Adware & malware / virus - where it comes from, how to avoid it

I spent the weekend trying to clean adware off a perfectly nice computer. One errant click and the damage was done: web pages began filling with links to ads, injected by the blizzard of programs, browser extensions and add-ins that had come on board. The browser home pages were changed, the desktop was littered with new icons, popups were appearing in the middle of the screen, on and on.

One click. That’s how close you are to the same fate.

I’ll give you some tips below after you get some idea of what’s going on.


Computers are too complicated and it’s too easy to muck them up. That’s one of the biggest reasons people are using smartphones and tablets instead. I’m about to describe things that will make you paranoid, which is the only way to use a computer in 2015. What a shame!

There are two categories of bad guys. From your perspective they are both evil but only one of them can be put in jail.


Malware and viruses come from criminals. The purpose is to fool you into supplying a credit card or a password that the criminals can use to steal from you. Or perhaps it’s to take over your computer without your knowledge and use it to send spam, or scour it for bank account info and credit card numbers. Your security program tries hard to protect you, although the bad guys know lots of tricks to bypass antivirus programs.


Adware comes from advertisers. The purpose is to fool you into installing programs on your computer that display ads or attempt to coax you into buying something. Other types of adware burrow into your web browser and change the home page to something that will display advertising, or change the search engine to something that will display ads.

Examples of adware from legitimate, respectable companies:

•  Install Java and it will offer to install an “optional” extra program – a useless McAfee security suite, say.

•  Install Adobe Reader and it will offer to install an “optional” extra program – Google Chrome, say, along with changes to your browser to bring you into Google’s world.

•  Install Skype and it will offer to change your browser home page to MSN and set your default search engine to Bing instead of Google.

Those are the respectable companies, installing respectable programs. You didn’t ask for the “optional” extras and you can decline them if you’re vigilant. Make no mistake, the motivation for including them has nothing to do with your well-being. These companies have their own agendas which are built on advertising. You don’t need the Mcafee security program. You don’t want Bing instead of Google to do your searches.

Then there are the more shady advertisers. They create thousands of junk programs, then do everything they can think of to fool you into installing some of them. A web page brings up a phony warning that Adobe Flash needs to be updated, say, and you click OK without reading it closely – and you’ve got six new programs on your computer, each one useless, each one calling for attention.

Your security program does nothing. These are not criminals; they’re advertisers, and conceptually there is no difference between these scum and Google and Microsoft. All of them are trying to get programs on your computer so you will see their advertising.

The sleazy ones are set apart by a couple of things.

•  They design their programs to make them difficult to remove. They might appear in the Programs list in Control Panel, but uninstalling them frequently leaves behind bits whose purpose is to invite more adware in later.

•  They are really bad at writing software. They might not intend to break your computer, but this crap can take down a computer very thoroughly. In the worst case, it’s impossible to recover the computer.

What happens when adware gets on your computer

Your browser home page is changed; your search results come from an unfamiliar place instead of Google; there are toolbars at the top of the browser that you don’t recognize; links on web pages are underlined and ads pop up when your mouse goes over them; you type in one website but you’re redirected to another one; unfamiliar programs start appearing in the middle of the screen claiming something needs to be done to your computer – oh, and all too often your computer also starts to slow down and programs start crashing. Any or all of those symptoms might mean you’ve picked up something unwanted, and of course that’s not an exhaustive list.

The latest adware attacks are going more deeply into the browsers. Chrome, Firefox and Internet Explorer each have their own deeply buried settings that the bad guys are manipulating. I’ve had to learn what the trick is for each one to reset them back to their defaults.

Usually I can remove adware in 20-30 minutes and feel pretty confident that it’s completely gone. It’s almost a daily exercise these days.

It can be far worse. I spent 20 hours this weekend as an exercise, trying to recover a computer without wiping it clean. That makes no economic sense, of course. It was an academic exercise. When you’re paying me, I have to weigh my time against the cost of giving up early. All too often, it makes sense to give up early, before you give me a thousand dollars for work that might not be successful.

In this case the adware included a proxy that appeared to redirect all the Internet traffic from the computer through the bad guys’ systems. A file named “webwatcherlsp.dll” was embedded deeply in the System32 folder in such a way that it could not be removed. (I never did decide if it had hidden permissions – higher than System or Administrator – or if the file was corrupt in some difficult way.) It also locked up several registry keys with permission changes that made it impossible to delete or edit them, and changed permissions other places that caused more problems down the line. It was horrible. Yet every bit of research showed it classified as adware, not as a virus, and the security programs ignored it completely.

How to avoid adware and malware

Operating a computer in 2015 requires you to be paranoid all the time when you’re reading email or browsing the web.

Don’t download “free” programs. Adware is distributed with “free” games, PDF programs, media players, and even with quite legitimate utilities. When you’re downloading and installing a program – especially a free program – scrutinize every screen that comes up. Look for checkmarks that can be unchecked. Look for weasel words that might conceal a disclosure that other programs are coming along. Always do a custom install and study the options.

If a website brings something up on your screen that you’re not sure about, always close the browser window or decline or cancel the popup. It doesn’t matter if it appears to be a security warning or a request to install a Flash update. Get out! If that means you can’t visit a web page, then don’t visit that web page. Take a screen shot and run it by me if it’s important.

If there’s any possibility that a website has brought up something that might install malware, turn your computer off with the power button. Get your hands off the mouse and do not click on “OK,” “Cancel,” or the X in the upper right corner! Anything that you click might lower the defenses on the computer and install malware.

Hover over links in email messages or on web sites to make sure they lead where they appear. The address that appears above the link or at the bottom of the browser window when you hover over a link should look like something you’d expect.

Don’t click on links to web sites unless you know exactly where you’re going. Almost all malware starts from a link to a poisoned web site.

•  Don’t click on links that arrive in spam e-mail, instant messages, or that start from an untrustworthy web site.

•  Don’t click on links in email messages unless you deeply trust the judgment of the person who sent the message.

•  Don’t click on links in forwarded messages.

•  Shortened links are frequently used in Twitter, Facebook, blogs, and social networking sites. You can’t tell where they lead by looking at them. Don’t follow them unless you trust the person who created the link.

Just because something is listed in a Google search doesn’t mean it is safe. Make a judgment about where you’re going before you click.

This is a sampling of the Rules for Computer Safety. All of them are important.

Be careful out there!

Share This