Remove Pop-Up Ads “Virus” (August 2018 Update)

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to show you how remove pop up “virus” ads also known as Adware. The removal of Ads from Chrome, Firefox and Internet Explorer works for all versions and iterations of Windows (including removal of ads from Mac/OS X).

Pop-under adware

In addition to the regular adware there is what is called pop-under alternate adware. The pop-under adware opens a new window under the currently active browser windows. Unlike pop-ups, the pop-under will not immediately disrupt and alert the user of its existence, but only when the “covering” windows get closed down. This is an especially tricky practice as it makes it that much harder to determine the exact website that caused the pop-under adware to appear.
The whole reasoning behind the development of pop-under adware is that as the pop-ups ads became something more and more common many users developed the useful habit to close down the pop-ups as soon as they begin to appear, thus avoiding even a look at them. The pop-unders are believed to be less intrusive and thus make for better overall advertising results than the pop-ups according to some behavioral studies.

Security experts classify Adware threats as the least dangerous (because they rarely harm your computer directly), but they don’t take into consideration the negative experience for the user. You will get constantly harassed by the Ads and the Ads can also be harmful if clicked on. For these reasons it’s highly recommended that you find the application responsible remove the pop-up ads immediately from your system. Adware is not to be confused for a computer virus, but it is still a type of unwanted software you need to clean from your system – the sooner the better.

Pop-Up Ads in Chrome and Firefox

Pop-Up Ads in Chrome and Firefox

An Adware in action.

An Adware in action.

Outrageous_Deal_Ads

Chrome Deals pop-ups

Online Advertisements are something we already expect to find on most web pages, yet sometimes their numbers can get excessive. If you constantly have to plow through several different pop-up ads to get to the web page underneath and that happens on almost every page you visit, then it’s likely that your computer has been infected with some kind of Adware or PUP (Potentially Unwanted Program). Regardless of what exactly has infected your computer, you’ll likely also experience general slowdown and/or instability. Your CPU has to effectively download and render the information for the Ads in addition to whatever content needs to be displayed for the page itself. This process can be excruciatingly slow on older computers or if the Ads have any animation or sounds attached to them.

adware-example1

A software bundle disclosing that an Adware will be installed

How did you find yourself looking to remove the Ads? 

If you are wondering how your PC came in contact with these Ads – there are several ways in which you might have been infected. One of the oldest and still going strong tricks is the e-mail attachments. Be careful not to open/download any attachments from e-mails with senders you don’t recognize. Be extra careful for “Phishing Scams” attempts, e-mails that look like the real thing but are in fact malicious. Another form of Ads spread out is through compromised executables downloaded from file sharing websites or torrents. Be very careful and, if possible, scan the downloaded files first, before commencing any installation process. By far the most likely way though is through an infected executable file location in a “software bundle”.  Most commonly these are installers for some kind of program, most often free, that have several other programs bundled inside of them. Most people use the Default installation option, which is a bad idea, because it will install all the extra programs bundled in the installer. A much better alternative is to always select Advanced, because you’ll get detailed information about what exactly is about to get installed. Remove the ticks from any additional programs and you’ll greatly decrease the chance of obtaining Adware viruses. 

 

How to discern normal Ads from Adware generated pop-up ads

There are a couple of signs to look after. Here is a short list of the most easily recognizable ones.

  • Adware generated Ads are much more aggressive then normal Ads and will follow you on most pages you visit (forget what I said – they will follow you on ALL pages until you get rid of the pop-up ads .
  • pop-up ads often cover the screen and make your browser unusable by simply cluttering your screen. You will have click on them to close them, which can in turn open new pages and tabs.
  • Some words are highlighted and transformed into hyperlinks and an Ad is displayed if the word is hovered over. This effect survives between multiple pages.
  • New tabs and pages are automatically opened without your permission and link to sites you are unfamiliar with.
  • Ads offer free software or crazy discounts, which you can never see in a normal shop.

Why are Ads like these being created?

If you have ever wondered why would anyone bother creating such an annoying software, then you probably already know the answer without realizing it – for profit on the expense of your time and nerves. Many of these pop-up ads generating programs are actually affiliated with the websites they advertise for. Whenever one of the Ads displayed by them is clicked on they get a small sum as a royalty. If any purchase is made the amount of money earned is increased. There are two major implications to this

  1. These pop-up ads will get displayed on your screen regardless of whether you want them or not and the only way to stop the process is to remove the underlying cause.
  2. Shady and less known companies are much more likely to advertise in such a way compared to well-known reputable software developers.

This bears the question why is this preferred as a form of advertising in the first place? The truth is for all concerns and purposes this is cheaper than a more traditional and above board form of online advertising like using Google Ads for example. If an owner of such a company or website decides quick traffic is exactly what he needs than it is not that hard to imagine him contacting creators of Adware software and commissioning the creation of Software specifically designed to redirect traffic in the form of unsuspecting users to his website. You might wonder how is the creation of such Software a cheaper form of Advertising? Well for starters by all accounts it’s not very hard for Adware to be created, in fact only small changes to the program code are required for each new “client”. This allows for quick results, although it is undoubtedly a pretty shady practice.

The sad reality is nothing useful ever comes out of these pop-up ads

Ads created by Adware applications and PUPs are well known to link towards other infected software. Useless bloatware applications are also often distributed this way. These programs usually pretend to be error fixing and optimization software, but they don’t actually do anything. They’ll entice you into downloading them for free, but when you try to use them for anything you’ll find you need the full/pro PAID version. In the meantime you will be bombarded with different kind of error reports about non-existent or over-exaggerated problems prodding you to pay for the useless software. People that actually pay the scammers will get a confirmation message that everything was fixed, but no actual threat is removed or fixed. Instead the fake error generating code is merely suppressed until the subscription for the program wears off. Another variant of this scam is when an online scan program detected viruses in your computer and you are offered to download it so it can clean them. Please remember that no online program can ever scan your computer unless you give it permission to do so!

There are several other such schemes used to install malicious software via the help of the pop-up ads . They include

  • Fake prompts to do system or program updates.
  • Claims that you need to install a certain video codec, media player or missing plug-in before you can watch videos online.
  • Messages about missing .DLL files. (Downloading a .dll file from the Internet is almost always a BAD idea!)

Finally please remember that in order to display these Ads into your browser the Adware/PUP has attached itself to your Chrome, Firefox or IE browser as an add-on. This gives it an almost unlimited ability to display stuff on your screen. Any system message that is closed when you close the browser is likely the product of the Ads and is entirely fake!

SUMMARY:

Name The pop up ads usually have some sort of name – look for it at the edges of the ads, or within your browser extensions.
Type Adware
Danger Level Medium (Often the Ads will advertise non-existent or low quality goods, including software without any real functionality)
Symptoms Computer responsiveness is reduced and delay for all actions increased, Ads create unwanted sounds and clutter the screen.
Distribution Method Software bundles, mail bombs, other online Ads, fake programs obtained from torrents or other unsafe locations.
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

How to Remove Pop Up Ads Virus

If you are a Windows user, continue with the guide below.

If you are a Mac user, please use our How to remove Ads on Mac guide.

If you are an Android user, please use our Android Malware Removal guide.


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Step3

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Step4

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

DNS

Step5

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

browser-hijacker-taskbar-properties

Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Pop Up Ads from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Pop Up Ads from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove Pop Up Ads from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

Step6

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


55 Comments

    • Hi, Emil,
      Can you elaborate on this? Did you see something in the hosts files, or somewhere else? Can you please share here what you saw, because I can’t help you until you do so.

  • Hi Llyr,

    This like shouldn’t be there, so most likely you are. Delete it, then save the file.

    Did you do the rest of the guide? Did you stop getting pop-ups?

  • I couldn’t find anything in task manager. I used Chrome cleanup tool and it found shopper pro and got rid of it, but when I reset chrome capricornus was still there. I don’t know what to do about it

  • Hi again,

    If you’ve done everything correctly the virus should have been removed or there is something entirely new.

    Please now try downloading SpyHunter from one of our banners and scan your computer for it. The scan functionality is free to use and it should pin-point you to the directories that hold the remaining virus files.

  • Hi Lynn,

    It may be possible that you are uninstalling some old programs you’ve manually deleted in the past. That is the most common reason for getting no reaction at all.

    Can you get me a screenshot of one of the messages you receive?

  • Hi Rez,

    This sounds troublesome. Have you tried resetting your chrome browser? It’s possible that you’ve already removed it, but the changes to your settings remain in effect.

  • hi, I have the same issue, no entry in registry, nor in programs, I have deleted the chrome, after that it showing on EDGE .. what to do ?

    • Hi there,

      Can you press Win Button+R and type MsConfig

      Now look at the start up tab and tell me if there is anything suspicious there.

    • 127.0.0.1 down..baidu2016.com

      127.0.0.1 down..sogou.com

      127.0.0.1 http://www..czzsyzgm.com

      127.0.0.1 http://www..czzsyzxl.com
      [ added two periods due to links ]

      I’ve seen that you’ve told others to delete the lines then save, but when I tried it told me that I do not have permission to save in the location and it is asking me if I want to save in a file instead ?

      • Hi Rami,

        You need to search for Notepad in windows search, right click on it and select Run as admin. When the program runs use the inside “Open” menu to open the hosts file and delete the lines.

  • Hi there, are you sure you removed it? Because if you had you wouldn’t be getting the spam. I suggest you download Spyhunter from one of the banners and our site and do a system scan – its free. Let me know if it finds any threats.

  • Hi again, please check my other comment and download Spyhunter. From the way you describe it you may have more then one Adware hiding on your computer.

  • Okay, right click on each process and chose open location, then shut down the process and delete its files from the folder. If it prevents you from doing so write down the file path location and reboot your PC in safe mode (Step 1). You’ll then be able to delete em.

  • Hi Matus, there are some DNS unlockers that add as extensions. You have the worse type.

    You are getting the redirects because the executable is still on your computer. Can you try downloading Spyhunter and running a system scan? You don’t need to pay for the scan, it’s free. Does it find anything?

  • Okay, did you check the browser shortcut for added lines? Also did you try resetting the browser already?

  • Well to be honest I am as perplexed as you are. Are you sure its the DNS unlocker only and not another Adware installed on the computer? That has happened to me before.

    Did you reset the browsers before or after you deleted the files? If you did it before please reset them again.

  • Hi Michelle,

    Can you go to your network settings and look if the DNS unlocker has changed your preferred DNS server? If you don’t know how to do that let me know, so i can give you more detailed instructions.

  • Hello Roronoa,

    If our general advice doesn’t seem to do the trick consider downloading the software from our banners. It might help you locate the problem.

  • I have serious problem with DNS unlocker. I would do a format but I like my windonws 7 and I can’t find them. So I decided to remove almost everything on my computer to fix this problem. The only browser I have now is Internet Explorel. When I open it a creepy message window appears “Hello new User!” and then pop up adds by DNS unlocker. In the end I can’t click anywhere, IE freezes and then I force to close it. Then I found this guide here, thank you for that. I do these steps again and again but DNS unlocker is still in my computer. Let me show you.
    – Step 1 and 2 done. My IE Adds-on are the adds-on image.
    – Step 3 done.
    – Step 4 in the control panel I had some suspicious installs, but doing the steps again and again they disappeared. Now it’s clean and almost empty. I share with you my host note and as for DNS settings is the same as your picture. I don’t think that I’m hacked.
    – Step 5 I share with you my task manager, so if you see something that I didn’t see please inform me. I printed it when I had IE open.
    – Step 6 msconfig done. I know the problem is in the regedit. If you have time I can show you what is going on there. I deleted almost everything and I’m going to delete more!

  • You are most welcome. We are glad that our instructions have helped you successfully deal with your issue. Should you ever run into any similar problems again, be sure to contact us!

    • We are happy to hear that you have successfully removed the undesirable software from your computer using our guide. Be sure to contact us again should you ever run into another similar problem!

  • 127.0.0.1 cpm.paneladmin. pro
    127.0.0.1 publisher .hmdiadmingate. xyz
    127.0.0.1 distribution. hmdiadmingate. xyz
    127.0.0.1 hmdicrewtracksystem. xyz
    127.0.0.1 linkmate. space
    127.0.0.1 space1. adminpressure. space
    127.0.0.1 trackpressure. website
    127.0.0.1 doctorlink. space
    127.0.0.1 dscdn. pw
    127.0.0.1 beautifllink. xyz

    I have this on that txt you had me look at. what can I do? Does spyhunter handle the threat?

    • You will need to manually delete the IP’s that you’ve send us from your Hosts file and then save the changes to it.

  • I have a folder in regedit named as ciskt.. i searched on google and only found cisk (without the t) in there.. so i wonder if this is one of the unwanted or not…

    • Good question. For now, we advise you to keep it that way. See if things go back to normal without you removing it. Did you complete the rest of the steps from the guide?

      • I have completed the rest of the steps.. and without removing it, the pop up ads still exist 🙁 and btw, the pop up im having is named liveadoptimizer, and I’ve searched google too, and found nothing specific about this one.

Leave a Comment