kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#1
Hi everyone,

Today, I am going to be going over how someone may use AdwCleaner to fix a adware infection on their system. For the purpose of this guide, I will be using a Virtual Machine.

AdwCleaner is an easy-to-use tool which will scan your system for known adware/unwanted programs (including Hijackers - e.g. web browser hijacker). It will scan: Services, Folders, Files, Shortcuts, Scheduled tasks, Registry, Internet Explorer, Firefox and Chrome. It also scans for Toolbars.

Downloading AdwCleaner
Before we can go in and explore AdwCleaner by Xplode, we first need to download the tool. The tool can be downloaded from the following URL: http://www.bleepingcomputer.com/download/adwcleaner/

Once downloaded, you could move it to a area for it to be easily accessed. I tend to create a Folder called "MalwareRemoval". In this folder, I store AdwCleaner inside. (NOTE: I recommend you just save it to the Desktop).




Using AdwCleaner
Before opening this tool, it may be a good idea to close down your programs e.g. Skype, Web Browser (IE, Chrome,...), Visual Studio, Windows Media Player, Photoshop,...

To start off, open up AdwCleaner. Once opened, it should look like in the below screenshot (hidden in the spoiler):

As we could see from the above spoiler, the User Interface is quite simple. We have text displayed on the interface to display the status/action being carried out by the tool, a button to start the Scan, a button to start Cleaning, a button for creating a Logfile, a button to Uninstall and underneath that a area called "Results" in which beneath it we have some tabs containing a area for information to be listed.



**The logfile button does not create the log, however it opens the log made by AdwCleaner most recent to that session**

Starting a scan
To start a scan, all you have to do is click the Scan button. Upon being clicked, the scanning process will start. AdwCleaner will start by loading it's database, and then it will start scanning your system to see what it can find.


The scan time usually takes around 3 - 10 minutes. Of course its always possible it can go over this time limit.
Once your scan has completed, your results will be displayed in the results area and the status will be changed too, "Waiting for action. Please uncheck elements you want to keep.".


You should now go through each tab and check the detections in case of a false positive detection.

NOTE: A false positive may occur with any product. You must make sure you check the detections before carelessly deciding to clean everything.

You can see my results:








**Shortcuts tab is empty - no detections found for this, therefore I shall not post a screenshot of it**





**The Internet Explorer, Firefox and Chrome tabs are empty therefore I didn't feel the need to add a screenshot for them**

As we can see from the above results (check the above spoiler), AdwCleaner found many items. These items were relating to 2 pieces of software: Reimage Repair and PrivDog.

Cleaning
When you are happy with the checked detections (uncheck items you do not want removed), to clean them all you have to do is click the button with the caption Cleaning:




AdwCleaner will alert you that for the cleaning process to start, it must close down your programs. To continue and have it start the cleaning process, you must accept this and select OK.




The cleaning process will now start. Once the cleaning process has ended, you will be presented by the alert shown in the below screenshot. It also contains some tips at the end of it.



After clicking OK, you will receive another popup prompting you to restart your system.
On reboot, AdwCleaner will have the rest of the cleaning process complete. **Check the Uninstall section below**

Logs
After the cleaning process reboot, you will be prompted by a log opened in a text editor (usually notepad if this is your default text editor) about the cleaning process.

To find all the logs from the scans/clean up process of AdwCleaner, go to: System Drive\AdwCleaner\ (e.g. for me this is: C:\AdwCleaner\)

The logs will be found here:



If you open up the text files you will see the AdwCleaner information:





Uninstall
When you are finished with AdwCleaner, you can use the Uninstall option.
Upon clicking, you will be prompted with another window mentioning a Quarantine folder. Well, if you look back at the Logs area above, you may notice a folder called "Quarantine". Inside this folder contains the files detected by AdwCleaner. When you use the uninstall option, AdwCleaner will remove this Quarantine folder (as well as itself), really deleting it instead of just having the detections moved to the Quarantine folder.




Quick info:
While some of you may be thinking, "I'll just leave my main Antivirus product to sort out what this tool can do", this tool has been proven to be effective and is very handy during the cleaning of a infected system (adware related). Of course, the system became infected in the first place during the use of their main Antivirus.

Logs are useful when someone else is assisting you (and for you too). It allows them to see what was successfully moved to Quarantine, etc, and what was detected. This is good for when a Malware Removal Expert is helping you clean your system, too.

AdwCleaner is a handy tool to have on your system. You may or may not ever need to use it, but it's always a good assist in case of any adware troubles you may one day experience.

Cheers. ;)
 
Last edited:
S

starchild76

Guest
#2
thanks for this extenive review if ADWcleaner , I run this plus several other little tools from my toolbox once every three months , just to make sure that my system is squicky clean ;) alternatevily too the uninstall option , you could use the DELFIX tool ( also made by xplode from ADWcleaner ) to get rid of all the logs and program files. it supports a comprehinsive list of tools that can be cleaned up after usage ;)
 

kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#4
thanks for this extenive review if ADWcleaner , I run this plus several other little tools from my toolbox once every three months , just to make sure that my system is squicky clean ;) alternatevily too the uninstall option , you could use the DELFIX tool ( also made by xplode from ADWcleaner ) to get rid of all the logs and program files. it supports a comprehinsive list of tools that can be cleaned up after usage ;)
Yeah, I agree about AdwCleaner. I might make a thread about DelFix, soon.
 
Joined
Mar 18, 2015
Messages
151
#10
As a general rule, all malware removal tools have to be placed on the Desktop. This is true with AdwCleaner since using it from somewhere else can cause the tool to flag legit extensions as malicious.

Case in point, I ran it from my E: partition - it flagged LastPass and Web of Trust.
 
Joined
Mar 18, 2015
Messages
151
#11
No problem, I will have it listed. :)

I will make a thread about other tools like: ZOEK, DDS and FRST beforehand since logs from those tools can help identify if the user actually needs to use ComboFix or not; ComboFix can do damage instead of good if used incorrectly.
The public tutorial for Farbar Recovery Scan Tool is at Geeks to Go: How to use Farbar Recovery Scan Tool

DDS is outdated and no longer in use. Also it does not work with Windows 8.1.

Zoek is a very complicated scripting tool and not recommended for ordinary use.

And also please do NOT make a thread on "how to use ComboFix" - the tool should only be used under the supervision of a trained malware removal expert. More information can be found here: ComboFix questions, Usage, Help? - Look here

If anyone wants to use ComboFix, seek assistance in sites offering free malware removal support - not on their own.
 

kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#12
DDS is outdated and no longer in use. Also it does not work with Windows 8.1.

Zoek is a very complicated scripting tool and not recommended for ordinary use.

And also please do NOT make a thread on "how to use ComboFix" - the tool should only be used under the supervision of a trained malware removal expert. More information can be found here: ComboFix questions, Usage, Help? - Look here

If anyone wants to use ComboFix, seek assistance in sites offering free malware removal support - not on their own.
I actually agree with you in a way. :)

Cheers. ;)
 
Last edited:

kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#13
As a general rule, all malware removal tools have to be placed on the Desktop. This is true with AdwCleaner since using it from somewhere else can cause the tool to flag legit extensions as malicious.

Case in point, I ran it from my E: partition - it flagged LastPass and Web of Trust.
As mentioned in this article:
When you are happy with the checked detections (uncheck items you do not want removed)
When someone uses AdwCleaner they will most likely know if something like Web Of Trust or LastPass should be checked. Nonetheless, even if the user did let AdwCleaner clean it, they could just redownload and reinstall them after fixing their system.

But yes, I will edit the thread and mention the desktop.

Cheers. ;)

EDIT:
I understand the members concern about Combofix, and after thinking about it I then decided that yes, it would be a bad idea to make the thread - it would take more than a thread to learn how to properly use it. It would require proper training, otherwise you may one day damage your system using it after thinking you should use it based on the knowledge you'd been given.

For anyone interested in learning how to use the tools MRE use, look into getting UNITE certification (going through the training process first of course). That is just a suggestion.

What do I think? I think that if you want to help clean malware from an infected machine for someone, you do not require UNITE. The developers at Antivirus companies before UNITE existed managed just fine to develop the cleaning capabilities which were good back in those days. So why can't people learn without UNITE now using the tools offered to them currently? However, I should note that back in those days the engineers at Antivirus companies would have been very experienced and knew what they were doing.

However, what I will say is there is a lot more to cleaning malware infections than you think. UNITE will teach you a lot and help you get there, but it isn't impossible to do it without them.

Anyway, for this reason I shall not make a Combofix thread... But just bear the above in mind. ;)
 
Last edited:
Joined
Mar 18, 2015
Messages
151
#15
As if the number of people seeking help from ComboFix trashing their machines isn't enough already...

May I ask, have you had any malware removal training of any kind? sUBs made CF specially for malware removal experts and not for normal people (it is exactly why there is no public tutorial for ComboFix).
 
Likes: kram7750

kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#16
May I ask, have you had any malware removal training of any kind?
All my knowledge I learnt on my own through tough years of education in my own time. (edited this - I did not like my original reply, it needed to be changed).

Of course I didn't just "self teach", however a lot of knowledge was self taught through trying and experimenting with things, reading documentation available online to things, ... Constant practise and patience...

If someone is patient enough and is willing, they can learn and become a good expert in the security industry without something like UNITE. However, UNITE does have very informative guides available and is a nice thing for someone to go through to help them.
 
Last edited:
Joined
Mar 18, 2015
Messages
151
#17
(really hate edited posts...)

I mean training at one of the UNITE sites - they are the only places I know to offer proper training in the use of ComboFix.

If you like to hide information, feel free to pm me your UNITE name and I'll look it up. No probs, right?
 
Last edited:

kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#18
I mean training at one of the UNITE sites - they are the only places I know to offer proper training in the use of ComboFix.

If you like to hide information, feel free to pm me your UNITE name and I'll look it up. No probs, right?
No, I am not UNITE certified. But it's not all about UNITE. ;)

But I actually agree with you now... And for this reason, no thread on ComboFix. It may tempt people to think they know how to use it all the time and then... Issues arrive.
 
Last edited: