Home-Browsers-Potentially unwanted programs slow down your PC and can cause harm: here's what you can do. "Potentially harmful software detected" message from Windows Defender

Potentially unwanted programs slow down your PC and can cause harm: here's what you can do. "Potentially harmful software detected" message from Windows Defender

Malware, Trojans, bugs - all these words strike fear into the heart of each of us, imagining the breakdown of code, skull and bones. All of this Internet malware, unfortunately, only proves that for every useful technology there is an equal amount of garbage, which can sometimes have an impact. negative impact to your computer.

Potentially unwanted programs (PUPs) live up to their name: they are programs cluttering up your computer that you want to get rid of. PUPs are similar to malware in that once downloaded and installed, they begin to cause various problems on your computer. Distinguishes PNP from malware only the fact that their downloading occurs with your consent.

The term PUP was first coined as a definition for downloadable adware or junkware, which is different from malware. software. PNPs are often used huge amount system resources and are common cause Slow operation of operating systems. However, they are not harmful or cause harm. However, they often irritate PC users themselves by creating new toolbars in the web browser for some online stores, changing the search engine from Google to Bing without warning, constantly opening pop-up advertising windows or regularly updating the user on the weather in Swaziland. Some PUPs even behave aggressively, deliberately slowing down your computer in order to later sell you wonderful tools/settings to speed up the system.

Why do PNPs exist? So that "free" software developers make a profit. For example, for every toolbar successfully installed in a browser, a free software developer receives about $2. Some PUPs exist just to make money without even providing you with anything useful.

So, how do you get one potentially unwanted program (or ten at once)?
The behavior of PUPs is usually outlined in the User Agreement: this is the long document that appears as you work your way through all the installation windows, clicking “Agree” and “Accept” to finally get to the end. But this seemingly useless legal section actually lists the intent of the program. For their installation, PUPs require your approval through this “Agree” button. They count on this consent. This protects software developers from any legal recourse. They rely on you to speed through the installation process and expect you to not read User Agreement, and immediately scroll down and press the long-awaited “AGREE” button.

So how do they get into your computer?

Imagine what you get New Year's gift, beautifully wrapped in gift paper. So are PUPs, which are “beautifully packaged” in free download the free program you want. And this applies not only to small providers of free software. Many big brands are also associated with PUPs, for example:

Another way for PUPs to penetrate your computer is through download portals. You visit these sites to update Adobe products or find a convenient media player. Most portals promise “clean and secure boot" However, it has become dangerous to trust any download portal, because PUPs are already included with software reviews on the site, which is not entirely legal.

We examined how many PUPs were built into the installation of the 50 most popular applications on Download.com. We found that PUPs are included in the installation 31 out of 50 tested apps on Download.com. Cm.:

Still shocked by these results, we decided to look into how the ten most popular download portals (besides Download.com) work to see if any of them were safe to use. We downloaded the ten most popular apps and calculated how much clutter was downloaded along with them. We found that almost every portal contains, at least, one or more PNPs. Cm.:

Problem with the bright green button.

You have finally decided to sort all the photos on your computer. Now they are in different folders, and it is impossible to find a specific photo when you need it. That's why you download special program, which can sort your photos for you and even edit them if you want. From Download.com directly to home page there is a list of programs. You select the program you need, and a bright green “DOWNLOAD NOW” button appears, separating you from all your photo organization woes. You press the button! Great! There is no more chaos on your desktop. Except that in addition to the photo program, you also downloaded three PUPs.

There are many players involved in the distribution of potentially unwanted programs. As a result, you may encounter what is best described as “Cascading PUPs.” During installation, you may receive not one, but several PUPs in a row - one after the other.

This happens when PUPs are bundled with other PUPs. When you download and install the program you want, you agree to the installation of the PUP toolbar, without even paying attention to it. As a result, one PUP is installed, which will subsequently install other PUPs without your knowledge.

Beware of fake software updates. Most often this happens through temporary websites that have been designed for Adsense. These sites have built-in downloaders that will tell you when it's time to update your Flash player or Java. There are companies that create hundreds of websites every day with only one goal - to mislead you and lead you to their site.

There are quite a few ways how your computer can acquire PUPs. We have collected all the main methods for you. Cm.:

So who benefits from PUP?

Software providers: With each installation, the software provider (seller) receives money from the PUP developers (creators of adware). We provide examples in this article.

Download Portal: this resource, like other portals for downloading software, receives money for embedding PUPs into its installation files(bright green “Download Now” button). The software vendor typically has no part in this and does not benefit from it.

PNP: Some PUP developers work together, installing each other's products and paying each other.

But here it’s already creepy.

Recent developments of PUPs use rootkits - infections that hide themselves, their own data and other files, so that neither the user nor the operating system can notice them. By intercepting and receiving messages from your computer, they forward all the information and reports whenever they want. Use of rootkits in creation and distribution advertising programs blurs the boundaries between unnecessary trash and active malware.

This is even more clearly seen in the new PUP known as “More fast internet", which after installation will create a fingerprint of your computer. This information is then sent to the developer's server along with screenshots of your PC's active display and your IP address. Such adware grossly violates your privacy and borders on spyware.

But wait! I see a popup trying to help me! An interactive PUP is starting to scare us by showing online advertisements that try to trick us into thinking that our PCs have serious problems. This is done so that you call the specified number Support services so that they scare you even more and force you to buy their services.

Unfortunately, every day there are more and more more ways become infected. And while adware installers remain unregulated, their developers remain unregulated.

PUPs and the antivirus industry
The most frightening thing is that after such large vendors as Oracle (Java) and Microsoft (Bing and Skype) began to include PUPs in their software, ethics in the software industry seemed to be completely lost, because even manufacturers of antivirus programs that include PUPs in their software. We investigated the demon paid programs several manufacturers antivirus solutions. The results are worrying. We found that 7 out of 8 tested free antiviruses went along with the PNP. Cm.:

Emsisoft vs PUPs
The threat situation has changed significantly over the past few years. When the Emsisoft team checked the latest infection statistics, we found that 3/4 of all objects found by Emsisoft Anti-Malware today were PUPs. For recent years their number has increased significantly. Cm.:

But where there is a problem, there is a solution. We at Emsisoft support high ethical standards, which determine how we handle all threats: we always keep our users in mind. While many antivirus products unable to detect even the most common PUPs and, even worse,

PNPs account for 79% of infections

And although we do effectively combat PUPs, it is equally important that the user himself can recognize PUPs before downloading them and avoid problems.

So, to summarize:

  • PNPs want to make money from you. The most common form is to hijack your browser so that they can show you advertisements, monetize or sell your search queries and/or browser behavior or redirect your home page.
  • PUPs use aggressive distribution methods to get onto your computer. In the vast majority of cases, you simply will not know that you are installing a potentially unwanted program.
  • Most PUPs do not provide any value or benefit. PUP developers manage to get around this by paying a reward for each new installation of your software to suppliers or distributors of other programs.
  • PUPs often end up on your computer through free software providers because they come bundled with some free program. While you are installing this program, you are also installing one or more PUPs without even knowing what you have done. For this, the free software provider receives money from the PUP manufacturer.

So, now you know what potentially unwanted programs are and how they get onto your PC. How to avoid PUP?

  • Be careful, use common sense and take your time. Please read the terms or notes carefully before installation. Do not click “Accept” / “Agree” until you are sure that you are really ready to install everything that is mentioned in the User Agreement.
  • Use only reliable resources to download: for example, the official website of the product you want to download.
  • Avoid downloading from free portals and never download or install an application if it seems suspicious or malicious to you.
  • Install, update and run only recognized antivirus programs, such as Emsisoft Anti-Malware, which offers real-time PUP protection.
  • Periodically clean your computer using our free set tools Emsisoft Emergency Kit.

Happy (PUP-free) day!
Your Emsisoft team

The free AdwCleaner program is designed to remove adware and potentially unwanted software from your computer. After removing such software, the security of your computer will increase.

Many users have often encountered the implicit installation of various unnecessary software. Toolbars and browser add-ons, advertising modules and banners, toolbars, etc. similar programs, penetrate the computer during installation or after launching programs downloaded from the Internet.

The user expects to install on his computer specific program, and in the end receives such an unexpected “gift” that he will not be happy at all. In some cases, the user himself allows such programs to appear on his computer without unchecking the appropriate boxes, and without paying attention to this when installing the program. In other cases, such unwanted software enters the computer secretly, without any notification to the user.

To prevent installation unnecessary programs You can use a program that will warn you about an attempt to install such unwanted software on your computer.

Often, such unwanted software, once installed on a computer, behaves quite aggressively. Home pages in browsers are changing, new search engines are appearing, for example, such as the notorious Webalta, advertising banners etc. Webalta secretly penetrates the computer, changes the start page in the browser, makes itself the default search engine, changes the properties of the shortcut for opening its page in browsers installed on the computer.

To combat such unwanted programs, you can use the AdwCleaner program. AdwCleaner will scan your computer for adware and potentially dangerous software. Then you will receive a report, then you will be asked to remove the found adware, malware, and other potentially unwanted programs after restarting your computer.

AdwCleaner successfully removes toolbars, toolbars, ad units, hijacker programs that change the browser home page, and other similar software. Once the cleanup is complete, your computer will be safer.

AdwCleaner does not require installation on your computer. It can be launched from anywhere on the computer, from a connected disk or flash drive. The AdwCleaner utility has Russian language support and is used in the Windows operating system.

AdwCleaner download

The AdwCleaner program was acquired by a well-known antivirus Malwarebytes company. after that, changes occurred in the application interface and settings.

The article has been supplemented with a review of the new Malwarebytes versions AwdCleaner.

Malwarebytes AwdCleaner Settings

Launch Malwarebytes AwdCleaner. In the main window of the application, there are several sections in the sidebar: “Control Panel”, “Quarantine”, “Report Files”, “Settings”, “Help”.

To change application settings, open the “Settings” section. The Settings section has three tabs: Application, Exception, Details.

The “Application” tab contains options for applying certain program parameters when restoring during a basic system cleanup. Here you can set more strict rules for scanning and cleaning the system, depending on the degree of problems encountered on this computer. From here you can remove AdwCleaner.

In the “Exceptions” tab, the user adds applications to exceptions so that AdwCleaner ignores this data when scanning and cleaning.

The Quarantine section contains quarantined files.

From the “Report Files” section, you can copy the report to Notepad for saving on your computer, or for transferring to others.

Find adware and unwanted programs in Malwarebytes AwdCleaner

In the main window of Malwarebytes AwdCleaner, in the “Control Panel” section, click on the “Scan” button to start searching for unwanted and adware software on your PC.

After scanning your computer, the AdwCleaner window will display information about detected threats.

First, click on the “View Scan Report” button to get detailed information about detected objects. I advise you to read the report, as the program lists unwanted applications associated with Mail.Ru.

Remove unwanted programs and adware with Malwarebytes AwdCleaner

In the main window of Malwarebytes AwdCleaner, you can uncheck the boxes next to the found files and folders that should not be deleted in your opinion.

After reviewing the information received, click on the “Clean and restore” button.

In the reboot warning window, click on the first button; the reboot will occur after the system is cleaned of unwanted software.

Then another window will open in which you need to click on the “Restart” button.

After Windows startup, will open Malwarebytes window AwdCleaner with information about cleaning results. If necessary, you can repeat the search and deletion again unwanted applications.

Removing unwanted programs in AdwCleaner (old version)

After downloading to your computer, run executable file AdwCleaner. In the window that opens, you will need to click on the “J’accepte/I Agree” item to accept the terms of the license agreement.

Immediately after launch, the main window will open AdwCleaner programs. The program is already running and is in the “Waiting for action” mode.

To start searching for potentially unwanted and malicious programs, in the AdwCleaner program you will need to click on the “Scan” button. The program will begin the process of searching for unwanted software, scanning services, folders, files, modified shortcuts, the registry, and browsers.

After the scanning process is completed, you will be able to look at the search results for the threats found. To do this, you will need to open the tabs “Services”, “Folders”, “Files”, “Shortcuts”, “Registry”, “ Internet Explorer"and others installed browsers, in order to familiarize yourself with the detected data.

Carefully review the scan result in each tab. The program may suggest folders and files for deletion that should not be deleted from the computer. This mainly applies to services, programs and extensions of Yandex and Mail.Ru.

In the AdwCleaner program, the settings are made in such a way that, along with the removal of unnecessary toolbars, panels and add-ons, other software related to Yandex and Mail.Ru will be offered for removal. For example, the Yandex.Disk client program or the extension visual bookmarks from Yandex.

Therefore, carefully look at the list of what you found so as not to remove from your computer the add-ons or extensions that you use in your browser. Before deleting items, uncheck the boxes next to the appropriate items to prevent the programs you need from being deleted.

In this image you can see that I unchecked the boxes next to the corresponding items in order not to delete the extension " Alexa Toolbar", which I myself installed in my Mozilla browser Firefox.

In order to look general information about the data found, you can click on the “Report” button.

Your computer's scan report will open in Notepad. If necessary, you can save this report on your computer. To do this, you will need to enter the "File" menu by selecting context menu“Save as...” item.

To remove potentially unwanted programs, in the main window of the AdwCleaner program you will need to click on the “Clean” button.

Next, the “AdwCleaner – end programs” window will open. You will be prompted to close everything running programs and also save open documents on your computer. After completing the programs and saving the documents, click on the “OK” button.

The AdwCleaner - Information window will then open with information that will give you tips on how to prevent unwanted software from being installed on your computer. After reading this information, click on the “OK” button.

After this, the computer will shut down, and then the computer will restart. After starting the operating system again, a notepad will be opened with a report on the work done in the AdwCleaner program. If necessary, you can save this report on your computer.

The AdwCleaner program quarantines data deleted from the computer. If necessary, you can restore erroneously deleted data from quarantine.

Restoring data from quarantine

To restore data from quarantine, in the “Tools” menu, click on the “Quarantine Manager” item. After this, the “AdwCleaner – Quarantine Management” window will open.

To restore erroneously deleted items, you will first need to check the corresponding items, and then you will need to click on the “Restore” button.

You can remove AdwCleaner from your computer from the main program window with one click. To remove the program, you will need to click on the “Delete” button, after which the AdwCleaner program will be removed from your computer.

Conclusions of the article

Using the free AdwCleaner program, adware, malicious and potentially unwanted software will be removed from the user's computer. By removing unwanted applications, your computer's security will be increased.

In this article I will tell you what they are, where they come from and how to get rid of them.

According to the official classification, they are also called PNP(Potentially unwanted programs) ( English - Potentially Unwanted Programs (PUPs) ).

What do they threaten us with?

1. Toolbars take up valuable space in the browser window, preventing free access to necessary and useful information.

2. Occupy RAM and processor resources and, depending on their quantity, can significantly slow down your computer.

3. Almost always launched together with operating system and also with the browser, thereby significantly increase their loading time.

4. They can conduct some of their own behind the user’s back. "undocumented" activities: collect and transmit Internet browsing history to its owners, personal information, passwords, modify web pages, search results, redirect to other resources.

5. Conducting their “activities” they can greatly reduce internet speed.

6. “Free” improvers, cleaners, updates and optimizers are rarely useful, and often the opposite.

7. Not always well written and tested by programmers, they can be the cause of a wide variety of other “glitches” of the computer.

Where do they come from?

Unlike an infection called “hijack startpage” like webalta.ru apeha.ru, www.ctel.ru, www.smaxi.net, mygame.com.ua, the user is partly to blame for the occurrence of these problems. Typically, these programs honestly warn the user that they will be installed (although they may not always be as obvious as they would like).

Almost all free programs, games, as well as some paid ones, have this “freebie”:

At installing ICQ“makeweights” are hidden in the “Installation settings” item

When updating programs and plugins:

When updating Adobe Flash Player don't miss installation McAfee Security Scan Plus!

When downloading files from file hosting services:

When downloading files from the Internet, do not miss the “offer” to install some Yandex.Bar

When installing games:

When installing games, if you do not pay attention to setting the parameters, a bunch of unnecessary options will be installed

It turns out that when installing paid programs (for example, NOD32 antivirus), you also need to be careful not to “pick up” some Yandex.bar along with a photo storage service “for only 590 rubles for 1 year”:

In my opinion, embedding advertising materials into paid programs is already redneck!

I was pleasantly surprised that during installation Avira antivirus its SearchFree Toolbar is NOT CHECKED by default

What do we get?

As a result of our inattentive actions, we will get the same or similar pop-up windows, the inability to change the start page, the toolbar in the browser, new icon in tray and autorun:

Mail.ru: Managing Internet settings: “Wow, something has changed in the Internet settings!”

How to deal with this?

Ask Toolbar
Ask Toolbar Updater
AlterGeo Magic Scanner
Avira SearchFree Toolbar
Bing Bar
Carambis Driver Updater
DAEMON Tools Toolbar
Google Toolbar
[email protected]
Hamster Free ZIP Archiver
Hamster Lite Archiver
ICQ Toolbar
livetools
McAfee Security Scan
McAfee SiteAdvisor
Norton Security Scan
Rambler-Assistant
Skype Click to Call
Skype Toolbars
Ticno multibar
Ticno Indexator
Ticno Tabs
Uniblue DriverScanner
Vpets
Windows iLivid Toolbar
Yandex.Bar
Mail.Ru Sputnik

When deleting Guard.mail.ru resists and blatantly lies about the fact that he “protects the computer from malware.” In fact, it only protects Mail.ru services (start page, search, etc.)

It’s even better to use some advanced uninstaller program. For example Revouninstaller, so that it cleans up all possible “tails” behind these programs that remain in the system after normal uninstallation:

Revouninstaller uninstaller program after removing Yandex.Bar standard means finds and removes many more “tails” from it both in the registry and on the hard drive

After removing this crap, you need to manually fix it in browsers start pages, default search, remove unnecessary add-ons. Although, sometimes this is not enough: it is sometimes written so deeply into the browser that it is not possible to completely eradicate it.

In this case, it is also easier and faster to reinstall them using the uninstallation program (but do not forget that in this case, bookmarks, saved passwords, browsing history and necessary add-ons may disappear!).

http://www.1st.rv.ua/programmy-parazity-kak-izbavitsya/ — link

All these Yandex, Rambler, Mail.ru, etc. bars as sexually transmitted diseases: once during installation I did not uncheck the box in the right place- that’s it, suffer, treat and remove.

Download Revo Uninstaller:

From the developer's site

From SoftPortal servers

How to use PC-decrapifier

PC Decrapifier is a small, easy to use application specifically designed to effectively and efficiently quick removal unwanted software. On a new Windows machine, PC Decrapifier removes most of the preinstalled trial versions programs that slow down the system.

The tool is absolutely free, does everything automatically, and therefore is extremely easy to use.

You just need to launch PC Decrapifier, and the utility will automatically rid you of unnecessary junk.

Extremely useful when purchasing personal computer or a laptop on which a huge number of unnecessary programs are initially installed.

There is no need to install the program - it is portable and launches immediately after clicking on the downloaded file.

PC Decrapifier is free only for personal use. When using the program for commercial purposes, you will need a commercial license.

Good luck to all of you, be careful and don't get caught!

Good day.

I think many users have encountered similar warnings Windows Defender(as in Fig. 1), which installs and protects Windows automatically, immediately after installation.

In this article, I would like to focus on what you can do to stop seeing such messages. In this regard, Windows Defender is quite flexible and makes it easy to bring even “potentially” dangerous software into trusted programs. So…

Rice. 1. Windows 10 Defender message about detection of potentially dangerous programs.

As a rule, such a message always takes the user by surprise:

- the user either knows about this “gray” file and does not want to delete it, since it is needed (but the defender begins to pester him with such messages...);

- or the user does not know what kind of virus file was found and what to do with it. Many people generally start installing all kinds of antiviruses and checking the computer “top and bottom”.

Let's consider the procedure in both cases.

How to add a program to whitelist so that there are no warnings from the defender

If you use Windows 10, then viewing all notifications and finding the one you need is not difficult - just click on the icon next to the clock (“Notification Center”, as in Fig. 2) and go to the desired error.

If you don’t have a notification center, you can open defender messages (warnings) in the panel Windows management. To do this, go to the Windows Control Panel (relevant for Windows 7, 8, 10) at: Control Panel\System and Security\Security and Maintenance

Then, for the specific threat that the defender has detected, there are three possible events to choose from (see Figure 5):

  1. delete: the file will be completely deleted (do this if you are sure that the file is unfamiliar to you and you do not need it. By the way, in this case, it is advisable to install an antivirus with updated databases and scan the entire PC);
  2. quarantine: you can send suspicious files to it that you are not sure what to do with. You may need these halyards later;
  3. allow: for those files whose quality you are sure of. Often the defender marks game files and some specific software as suspicious (by the way, this is the option I recommend choosing if you want no more messages about the danger of a file you know well).

After the user has responded to all “threats”, you should see something like the following window - see Fig. 6.

What to do if the files in the danger message are really dangerous (and unfamiliar to you)

If you don’t know what to do, it’s better to find out and then do it (and not vice versa) :)…

1) The first thing I recommend is to select the quarantine (or delete) option in the defender itself and click “OK”. Absolute majority dangerous files and viruses - are not dangerous until they are opened and launched on the computer (usually, such files are launched by the user himself). Therefore, in most cases, when suspicious file will be deleted - your data on your PC will be safe.

Many users think that good antivirus- can only be obtained for money. Today there are some that are not bad free analogues, which sometimes give a head start to paid promoted products.

PS

Never ignore unfamiliar warnings and messages from programs that protect your files. Otherwise, there is a risk of being left without them...

Many of you have probably encountered the situation - you downloaded and installed free program, then opened the browser to find a strange bar, a changed default search engine, and a different home page. You have simply picked up a potentially unwanted program (PUP).

Usually this program packaged in installer regular programs, most often free, but sometimes found even in commercial products. They usually change browser settings in an attempt to redirect traffic to resources that generate income for the creators of unwanted software. They may also track your online behavior and then resell this data to advertisers.

Preventing the installation of PUPs

Although programs are unwanted, they are not malicious in nature and are often not detected by antivirus programs. The best protection from them - attentiveness and caution.

Always carefully read each step of installing the program and disable the checkboxes that control the installation additional programs, toolbars and extensions. If regular and custom installation, then select custom - switches for installing hidden software are often hidden there. The program can help uncheck unnecessary checkboxes in installers and warn about an attempt to install an unwanted program.

The free tool Unchecky monitors program installations and automatically disables checkboxes that lead to the installation of third-party software. The utility is available on our website.

Sometimes, when you install free software, PUPs are an integral part of the offer and you cannot disable their installation. When you encounter license agreement any program, then it is very tempting to click the “Next” button, because reading the document can take a decent amount of time. However, sometimes it is better to look at the agreement to find out that the program comes with a bunch of unnecessary “friends”. In this situation the best way out will close the installer and search for another program that does not impose additional modules.

Might be worth a look portable version programs - they do not need to be installed, which means they do not have an installer containing third-party software.

To check a suspicious installer, you can use a sandbox - in this case, unwanted software will not gain access to files in real system. You can use virtual machine, such as VirtualBox or VMware, to install applications on a separate OS.

You did everything possible to avoid PUPs, but your browser was still hacked, panels appeared in it, the page changed and search engine. If the antivirus does not detect the culprit and you cannot remove unwanted extension from your browser, try Malwarebytes Free.

Malwarebytes can scan your system for PUPs and remove them. The product can work safely in conjunction with an antivirus, and can be configured to detect PUPs and treat them like regular malware, i.e. suggesting removal.

Besides this, you can use free utilities to remove adware and PUPs - AdwCleaner, Junkware Removal Tool and Ultra Adware Killer.

Have you ever encountered PUP? How did you eliminate them? Tell us in the comments!

Found a typo? Press Ctrl + Enter



Related publications: