How to remove a virus showing ads in your browser

Malicious programs harm files and documents and significantly slow down your computer by infiltrating various applications and system processes. One of the most unpleasant viruses is adware viruses. They are embedded in browsers and display different dubious ads referring to malicious resources.


  1. Primary symptoms and system infection with advertising viruses.
  2. How to remove an adware virus?
  3. Removal of viruses using third-party software.
  4. Cleaning the task manager.
  5. Manually remove from the installed applications menu.
  6. Checking current processes in Task Manager.
  7. Cleaning Windows startup.
  8. Cleaning the autorun of Windows services
  9. Cleaning the Windows Registry.
  10. Clearing browser shortcuts.
  11. Cleaning proxy server settings.
  12. Clearing and resetting browser Settings.
  13. Reset Google Chrome.
  14. Reset Opera.
  15. Clears exessive entries in the Hosts file.
  16. Rollback Windows to a previous recovery point.

If the user detects a virus infection with ads, the browser and system should be cleaned of ads viruses.

Primary symptoms and system infection with advertising viruses.

Viruses may infect your computer when you visit infected resources, download unlicensed games, movies, programs, and other files.

It is worth understanding that virus creators are continually modifying their software, so infection can occur even if there is a good antivirus.

The main symptoms of infecting with adware viruses are:

  • Incomprehensible or dubious advertising.
  • Periodically pop-up windows.
  • Automatic creation of new tabs with advertisements.
  • Pop-up windows with dubious offers
  • Presence of advertising blocks where there were no such blocks before.
  • Availability of ads bypassing the AdBlock utility.

How to remove an adware virus?

Infecting PCs with adware viruses requires a comprehensive approach, as it is initially unknown where the infection is located and what files it was introduced into.

Step-by-step methods for removing adware viruses will be described below.

Important: When removing adware viruses, it is recommended to disable the connection to the Internet. You can do this by turning off your router or by disconnecting the Internet cable from your network card.

Removal of viruses using third-party software.

At the moment, many solutions can be used to quickly and efficiently remove viruses. In this article, we will analyze how to remove viruses using the example of the free utility AdwCleaner.

AdwCleaner can remove adware, malicious viruses, and unnecessary and infected files. Besides, the utility can clean popular browsers from infecting adware viruses.

Step 1: Download AdwCleaner on the program’s official website and install it.

Step 2: Run AdwCleaner and click on the “Scan” button.>.

Step 3: After the scan is complete (may take up to half an hour), click “Next” button.

Next, if a threat is detected, you will be asked to remove it or quarantine it.

Select the action you want to take and click on OK

In addition to AdwCleaner, many other such utilities (Zemana Anti-malware, Malwarebytes, etc.) can quickly clean the system from malicious ads. They all work on about the same principle, being an effective means of cleaning PCs from ads.

Cleaning the task scheduler.

The first thing to do is to check the task scheduler, as many ad viruses are introduced into your browser using it.

Step 1: Open the control panel by right-clicking on the “Start” button.

Step 2: In the opened window, it is necessary to open the item “Administrative Tools”. It is easy to find it if you set the mode of displaying “small icons” in the “View” item.

Step 3: In this window, you should choose the “Tasks scheduler”

Step 4: In the opened window, select the “Tasks Scheduler Library” in the left column and then pay attention to the central part of the window where all the tasks are displayed.

In this window, you should detect suspicious tasks with unclear names and a high repetition rate (usually every 10 minutes). Malicious processes are often hidden under windows or browser task names. You can also find links to advertising resources in the task description. All you need to do if such links are detected is right-click on the process and select “Delete”

Manually remove from the installed applications menu.

After checking the Scheduler, you should carefully review the latest installed applications. It is not uncommon to calculate advertising viruses this way.

To do this, you need to go to the program removal menu and get acquainted with the latest installed programs.

Step 1: Open the control panel, switch on the display mode “small icons”, then find the item “Programs and features” (in Widnows 7 this item is named “Delete programs”).

Step 2: Now, you need to sort the list by installation date and find the program after installation of which the problems with advertising began. Most probably, the installed software or unlicensed game was with built-in virus software that infected the computer.

Read more:  How Content-Aware Search Works

Checking current processes in Task Manager.

Sometimes adware viruses cannot be detected in the removal menu because they use unique algorithms to hide their malicious activity. To check for hidden viruses, you must look for suspicious processes.

It can be done in the following way:

Step 1: Open the Task Manager by pressing the “Ctrl+Alt+Delete” or “Ctrl+Shift+Esc” key combination and then select the “Details” tab.

Step 2. Here it would be best if you found the suspicious processes, running under which the viruses are hiding. Often they have an obscure name and description.

Step 3: After finding the malware, right-click on the icon and select “Open file location”

Step 4: After opening a folder with suspicious files, you should write down their location in a text document, copying the exact address from Explorer.

Step 5: Perform the same actions for all suspicious files. Important: Windows runs a lot of system processes that can be confused with malware, so you should be extremely careful when removing viruses as you can accidentally delete important data.

Step 6: After creating a list of malicious files, save the text document and boot Windows in safe mode

Step 7: In Safe Mode, open the Control Panel, enable the small icon display mode and find the “File Explorer options” item.

Step 8: In the window that opens, select “View”, then enable the display of hidden folders and uncheck the “Hide protected operating system files”, “Hide folder merge conflicts”, “Hide empty drives” and “Hide extensions for known file types” options.

Step 9: Now you need to open the list of malicious files that was created in step 4 and then remove all the malicious files.

Cleaning Windows startup.

Often viral software can be injected into the Windows autorun. It leads to the fact that virus programs are launched together with the start of the operating system.

To clean the autoloader from viruses, it is necessary:

Step 1: Open the Windows autoloader menu. In the tenth version of the operating system, the autoloader is in the Task Manager. You can open it using Ctrl+Alt+Delete or Ctrl+Shift+Esc key combination. In Windows 7, the autoloader menu can be invoked by pressing the win+r keys and then executing the msconfig command.

Step 2. In the autorun window, you must disable all suspicious programs. To do this, right-click on the program and then select “Disable”. After disconnecting, you should select “Open file location” and delete suspicious programs..

This procedure should be repeated for all suspicious files.

Cleaning the autorun of Windows services

Next, you need to clean up the autorun of Windows services, where adware viruses may hide.

Step 1: Right-click on the “Start” button, and select “Run”. After that, you should enter the msconfig command in the line and confirm the action with the “OK” button.

Step 2: In the system configuration window, select the “Services” tab and then tick the box next to “Hide Microsoft services”

The window will display all the services you need to find viruses and disable them from the startup. Important: After performing these steps, you should restart your computer and start the system in normal mode, as the following steps are not effective in safe mode.

Cleaning the Windows Registry.

After booting in normal mode, you should pay attention to clearing the Windows registry. To do that, you should:

Step 1: Right-click on the start and select “Run”. In the line, enter “regedit” command and press “OK”

Step 2: After opening the registry editor, go to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE You should check the /Software/Microsoft/Windows/CurrentVersion path, where you should find suspicious entries in the Run and RunOnce folders

Step 3: If there is malware, we remove it by right-clicking on it and selecting “Delete”

You can also use the search to remove viruses from the registry, whose name the user knows. To do this, press Ctrl+F and enter the infected files’ names, after which the registry will be cleared of them.

Clearing browser shortcuts.

Some viruses may embed links to advertising resources in shortcut parameters. To fix this, you can delete the current shortcuts and create new ones or do the following:

Step 1: Find a shortcut in your browser and right-click on it choosing “Properties”. In the window that will open, you should select the shortcut tab and check the Target string.

Read more:  How to Clone or Move Your Windows 10 Installation to a Larger Hard Disk or SSD

Step 2: The Target line should only contain the path to the root folder of the browser. If there are any links to any Internet resources near the path, you should delete them and confirm the action with the “Apply” button. Also, there should be no other links to different files in the path. If they exist, you should delete them, as well as remove the files they link to.

Cleaning proxy server settings.

Infection with advertising viruses often leads to unwanted changes in the system settings of the proxy server. Follow the steps to clear proxy settings:

Step 1: Right-click on the start button and find the “Run” item. In the opened window, enter the command inetcpl.cpl and click “OK”

Step 2: In the window that opens, select the “Connections” tab and go to “LAN Settings”

Step 3: Remove the checkboxes “Use automatic configuration script” and “Use proxy server for your LAN”. After that, you should confirm the action with the “OK” button.

Clearing and Resetting Browser Settings.

At this stage it is necessary to perform a complete cleaning of the browser, which was infected with an adware virus, as well as reset the settings to default values. In different browsers, the reset is done on about the same principle.

Below we will explain how to reset settings in popular Internet browsers.

Reset settings in Google Chrome

To reset your settings in Google Chrome browser, you have to:

Step 1: Open your browser, left-click on three vertical points in the upper right corner and select “Settings”

Step 2: We go down to the bottom of the page, click on the “Advanced” item, and go back to the bottom. Here you should find “Restore settings to their original defaults” and reset the settings.

When you reset your settings, Google Chrome will automatically clear your homepage, install a standard search engine, and remove any temporary data that may be infected by ad viruses.

Reset settings in Opera

Resetting Opera looks like this:

Step 1: Open Opera and left-click on the “O” icon in the upper left corner. In the opened tab, you should choose the “Help” item and then go to the “About Opera” section.

Step 2: Now, you should pay attention to the installation path of the program. We are interested in the path to “Profile” and the path to “Cache”. It is in these folders there are files, which are responsible for program settings.

Step 3. Follow the specified paths and delete all data in folders.

After restarting Opera settings will be restored to default.

It should be noted that reset settings are carried out on the same principle in most popular browsers. It is also worth understanding that reinstallation of the browser will not give any result, as a new version of the program will automatically restore the previous settings.

Clears exessive entries in the Hosts file.

Finally, you should clear the Hosts file, which may contain viral entries displaying ads.

To do this, go to: C:/Windows/System32/drivers/etc and find the Hosts file.

It should be opened with notepad with administrator rights. After opening it, you should carefully look through the lines of the file. If there are lines in the file that do not begin with the grid symbol (#), they should be deleted, and the file saved.

Rollback Windows to a previous recovery point.

Rollback of the operating system with the help of recovery points is a rather radical measure that will allow you to restore the operating system to the point of infection.

Important: using recovery points will result in the loss of all programs that were installed after the created recovery point. If the previous methods did not help, we recommend that you take a look at how to recover Windows using recovery points..

Recovering lost data

Malicious viruses can not only display ads or suspicious messages in your browser. Some viral software intentionally removes important data, pictures and other files that may be important to the user. In order to protect ourselves and our data, we recommend using the handy RS Partition Recovery program, which is a comprehensive tool for recovering lost information.

With RS Partition Recovery, you can quickly recover data deleted by viruses, accidentally formatted or damaged in other ways. For this purpose, the utility uses special algorithms that allow you to perform scanning and recovery at different levels. RS Partition Recovery can recover both recently deleted files and those that were lost up to several months ago.

Frequently Asked Question

Den Broosen

About Den Broosen

Author and site editor for RecoverySoftware. In his articles, he shares his experience of data recovery on a PC and the safe storage of information on hard drives and RAID arrays.
Leave a comment