# Junkware tools



## BackwoodsBob (Dec 17, 2020)

I read the virus removal 101 thread. Where does one get the programs listed? I saw on the very first post is an attachment. Is that where they are? I personally don't click on random stuff on a web page. A tiny bit of instruction on where to get these programs would be appreciated.
Thanks.


----------



## sneekypeet (Dec 17, 2020)

First, mods tend to vet links.
Second, Solaris17 is not malicious.

I see a list of free programs, you would need to search and download those. As to the file at the end, I think that is a script he wrote to finish the process.... Skimmed that thread, did not read.

You could have also asked about this in that thread, but let me tag @Solaris17 so you can get the proper take on what that thread provides.


----------



## Bill_Bright (Dec 17, 2020)

If interested in a specific tool, Google it and visit the developers website to get the latest version. 

And you are wise to be wary of "random stuff" on a webpage. But first, Solaris17 is moderator on this site, a site that has been around for many years and is well known for helping people. Solaris (nor anyone else) would not be here for long if they posted something malicious. And second, I would hardly call any link posted in that that thread "random".


----------



## lexluthermiester (Dec 17, 2020)

BackwoodsBob said:


> I read the virus removal 101 thread. Where does one get the programs listed? I saw on the very first post is an attachment. Is that where they are? I personally don't click on random stuff on a web page. A tiny bit of instruction on where to get these programs would be appreciated.
> Thanks.


Your caution is understandable but unwarranted here at TPU. TPU strives to be a place where people can find information and solutions to problems. What is it you want to do and perhaps we might be able to help you?


----------



## Solaris17 (Dec 17, 2020)

The list of tools by their real names is in post 2.









						Guide: Virus Removal 101
					

Rules of the road  THIS IS NOT FOR INFECTION HELP! PLEASE MAKE YOUR OWN THREAD! THIS IS MEANT FOR BEGINNERS BE NICE! YOUR OPINIONS ARE YOUR OWN THIS GUIDE FOCUSES ON FACTS AND EXPERIENCE!  Information and Scope  About  Hello! This thread was created by request and support from a few member of...




					www.techpowerup.com
				




The script automates the download of them, though admittedly I probably need to give it a once over. Still googling the names will get you what you need. The actual instructions on how to use them have not changed.


----------



## BackwoodsBob (Dec 18, 2020)

sneekypeet said:


> First, mods tend to vet links.
> Second, Solaris17 is not malicious.
> 
> I see a list of free programs, you would need to search and download those. As to the file at the end, I think that is a script he wrote to finish the process.... Skimmed that thread, did not read.
> ...





Bill_Bright said:


> If interested in a specific tool, Google it and visit the developers website to get the latest version.
> 
> And you are wise to be wary of "random stuff" on a webpage. But first, Solaris17 is moderator on this site, a site that has been around for many years and is well known for helping people. Solaris (nor anyone else) would not be here for long if they posted something malicious. And second, I would hardly call any link posted in that that thread "random".




Ok, no one get uptight, didn't realize the author was a mod. I meant no disrespect. 
Is BleepingComputer.com a safe place to download that stuff from? Or dev only?
Trying to remove adware from a windows 10 i5 processor laptop.
Thought I had it all out, laptop is still running slow and the pop ups have calmed down greatly, but they still are there.
Ran SecuritySuite and McAfee through it separately, and they don't detect it. Seems to be instalcore by hdsetup.



Solaris17 said:


> The list of tools by their real names is in post 2.
> 
> 
> 
> ...



They look like hyperlinks, but they don't work. Not sure if they were supposed to.


----------



## Bill_Bright (Dec 18, 2020)

BackwoodsBob said:


> didn't realize the author was a mod. I meant no disrespect.


I believe you meant no disrespect. So no problem there (at least not with me). But it is not just the fact he is a mod. In fact, that really has little to do with it. 

On any site, not just here, look at the poster. If you, BackwoodsBob, posted a link, I would not trust it or you at all. Why? Because you just joined this site a couple weeks ago and only have 18 posts. You have no reputation here, and I personally don't know you from any other site I frequent. 

I have been here for years and have nearly 7,800 posts (and that's peanuts compared to the other participants in this thread). But my point is, I would not be here or even lasted a month if I posted "random" or malicious links. That is, I would have been banned years ago.

Yes, BC is considered a safe site for downloads. But as lexluthermiester suggested, you can get excellent help here. 


BackwoodsBob said:


> Trying to remove adware from a windows 10 i5 processor laptop.


Okay, but it should be noted that adware is not necessarily bad or malware. Especially if you are talking about the "junk" computer makers "foist" on new systems. 

It may be annoying and often unwanted, yes. But not malicious. And some may actually be useful. So it is no surprise security software would not remove it. 

PC Decrapifier is pretty good at uninstalling many unwanted extras typically installed on factory built computers. But I prefer to go through Control Panel first, and uninstall via the Programs and Features applet. At least for those programs listed in there. 

FTR, this junk pre-installed on new computers is one reason I always build my own PCs and install the OS from scratch - without any junk. If there was a thriving, competitive and non-proprietary laptop parts industry, I would build my own laptops too. But sadly, with no ATX Form Factor type standard for laptop parts, no such non-proprietary parts industry will ever exist.  I know some users, when they buy a new laptop, they do the old "format and reinstall" from scratch routine just to get rid of all that (and any potentially real malware installed at the factory - thanks to Lenovo - but that's for another discussion).


----------



## BackwoodsBob (Dec 18, 2020)

Bill_Bright said:


> I believe you meant no disrespect. So no problem there (at least not with me). But it is not just the fact he is a mod. In fact, that really has little to do with it.
> 
> On any site, not just here, look at the poster. If you, BackwoodsBob, posted a link, I would not trust it or you at all. Why? Because you just joined this site a couple weeks ago and only have 18 posts. You have no reputation here, and I personally don't know you from any other site I frequent.
> 
> ...


This is not a new machine. This is not me being picky about something. When I click links, like on craigslist, another whole new window pops up with advertisements. With the link that I clicked. This has started within the last couple weeks and seems to be getting worse until I deleted the hdsetup.exe file in my downloads folder. That didn't kill it completely. Or it did until the next day. I quit using Google Chrome but am unhappy that my laptop is infected.
I am about of the same mind as you when it comes to commercially made computers. I would rather build than buy and I would build a laptop if there were parts available, only more for the challenge.


----------



## Caring1 (Dec 19, 2020)

Sounds more like a Browser Hijacker than an infection.
Something you downloaded might have had a check box you didn't uncheck and it allowed an extra download of something like ASK which is a major pain to remove.


----------



## BackwoodsBob (Dec 19, 2020)

Caring1 said:


> Sounds more like a Browser Hijacker than an infection.
> Something you downloaded might have had a check box you didn't uncheck and it allowed an extra download of something like ASK which is a major pain to remove.


ok, so will the tools listed in the thread virus removal 101 do the trick? Do I need to search for something in particular in one of the file systems?
I read that installcore was usually in pdf's and the like. Tried looking through all the stuff using the msconfig command and didn't see anything suspicious.
I only think it is installcore because of the instance of hdsetup.exe found in the download folder which another thread referred to. 
Once I deleted that file, the instances of the pop ups decreased but they are still there. Changing browsers hasn't helped.
The stuff that pops up is full sized windows advertising honey.com coupons.
A quick search on google looks like it is associated with Amazon.


----------



## FreedomEclipse (Dec 19, 2020)

Probably want to run malwarebytes. I used to run Spybots&d too but I think that fell out of favour a long time ago


----------



## BackwoodsBob (Dec 19, 2020)

FreedomEclipse said:


> Probably want to run malwarebytes. I used to run Spybots&d too but I think that fell out of favour a long time ago


What are the chances it is something simple like a browser extension? I don't currently have it here to check. Trying to get it figured out before she comes back.


----------



## FreedomEclipse (Dec 19, 2020)

BackwoodsBob said:


> What are the chances it is something simple like a browser extension? I don't currently have it here to check. Trying to get it figured out before she comes back.



I dont have a crystal ball in front of me so i wont know. if youre on chrome, they are normally pretty good at filtering out extensions that are dodgy or have turned dodgy for one reason or another. Check all your browser extensions. maybe turn them all off to test out if you still get ads/redirects.

though i dont know if your problem is a problem with adware/spyware or viruses. Either way, running malwarebytes doesnt hurt and will only take a few mins.


----------



## SomeOne99h (Dec 19, 2020)

BackwoodsBob, follow FreedomEclipse advice regarding Malwarebytes anti-malware Free. It is one of the best malware remover. I think I saw Bill recommending it before and even my IT friend recommends it. It only has a manual scan, however it may try to activate the premium edition for 14-trail, disable that if it does.
After getting it installed, do a full manual scan









						Thank you for downloading Malwarebytes for Windows | Malwarebytes
					

Malwarebytes free anti-malware software uses industry-leading technology to detect and remove worms, Trojans, rootkits, rogues, dialers, spyware, and more.




					www.malwarebytes.com


----------



## Bill_Bright (Dec 19, 2020)

BackwoodsBob said:


> When I click links, like on craigslist, another whole new window pops up with advertisements.


On what browser? Have you tried other browsers? Do you use an adblocker? I use uBlockOrigin on Edge (my primary/default browser).


----------



## ThrashZone (Dec 19, 2020)

Hi,
Use In-Private browsing should show if it's browser add-on causing the issue if so remove the add-on

New findings of avast


----------



## BackwoodsBob (Dec 19, 2020)

FreedomEclipse said:


> I dont have a crystal ball in front of me so i wont know. if youre on chrome, they are normally pretty good at filtering out extensions that are dodgy or have turned dodgy for one reason or another. Check all your browser extensions. maybe turn them all off to test out if you still get ads/redirects.
> 
> though i dont know if your problem is a problem with adware/spyware or viruses. Either way, running malwarebytes doesnt hurt and will only take a few mins.



I will check it out thanks.




SomeOne99h said:


> BackwoodsBob, follow FreedomEclipse advice regarding Malwarebytes anti-malware Free. It is one of the best malware remover. I think I saw Bill recommending it before and even my IT friend recommends it. It only has a manual scan, however it may try to activate the premium edition for 14-trail, disable that if it does.
> After getting it installed, do a full manual scan
> 
> 
> ...



I will do it, thanks




Bill_Bright said:


> On what browser? Have you tried other browsers? Do you use an adblocker? I use uBlockOrigin on Edge (my primary/default browser).



Google Chrome and Firefox. Have tried other browsers with the same result. I have run a couple of antivirus programs through it already, thats why I am asking about other things it could be. Something that has permission and doesn't show as adware. Will try malwarebytes when I get it back.


----------



## FreedomEclipse (Dec 19, 2020)

Also there is no harm giving adwcleaner an run either - its made by malwarebytes too

Though i think this also fell out a favour a long time ago but people obviously still use it because they keep it updated.

No harm running both. Malwarebytes (the program itself) is also a good app to keep around for the on demand scanner


----------



## ThrashZone (Dec 20, 2020)

FreedomEclipse said:


> Also there is no harm giving adwcleaner an run either - its made by malwarebytes too
> 
> Though i think this also fell out a favour a long time ago but people obviously still use it because they keep it updated.
> 
> No harm running both. Malwarebytes (the program itself) is also a good app to keep around for the on demand scanner


Hi,
Malwarebytes bought adwcleaner so they didn't make or create it.


----------



## BackwoodsBob (Dec 22, 2020)

Just a quick thanks to everyone who posted. I got it figured out. Anyone else who is having webpages open randomly, if your virus tools don't get it, it is because it is an extension, not a virus. Check your web browser extensions.


----------



## SomeOne99h (Dec 22, 2020)

BackwoodsBob said:


> Just a quick thanks to everyone who posted. I got it figured out. Anyone else who is having webpages open randomly, if your virus tools don't get it, it is because it is an extension, not a virus. Check your web browser extensions.


I am glad that you got it fixed! You can be useful if you actually tell us what was it? This could help us later to help others.


----------



## FreedomEclipse (Dec 22, 2020)

It might not even have been an extension tbh. Sometimes websites have these popup push notifications that spam you with ads if you agree to it or allow them and they'll keep popping up even if you've left their website.


----------



## BackwoodsBob (Dec 23, 2020)

SomeOne99h said:


> I am glad that you got it fixed! You can be useful if you actually tell us what was it? This could help us later to help others.


It was an extension. I was using Chrome but it was popping up on Firefox too. I used this article to fix it.









						How to Uninstall Extensions in Chrome, Firefox, and Other Browsers
					

Most modern browsers support extensions, which add additional features to your browser. But the fewer extensions you have installed, the speedier your browser should be. Here’s how to uninstall or disable extensions you don’t use.




					www.howtogeek.com
				




Once you follow the instructions, there may be some extensions that have a warning that they do not meet protocol. Click them to turn them off and delete them. Easy Peasy. You can also use this opportunity to get rid of anything that sounds fishie. Cards.com came up on mine. I have never been to cards.com...

The problem was that adware called instalcore was downloaded. The file name is hdsetup.exe. It was in my downloads folder. Once I deleted it, the number of times the thing went screwy on me seemed to decrease, maybe it was me, but they still popped up.
It is sometimes associated with PDF's and toolbars. This instance seems to be involved with streaming services. Once installed, it randomly opens a new window in your browser with an ad for something totally unrelated to what you are doing. Looking at ads on Craigslist? Here is a page for Honey.com to go with that, on the house.

So you freak out thinking you have a virus and curse your virus program as you are scrambling for a different one. But of course the antivirus program doesn't find it, because it isn't a virus. It's an extension.
Sweet deal, huh?

Moral of the story?  If you want to watch T.V. on your P.C., like I do, go to your tv providers site or someone who has a reputation at least.

Edit: The extension was Watch TV Now. The silly thing even knew it contained malware. Another Extension called Stream It  violates the web store Policy, it too went away for good measure


----------



## ThrashZone (Dec 23, 2020)

Hi,
Haven't seen anything weird from sites like azm.to / noxx.is / 123movie / tubi / actvid /.... I just use ublock origin browser addon and firfox though


----------



## micropage7 (Dec 24, 2020)

BackwoodsBob said:


> It was an extension. I was using Chrome but it was popping up on Firefox too. I used this article to fix it.
> 
> 
> 
> ...


yea that's why i hate when my friends want to borrow my laptop and then they said nothing when alot of pop ups filling the monitor


----------



## Caring1 (Dec 25, 2020)

BackwoodsBob said:


> Just a quick thanks to everyone who posted. I got it figured out. Anyone else who is having webpages open randomly, if your virus tools don't get it, it is because it is an extension, not a virus. Check your web browser extensions.


Glad you figured it out after my post basically said it could be an extension, not a virus, sorry it wasn't clearer for you.


----------

