Remove Pop-Up Ads “Virus” (September 2017 Update)

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to show you how remove pop up “virus” ads also known as Adware. The removal of Ads from Chrome, Firefox and Internet Explorer works for all versions and iterations of Windows (including removal of ads from Mac/OS X).

Pop-under adware

In addition to the regular adware there is what is called pop-under alternate adware. The pop-under adware opens a new window under the currently active browser windows. Unlike pop-ups, the pop-under will not immediately disrupt and alert the user of its existence, but only when the “covering” windows get closed down. This is an especially tricky practice as it makes it that much harder to determine the exact website that caused the pop-under adware to appear.
The whole reasoning behind the development of pop-under adware is that as the pop-ups ads became something more and more common many users developed the useful habit to close down the pop-ups as soon as they begin to appear, thus avoiding even a look at them. The pop-unders are believed to be less intrusive and thus make for better overall advertising results than the pop-ups according to some behavioral studies.

Security experts classify Adware threats as the least dangerous (because they rarely harm your computer directly), but they don’t take into consideration the negative experience for the user. You will get constantly harassed by the Ads and the Ads can also be harmful if clicked on. For these reasons it’s highly recommended that you find the application responsible remove the pop-up ads immediately from your system. Adware is not to be confused for a computer virus, but it is still a type of unwanted software you need to clean from your system – the sooner the better.

Pop-Up Ads in Chrome and Firefox

Pop-Up Ads in Chrome and Firefox

An Adware in action.

An Adware in action.

Outrageous_Deal_Ads

Chrome Deals pop-ups

Online Advertisements are something we already expect to find on most web pages, yet sometimes their numbers can get excessive. If you constantly have to plow through several different pop-up ads to get to the web page underneath and that happens on almost every page you visit, then it’s likely that your computer has been infected with some kind of Adware or PUP (Potentially Unwanted Program). Regardless of what exactly has infected your computer, you’ll likely also experience general slowdown and/or instability. Your CPU has to effectively download and render the information for the Ads in addition to whatever content needs to be displayed for the page itself. This process can be excruciatingly slow on older computers or if the Ads have any animation or sounds attached to them.

adware-example1

A software bundle disclosing that an Adware will be installed

How did you find yourself looking to remove the Ads? 

If you are wondering how your PC came in contact with these Ads – there are several ways in which you might have been infected. One of the oldest and still going strong tricks is the e-mail attachments. Be careful not to open/download any attachments from e-mails with senders you don’t recognize. Be extra careful for “Phishing Scams” attempts, e-mails that look like the real thing but are in fact malicious. Another form of Ads spread out is through compromised executables downloaded from file sharing websites or torrents. Be very careful and, if possible, scan the downloaded files first, before commencing any installation process. By far the most likely way though is through an infected executable file location in a “software bundle”.  Most commonly these are installers for some kind of program, most often free, that have several other programs bundled inside of them. Most people use the Default installation option, which is a bad idea, because it will install all the extra programs bundled in the installer. A much better alternative is to always select Advanced, because you’ll get detailed information about what exactly is about to get installed. Remove the ticks from any additional programs and you’ll greatly decrease the chance of obtaining Adware viruses. 

 

How to discern normal Ads from Adware generated pop-up ads

There are a couple of signs to look after. Here is a short list of the most easily recognizable ones.

  • Adware generated Ads are much more aggressive then normal Ads and will follow you on most pages you visit (forget what I said – they will follow you on ALL pages until you get rid of the pop-up ads .
  • pop-up ads often cover the screen and make your browser unusable by simply cluttering your screen. You will have click on them to close them, which can in turn open new pages and tabs.
  • Some words are highlighted and transformed into hyperlinks and an Ad is displayed if the word is hovered over. This effect survives between multiple pages.
  • New tabs and pages are automatically opened without your permission and link to sites you are unfamiliar with.
  • Ads offer free software or crazy discounts, which you can never see in a normal shop.

Why are Ads like these being created?

If you have ever wondered why would anyone bother creating such an annoying software, then you probably already know the answer without realizing it – for profit on the expense of your time and nerves. Many of these pop-up ads generating programs are actually affiliated with the websites they advertise for. Whenever one of the Ads displayed by them is clicked on they get a small sum as a royalty. If any purchase is made the amount of money earned is increased. There are two major implications to this

  1. These pop-up ads will get displayed on your screen regardless of whether you want them or not and the only way to stop the process is to remove the underlying cause.
  2. Shady and less known companies are much more likely to advertise in such a way compared to well-known reputable software developers.

This bears the question why is this preferred as a form of advertising in the first place? The truth is for all concerns and purposes this is cheaper than a more traditional and above board form of online advertising like using Google Ads for example. If an owner of such a company or website decides quick traffic is exactly what he needs than it is not that hard to imagine him contacting creators of Adware software and commissioning the creation of Software specifically designed to redirect traffic in the form of unsuspecting users to his website. You might wonder how is the creation of such Software a cheaper form of Advertising? Well for starters by all accounts it’s not very hard for Adware to be created, in fact only small changes to the program code are required for each new “client”. This allows for quick results, although it is undoubtedly a pretty shady practice.

The sad reality is nothing useful ever comes out of these pop-up ads

Ads created by Adware applications and PUPs are well known to link towards other infected software. Useless bloatware applications are also often distributed this way. These programs usually pretend to be error fixing and optimization software, but they don’t actually do anything. They’ll entice you into downloading them for free, but when you try to use them for anything you’ll find you need the full/pro PAID version. In the meantime you will be bombarded with different kind of error reports about non-existent or over-exaggerated problems prodding you to pay for the useless software. People that actually pay the scammers will get a confirmation message that everything was fixed, but no actual threat is removed or fixed. Instead the fake error generating code is merely suppressed until the subscription for the program wears off. Another variant of this scam is when an online scan program detected viruses in your computer and you are offered to download it so it can clean them. Please remember that no online program can ever scan your computer unless you give it permission to do so!

There are several other such schemes used to install malicious software via the help of the pop-up ads . They include

  • Fake prompts to do system or program updates.
  • Claims that you need to install a certain video codec, media player or missing plug-in before you can watch videos online.
  • Messages about missing .DLL files. (Downloading a .dll file from the Internet is almost always a BAD idea!)

Finally please remember that in order to display these Ads into your browser the Adware/PUP has attached itself to your Chrome, Firefox or IE browser as an add-on. This gives it an almost unlimited ability to display stuff on your screen. Any system message that is closed when you close the browser is likely the product of the Ads and is entirely fake!

SUMMARY:

Name The pop up ads usually have some sort of name – look for it at the edges of the ads, or within your browser extensions.
Type Adware
Danger Level Medium (Often the Ads will advertise non-existent or low quality goods, including software without any real functionality)
Symptoms Computer responsiveness is reduced and delay for all actions increased, Ads create unwanted sounds and clutter the screen.
Distribution Method Software bundles, mail bombs, other online Ads, fake programs obtained from torrents or other unsafe locations.
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

How to Remove Pop Up Ads Virus

If you are a Windows user, continue with the guide below.

If you are a Mac user, please use our How to remove Ads on Mac guide.

If you are an Android user, please use our Android Malware Removal guide.


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Step3

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Step4

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

DNS

Step5

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

browser-hijacker-taskbar-properties

Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Pop Up Ads from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Pop Up Ads from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove Pop Up Ads from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

Step6

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


  • Pingback: Esurf.biz Virus Removal From Chrome/Firefox/IE - HowToRemove.Guide()

  • Pingback: How to Remove Yoursites123 Virus from Chrome/Firefox/IE - HowToRemove.Guide()

  • Pingback: Ads by Capricornus (Removal Guide) - HowToRemove.Guide()

  • Pingback: Uninstall Browser Air Virus From Chrome/Firefox/IE - HowToRemove.Guide()

  • Emil

    im hacked

    • HowToRemove.Guide Team

      Hi, Emil,
      Can you elaborate on this? Did you see something in the hosts files, or somewhere else? Can you please share here what you saw, because I can’t help you until you do so.

  • Jadalou Sear

    in hosts(im hacked) :

    127.0.0.1 down.baidu2016..com

    127.0.0.1 123.sogou..com

    127.0.0.1 http://www.czzsyzgm..com

    127.0.0.1 http://www.czzsyzxl..com

    • HowToRemove.Guide Team

      Yes,

      Please delete all of these entries, then do the rest of the guide.

      Let me know if all is OK afterwards.

  • yash kohale

    how to delete virus creator’s ip?

    • HowToRemove.Guide Team

      Hi Yash,

      Simply delete it, then save the file.

      Let me know how it goes.

  • HowToRemove.Guide Team

    Hi Llyr,

    This like shouldn’t be there, so most likely you are. Delete it, then save the file.

    Did you do the rest of the guide? Did you stop getting pop-ups?

  • Llyr Morgan

    I couldn’t find anything in task manager. I used Chrome cleanup tool and it found shopper pro and got rid of it, but when I reset chrome capricornus was still there. I don’t know what to do about it

    • HowToRemove.Guide Team

      Try creating a new use in Chrome, then delete the old one. Do you know how to that?

  • HowToRemove.Guide Team

    Hi pedro,

    Did you go through your control panel and remove any suspicious programs from there?

  • HowToRemove.Guide Team

    Hi Harii,

    Did you do every other step before that?

  • HowToRemove.Guide Team

    Hi again,

    If you’ve done everything correctly the virus should have been removed or there is something entirely new.

    Please now try downloading SpyHunter from one of our banners and scan your computer for it. The scan functionality is free to use and it should pin-point you to the directories that hold the remaining virus files.

  • HowToRemove.Guide Team

    Hi Lynn,

    It may be possible that you are uninstalling some old programs you’ve manually deleted in the past. That is the most common reason for getting no reaction at all.

    Can you get me a screenshot of one of the messages you receive?

    • Lynn

      Is it okay to exit safe mode to do that?

      • HowToRemove.Guide Team

        Yes, it should be OK.

  • HowToRemove.Guide Team

    Hi Rez,

    This sounds troublesome. Have you tried resetting your chrome browser? It’s possible that you’ve already removed it, but the changes to your settings remain in effect.

  • HowToRemove.Guide Team

    Hi Lynn,

    Do you get any Ads or other unwanted behavior from the remaining app?

    • Lynn

      Not that I know of, though I probably wouldn’t be able to tell even if I did. Is it okay to just ignore it? Nothing happens when I press uninstall.

      • HowToRemove.Guide Team

        Hi again Lynn,

        If it is giving you no trouble at all it is best to ignore it.

  • Aamna Khan

    hi, I have the same issue, no entry in registry, nor in programs, I have deleted the chrome, after that it showing on EDGE .. what to do ?

    • HowToRemove.Guide Team

      Hi there,

      Can you press Win Button+R and type MsConfig

      Now look at the start up tab and tell me if there is anything suspicious there.

  • Aamna Khan

    I HAVE THE SAME ISSUE

  • HowToRemove.Guide Team

    Hi Rami,

    Can you put them here?

    • Rami no

      127.0.0.1 down..baidu2016.com

      127.0.0.1 down..sogou.com

      127.0.0.1 http://www..czzsyzgm.com

      127.0.0.1 http://www..czzsyzxl.com
      [ added two periods due to links ]

      I’ve seen that you’ve told others to delete the lines then save, but when I tried it told me that I do not have permission to save in the location and it is asking me if I want to save in a file instead ?

      • HowToRemove.Guide Team

        Hi Rami,

        You need to search for Notepad in windows search, right click on it and select Run as admin. When the program runs use the inside “Open” menu to open the hosts file and delete the lines.

  • HowToRemove.Guide Team

    Hi there,

    Delete those lines, then save the file.

  • HowToRemove.Guide Team

    Hi there,

    I am going to need more details than this. Where did you spot this process?

  • HowToRemove.Guide Team

    Hi there, are you sure you removed it? Because if you had you wouldn’t be getting the spam. I suggest you download Spyhunter from one of the banners and our site and do a system scan – its free. Let me know if it finds any threats.

  • HowToRemove.Guide Team

    Hi again, please check my other comment and download Spyhunter. From the way you describe it you may have more then one Adware hiding on your computer.

  • HowToRemove.Guide Team

    Okay, right click on each process and chose open location, then shut down the process and delete its files from the folder. If it prevents you from doing so write down the file path location and reboot your PC in safe mode (Step 1). You’ll then be able to delete em.

  • HowToRemove.Guide Team

    It’s OK. Did Spyhunter find anything?

  • HowToRemove.Guide Team

    Hi Ramone, did you try our guide already?

  • HowToRemove.Guide Team

    Hi Matus, there are some DNS unlockers that add as extensions. You have the worse type.

    You are getting the redirects because the executable is still on your computer. Can you try downloading Spyhunter and running a system scan? You don’t need to pay for the scan, it’s free. Does it find anything?

  • HowToRemove.Guide Team

    Okay, did you check the browser shortcut for added lines? Also did you try resetting the browser already?

  • HowToRemove.Guide Team

    Check my other reply on things you can try to do.

  • HowToRemove.Guide Team

    Well to be honest I am as perplexed as you are. Are you sure its the DNS unlocker only and not another Adware installed on the computer? That has happened to me before.

    Did you reset the browsers before or after you deleted the files? If you did it before please reset them again.

  • HowToRemove.Guide Team

    Hi Michelle,

    Can you go to your network settings and look if the DNS unlocker has changed your preferred DNS server? If you don’t know how to do that let me know, so i can give you more detailed instructions.

  • HowToRemove.Guide Team

    Download the scanner from one of our ads – it will help you detect the infected files.

  • HowToRemove.Guide Team

    Delete them all and save the file. They are part of the infection 🙂

  • HowToRemove.Guide Team

    Hello Roronoa,

    If our general advice doesn’t seem to do the trick consider downloading the software from our banners. It might help you locate the problem.

  • Mayia

    I have serious problem with DNS unlocker. I would do a format but I like my windonws 7 and I can’t find them. So I decided to remove almost everything on my computer to fix this problem. The only browser I have now is Internet Explorel. When I open it a creepy message window appears “Hello new User!” and then pop up adds by DNS unlocker. In the end I can’t click anywhere, IE freezes and then I force to close it. Then I found this guide here, thank you for that. I do these steps again and again but DNS unlocker is still in my computer. Let me show you.
    – Step 1 and 2 done. My IE Adds-on are the adds-on image.
    – Step 3 done.
    – Step 4 in the control panel I had some suspicious installs, but doing the steps again and again they disappeared. Now it’s clean and almost empty. I share with you my host note and as for DNS settings is the same as your picture. I don’t think that I’m hacked.
    – Step 5 I share with you my task manager, so if you see something that I didn’t see please inform me. I printed it when I had IE open.
    – Step 6 msconfig done. I know the problem is in the regedit. If you have time I can show you what is going on there. I deleted almost everything and I’m going to delete more!

  • HowToRemove.Guide Team

    You are most welcome. We are glad that our instructions have helped you successfully deal with your issue. Should you ever run into any similar problems again, be sure to contact us!

  • Abdul

    excellent website to remove POP up virus which created a DNS.
    I was struggling from 30 days.
    thanks a lot

    • HowToRemove.Guide Team

      We are happy to hear that you have successfully removed the undesirable software from your computer using our guide. Be sure to contact us again should you ever run into another similar problem!

  • Heidern

    127.0.0.1 cpm.paneladmin. pro
    127.0.0.1 publisher .hmdiadmingate. xyz
    127.0.0.1 distribution. hmdiadmingate. xyz
    127.0.0.1 hmdicrewtracksystem. xyz
    127.0.0.1 linkmate. space
    127.0.0.1 space1. adminpressure. space
    127.0.0.1 trackpressure. website
    127.0.0.1 doctorlink. space
    127.0.0.1 dscdn. pw
    127.0.0.1 beautifllink. xyz

    I have this on that txt you had me look at. what can I do? Does spyhunter handle the threat?

    • HowToRemove.Guide Team

      You will need to manually delete the IP’s that you’ve send us from your Hosts file and then save the changes to it.