pop Broker uses a scheduled task to spam your browser, stopping it becomes very easy and simple. However, what’s important to consider is that the rogue task didn’t come out of thin air. It’s possible that some type of rogue software introduced it to your PC and that is something we’ll focus on further down this page.
SUMMARY:
The following steps provide a quick solution to the Pop Broker problem. If they solve everything for you, there’s no need to proceed with the next sections. However, if you suspect there could be malware on your PC, we suggest going through the entire guide.
Go to your Start Menu, type Task Scheduler, and open the app that appears.
In the top-left, click Task Scheduler Library and then take a look at the listed items. Those are all tasks that are set to be performed in accordance with various triggers and conditions.
Look for a task named “GoogleUpdateDaily” – the name looks legitimate enough, but this is actually the rogue task you must delete.
Just in case, double-click it, go to the Action tab, and see what action is performed by this task. We bet that its action will be to start a CMD window that executes the following command: /c start https://www.pop-broker.com.
In other words, this is the task that automatically opens the rogue site. Right-click it and select Delete > OK to delete it.
What if there is no task named “GoogleUpdateDaily”?
We won’t be surprised if the task name gets changed in the near future, as now the jig is up and most users will know to look for and delete “GoogleUpdateDaily”. However, it’s still fairly easy to figure out which task is the one causing problems.
Just check the Action tab of each task in the list and see which one opens the Pop Broker site by running the command we showed above. It shouldn’t take you more than 10 minutes to figure out which one is the culprit and consequently delete it.
How to Get Rid of the Pop Broker Virus
The main problem with Pop Broker isn’t the sudden redirects (which are mostly harmless). It’s the question of what caused the redirect task to appear in your Task Scheduler. There are many possible answers to this, but one of them is that some sort of unwanted app or malware might currently be in your system. Therefore, we also recommend completing the steps in this section to ensure your PC is clean and protected.
!IMPORTANT – READ BEFORE PROCEEDING!
We have no way of knowing if and what type of rogue software has created the rogue task in your Task Manager. For this reason, the steps shown below are general and might not work in all cases.
For this reason, we strongly recommend that you consider using a reliable removal tool like SpyHunter – a powerful anti-malware program we’ve linked on this page. It can perform a very thorough scan of your entire PC and hunt down every last piece of potentially unsafe data.
Delete Suspicious Apps
Go to the Start Menu > Settings > Apps. Click the Sort By button > Install Date. Look at the recently installed items. See anything unfamiliar or potentially problematic? Write down its name, then click it > Uninstall. Follow the prompts to delete the app.
Note that even if a particular app was willingly installed by you, it could still be related to Pop Broker if it comes from an unreliable source.
Task Manager Cleanup
Ctrl + Shift + Esc to open the Task Manager. If it’s in compact mode, click More Details to view all processes.
Sort the items by Memory usage and then by CPU usage. See which ones use the most of each resource and among them look for any with suspicious or unfamiliar names.
If you notice a process that looks out of place, write down its name, then right-click it > Open File Location. Then delete everything inside that folder. You’ll likely get an error that some of the files can’t be deleted. If that happens, return to the Task Manager, select the process > End Task. Then try to delete its files again.
If you are still not allowed to delete something, download the Lock Hunter tool and install it (it’s totally free!). Then right-click the file or folder you can’t delete > What’s locking it? > Delete.
Perform these steps for each process that looks suspicious.
Delete Malicious Files and Folders
Open a random folder, click View from the top, and check the Hidden items option above Show/Hide.
Then navigate to C: > ProgramData > Microsoft > Windows > Start Menu > Programs > Startup. Delete everything except desktop.ini.
Do the same thing in this location: C: > Users > *YOUR USERNAME* > AppData > Roaming > Microsoft > Windows > Start Menu > Programs > Startup.
Also delete all files and folders in C: > Users > *YOUR USERNAME* > AppData > Local > Temp.
Registry Cleanup
Press Winkey + R, type regedit, click OK.
Modifying the Registry always hides risks of causing further issues in the system if the wrong thing is deleted. Therefore, we recommend creating a backup first:
Click File > Export, change the export range to All, type a backup name, and create the backup file in a location of your choice.
With the backup ready, click Edit > Find, type the name of any apps you tried to delete earlier and click Find Next. If anything is found, delete the key in the left panel that contains it and search again. Eliminate all related items.
Next, search again in the registry for the names of any other apps or processes that you wrote down earlier and delete anything you find.
Stop the Pop-Broker.com Virus Popups in Chrome, Edge, and Opera GX
Pop Broker doesn’t seem to rely on hijacker extensions to open its redirects, but we still recommend checking your browser for anything that shouldn’t be there:
In your main browser, open the menu > Settings > Extensions. Delete any unfamiliar or unwanted items you see there.
Then go to Privacy and Security > Site Settings. One by one, open each permission type and check it for questionable URLs under the Allow section. Obviously, if you see pop-broker.com, delete it immediately, but also do the same with any other addresses you don’t trust.
Back in Privacy and Security, click Delete Browsing Data > Advanced, check everything except Passwords > Delete.
Check both the Appearance and On Startup tabs for questionable URLs and remove them.
In the Search Engine tab, ensure the current default search engine of the browser is set to a reliable tool. Then go to Manage Search Engines, look through the list, and remove from it anything that seems unreliable.
After you do all this, the chances of still having malware or any undesirable apps in your system will be pretty low. That said, we must remind you that we can’t make any promises, and it’s still possible that malware could be lurking in your system. If you want to be fully safe, SpyHunter can help you ensure there aren’t any malicious leftover data and settings on your computer.
Thank you