How to remove pop-up adware from your system?


Guide to remove pop-up Adware is an Advertisement supported software program that annoys users with its un-abating fury. Cyber criminals use such adware to accomplish their embezzling motive of stealing user identity, information or wealth. Automatically generated suspicious pop-ups and malevolent advertisements are transfused to the user interface using various deceptive pop-up

This helps in generating the following two types of revenue for them:

  1. Display of Sponsored ads and pop-ups: Software Developers receive money from third parties to inject a malicious code to display ads (of their brands/ products post the installation of software) in user’s system. These ads may appear genuine and cause no harm to the system unless clicked. One wrong click and the bombardment of unnecessary ads on user browser screen may irritate the victim to the core!
  2. Pay-Per Click Basis: Every click by the user on the ads and pop-ups displayed on the browser generates revenue for the con developers as per the promise made by the affiliated group.

Threat actors distribute Adware program in user’s systems via three prominent ways:

  1. Media Based Distribution: In this method of distribution, cyber criminals ally with the distributors of vivacious software types. They settle up with the distributors or software developers to bundle the adware in the payload of the main software. The malicious program is introduced in the user system along with the main software when users don’t pay heed to its installation process.
  2. Server Based Distribution: This method of distribution relies on placement of advertisements on browser screen. Adware developers seek specific location on web pages to place their ads. Every service deems capital. On the basis of free space, cyber criminals aspire to set the advertisements on various marketing tactics.
  3. Network Based Distribution: Getting access to a private network is like scoring a big win for these con artists! Any access from a client computer of these networks can get them the entry to such closed network. With the help of traffic flow algorithms, they can easily identify the governing servers and can spread their menace on the entire network targeting all systems.– Threat Behavior: pop-up Adware like many other adware programs spread the menace on victim’s computer in three different ways:

  1. Local Mode: The threat behavior in Local Mode involves bombardment of user’s desktop screen with in-numerous ads and pop-ups as soon as system is booted. Once installed in the system the malicious adware program is configured to schedule the display of suspicious ads and pop-ups incessantly on user’s desktop. The displayed ads are not under user control. Hence there is nothing user can do about it.
  2. Roaming Mode: This set of threat behavior relies on Internet connection. As per the statistics 80% preferred adware program are roaming adware. This set of adware is brought to life when the victim makes a query and opens a web page in the preferred browser window. User browser screen is flooded with in-numerous ads and pop-ups that may or may not be of user interest.
  3. Script Mode: This technique is similar to Roaming mode except for the fact that the ads and pop-ups displayed in script mode are based on user interest. Adware programs that are configured to run in Script mode do not instantly initiate the menace. Once infiltrated, the pernicious program remains in the dormant state for a week or so. During this period the malware is configured to inspect system settings and spy on user browsing activities. The gathered information is then used to launch an attack.


Threats posed by infiltration of pop-up program in the system

The ads and pop-ups displayed by pop-up program are based on user interest and appear useful; however a click on these will cause havoc as it inadvertently redirects users to web page. This web page is malicious and redirects user to other potentially spiteful and untrustworthy websites.

This makes the victims system vulnerable to other system threats and bugs. Furthermore, redirector adds on to victim’s misery by sneakily gathering:

  1. System’s Hardware and Software information: This includes information about system Operating system, hardware components, system settings, regional settings etc. This information aids criminals to optimize future attacks on the system.
  2. Victim’s Personal Information: This includes username, passwords, areas of interest, address, phone number, Geo-locations etc. This information can be used against victims to earn hush money by extorting them. At the same time it could be used to display engaging ads by selling them to third parties.

To save you from falling in the array of negatives get this malicious program ejected from the system ASAP.

How did pop-up program invade the system?


Cunning software developers resort to deception to distribute pop-up program.

Users may unknowingly become a victim of this pernicious program by visiting illicit websites for example the ones that offer pirated songs or movies, pornography etc.

These web pages often hold a malicious script that lurks in the background. Visiting such

taboo web pages triggers the execution of this malevolent script that results in the infiltration of vengeful pop-up programs in the system.


Other distribution tactics that threat actors adhere to in order to proliferate pop-up program include:


Threat Summary


Browsers Affected: Internet Explorer, Google Chrome, Microsoft Edge, Firefox

Targeted Operating System:, Windows

Category: Adware

Symptoms:  Bombardment of sponsored ads and pop-ups on browser screen, unnatural network activities, occasional sluggishness of the infected device, system files and folders infected.

How to Remove pop-up Adware from the Computer System?

Note: Before we begin, try to remember how the extension got downloaded  on your computer system. Generally, these programs come bundled with free applications that we download off the internet. It is a good practice to locate and uninstall such programs while removing the Browser Hijacker/ Extensions.

STEP A: Remove malicious Program from Control Panel

Windows XP

  1. Click on the “Start” button on the bottom left corner of your screen. A Start menu will be displayed as shown below. From this menu select the option that reads “Control Panel”.Windows XP start menu image
  2. In the window that will be displayed, click the option “Switch to classic view”.Control panel switch to classic view
  3. This will display all the options/icons available to you. From the displayed icons, click on the icon that reads “Add or Remove Programs”.Windows XP add or remove a program
  4. Select the “Uninstall a program” option from the “Programs” category. A list will populate on the screen displaying all the programs.Uninstall a malicious program
  5. Select the programs related to pop-up and click on the Uninstall button.Windows XP confirmation window

Windows 7/Vista

  1. Right click on the “Start” button located at the lower left corner of the screen. From the Start menu, click on “Control Panel”.Windows 7 start menu
  2. The “Control Panel” Window will be displayed on the screen. Click on “Uninstall a Program” option from the “Programs” category.Uninstall a program from windows 7
  3. The “Programs and Features” window will be displayed on the screen. A list will populate on the screen displaying all the programs.
  4. Scroll though the list of programs and select the programs related to pop-up and then click on the “Uninstall” button.uninstall a program in Windows 7

Windows 8/10

  1. Right click on the “Windows logo” on the lower left side of the computer screen. From the drop down menu, select and click on “Control Panel”.Windows 10 start menu
  2. The “Control Panel” window will be displayed. From this window select “Uninstall a program” option form the “Programs” category.Control panel
  3. A list will populate on the screen displaying all the programs and features option
  4. Select the programs related to pop-up and click on the “Uninstall” button.uninstall a program in windows 8
  5. In the confirmation box, click on the box that reads “OK” to save changes.

STEP B: Reboot your system to Safe Mode with Networking

To restart the system to Safe Mode with Networking,  if already switched ON then follow the below steps:

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click  Restart.
  3. When the screen goes blank, Keep tapping  F8  Key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Networking  option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.

5 Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
  5. Click on the username and enter the password.

STEP C: Remove pop-up from system configuration settings

  1. Type “Msconfig” in search box / Run Box, select it and press Enter.
  2. Click on “Services” Tab and click on “Hide all Microsoft services”.
  3. Select pop-up from the list of remaining services and disable it by removing the tick mark from the checkbox and click on Apply button.

Windows 7

  1. Click on the next tab – “Startup”.
  2. Find any blank or suspicious entry or the entry with pop-up mentioned and remove the check mark.
  3. Click on Apply button and then click on OK.

Windows 10

  1. Click on the next tab – “Startup”.
  2. Take the mouse cursor to ‘Open task Manager‘ link and click on it.  This opens the Task Manager window.
  3. Find any blank or suspicious entry or the entry with pop-up mentioned and click on it.
  4. Then click on Disable button.

STEP D: Restore your System to an earlier date

Method 1 using Control Panel

  1. Click on the ‘Start’ button on the taskbar. This will open the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel window.
  3. In the Control Panel window, click on the ‘View by:’ button on the top right. Select the Large Icon option
  4. In the control Panel window click on the ‘Recovery Icon’. This will open a window that will ask ‘Restore the computer to an earlier point in time’.
  5. Click on the ‘Open system restore’ button. This will open the ‘system restore ’window where you need to click on the Next Button.
  6.  Select the restore point that is prior the infiltration of pop-up. After doing that, click Next.
  7. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by pop-up.

Method 2 using Command Prompt

  1. Type cmd in the search box and click on the command prompt to open the Command Prompt window. box and clicking on it.
  2. Once the Command Prompt window shows up, enter cd restore and click Enter.(Ensure that you in the system32 directory of Windows folder in C Drive)
  3. Now type rstrui and press Enter again.
  4. When a new window shows up, click Next and select your restore point that is prior the infiltration of pop-up. After doing that, click Next.
  5. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by pop-up.
  1. Type ‘Rstrui’ in the search box present on the task bar. This will open the System restore dialog box.

Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.

Tips to prevent your computer system from getting infected –

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Avira and Sophos so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.
Virus Removal Guidelines