An advertising virus is a fairly common phenomenon on the Internet. Threats of this type can conditionally be divided into relatively safe (browser hijackers) and very dangerous (spyware, ransomware), which are capable of blocking the system of all sorts of messages that the user was viewing forbidden content, with the subsequent requirement to pay some amount to unlock. Sometimes they can intercept the user registration data of some sites or the same social networks and even steal passwords, for example, from credit cards, etc. Viruses of the PUP family apply to both of them. Therefore, as soon as the first signs of the introduction of such a virus and its effect on the system were noticed, urgent measures were needed. But not all protection tools can determine it, deactivate it or remove it from the computer.
PUP.Optional: what is this virus?
Before considering the virus itself and methods for neutralizing it, you should understand the entire group of such threats. PUP viruses are potentially unwanted programs (the English term is Potentially unwanted program). That is why some applications designed to protect the personal data of the user and the computer in the sense of affecting the operating system may not determine it at the stage of threat penetration.
Some programs prefer to offer the user a choice of actions, and when notifications of this nature are disabled, the virus can easily slip through protection (the antivirus itself believes that “potentially unwanted” does not mean “potentially dangerous” (this situation can also be observed with completely legal programs) )
Varieties of threat
If we talk about the threat under consideration, it is worth considering that there are a lot of varieties of this virus, but the most common are PUP.Optional.InstallCore and variations of RussAd, Distromatic, Ask, etc.
The first modification is pure hijacker of the browser, which, if not removed on time, can transform into a spy, which, in addition to adding a huge amount of advertising to browsers, begins to actively use confidential user data. The second modification is called PUP.Optional.RussAd. What is this virus? It differs from the first one in that it deactivates the AdBlock add-in in browsers, which is responsible for blocking pop-up windows, various kinds of menus, banners, etc. The add-in is disabled, an empty icon appears instead of the icon, when you click on it, a message appears in the browser that Web-page is unavailable.
Signs of system exposure
Now directly about the threat PUP.Optional. What is this virus and how does it affect the system? Just like all the other hijackers.
First, the start page and the search engine installed by default are changed in the browser, then even when visiting harmless resources the browser is filled with advertising and constantly pop-up banners, it spontaneously redirects to other sites, up to those that contain dangerous threats, and the speed of the Internet connection slows down.
But these are only the first symptoms. This adware virus installs additional software (usually it is Search Protect by conduit and WebCake 3.00 applets) and introduces additional panels and add-ons into browsers (Babylon Toolbar or versions for a specific browser, for example, Babylon Chrome Toolbar). Thus, the process of neutralizing the virus consists precisely in the removal of all these components.
How to remove an adware virus from a computer?
Unfortunately, most anti-virus packages (with rare exceptions) are ineffective in combating this threat.
Therefore, in the simplest case, you will have to use specialized narrowly targeted utilities. Pretty good tools can be Malwarebytes software products, for example, the stationary Anti-Malware package or the portable AdwCleaner utility. But the widely advertised SpyHunter program is not recommended to be installed, at least because it will be very difficult to get rid of it later.
Windows Removal
Now let's see how to remove an adware virus from a computer using the system tools if third-party software protection in the form of scanners did not help. On Windows, you can remove the PUP.Optional threat components. What kind of virus it is and what additional elements have been installed is already clear.
To deactivate a threat, you should first use the standard “Task Manager”, in which you need to deactivate all suspicious processes and services (no browser should be running at the moment). If processes with a browser name are displayed in the background, they should also be stopped.
Further, in the programs and components section of the “Control Panel”, the above programs and panels are uninstalled.
To remove these components, it is better to use third-party tools like iObit Uninstaller, with the destruction of residual files and registry keys, so as not to do it manually. Upon completion, you can proceed to the next step.
Clear and reset browsers
As already understood, the deletion of the components of the virus is not limited to. On installed browsers, add-ons can remain active. First of all, you should delete them in the "native" Windows program - Internet Explorer, and for users of the tenth version of the system - also in Edge. This is done from the add-ons management section.
But first you need to clear your browsing history, delete the cache and clear cookies. It is also advisable to delete all personal data. After that, you should change the start page and restart the system.
For complete reliability, some experts in the field of neutralizing virus threats recommend completely resetting your browser settings. For this, any program of this type uses a special reset button (Reset).
Exactly the same technique applies to other browsers. Please note that if you do not perform such actions in the "native" Windows programs, the virus may be activated again after a while.
For Microsoft Edge, an extended reset may be used. In the "Explorer" you need to find your user folder and go to the destination folder along the path AppData \ Local \ Packages \ Microsoft.MicrosoftEdge_8wekyb3d8bbwe, in which you should delete absolutely everything that is there.
After that, on behalf of the administrator, the PowerShell console starts (the command of the same name in the Run menu, it first writes the line PS C: \ WINDOWS \ system32>, and then the main command Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add -AppxPackage -DisableDevelopmentMode -Register $ ($ _. InstallLocation) \ AppXManifest.xml -Verbose} Only after such actions can you be sure that the threat has been successfully removed from the system.
Conclusion
That, in fact, is all about the PUP.Optional threat. What kind of virus it is is already clear. Unfortunately, you should not rely on third-party tools to remove it, so in most cases you will have to deactivate the threat yourself, so be patient.