In this series, we will be using the flowchart below to follow the process of determining whichadwarewe are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most adware will be classified asPUPs, you will also see the occasional特洛伊木马或者rootkit, especially in the types of adware that are harder to detect and remove.
Advertisements
一切都始于广告。
To give you an idea how much money goes around in this industry, the2016年美国在线广告支出估计为620亿美元。任何能够抓住其中一部分的人都将非常乐意这样做,即使这些方法被认为是i的。当涉及这种钱时,有些人不会回避犯罪行为。抓住其中一些钱的两种欺诈方法被称为ad fraud和广告软件。如果您想了解这两者之间的区别,请阅读我的博客文章,Adware vs Ad fraud。在这篇文章中,我们将专注于广告软件,这基本上归结为您的计算机上的某些程序,向您显示的广告不会来自您访问的网站。
识别来源
We will useProcess Explorer确定广告背后的过程。通常,这将是一个浏览器,您会这样识别。但是有时候,这些广告作为没有标题栏的Windows弹出。在这种情况下,您可以在“流程Explorer”菜单中使用十字架,如下所示:
Drag and drop the cross-hairs on the window you are curious about and in the Process Explorer list of running processes the process responsible for the window will be selected (showing in blue).
现在,您有了该过程的名称,如果有更多的实例,则与之关联的过程识别(PID)。
Check where the process is connecting to
This is optional since it almost never provides any information that is useful in the removal process. Extra research, however, could tell us what family the adware belongs to and what characteristics you may expect as a result.
所以,如果你喜欢,你可以使用Windows built-in (after XP) tool Resource Monitor (resmon). To start Resource Monitor, you can use Windows Key + “R”, type “resmon” in the “Run” box and click OK.
Under the Network tab > Network activity, you will find the most specific information for any connected process.
If one process has several open connections you can click the “Image” column header to sort the processes alphabetically, which provides a better overview of what a given process might be doing. Also, check if the PID listed in Process Explorer matches the one in Resource Monitor. This should be done to make sure that you are looking at the process that is showing the advertisement.
首先浏览器
由于这将是最常见的情况,所以让我们首先处理。显示广告的窗口是默认浏览器的窗口或新选项卡。一些广告软件作者发现打开Microsoft浏览器更容易或更有效操作系统, so they will open Edge for Windows 10 and Internet Explorer (IE) for earlier versions.
Clear your browser’s cache
In Edge, the procedure is:
- Click the Hub icon, click “Clear History”
- 选择适当的选项。请注意,清除“ cookie和保存的网站数据”将导致您必须再次在每个站点登录。
- Click the “Clear” button.
For Internet Explorer:
- Click the gearbox icon
- Select Internet Options
- On the General tab click on the Delete button under Browsing history
- 选择适当的类别。请注意,清除“ cookie和网站数据”将导致您必须再次在每个站点登录。
- 如果您对自己的选择感到满意,请单击删除按钮。
对于Firefox:
- 单击菜单按钮,然后选择选项。
- 选择高级面板。
- 单击“网络”选项卡。
- 在“缓存的Web内容”部分中,单击“立即清除”。
对于Chrome:
- On your browser toolbar, click More (3 dots)
- 指向更多工具,然后单击“清除浏览数据”。
- 选择要清除的项目。
- 单击“清除浏览数据”按钮。
对于歌剧:
- In the Opera Menu choose Settings
- Select Privacy and Security
- 在隐私下,单击“清除浏览数据”…按钮
- Delete the items you wish to delete
- 然后单击“清除浏览数据”按钮
删除扩展名和工具栏
扩展程序和工具栏非常密切,以至于删除扩展名通常也将使工具栏取出。
Internet Explorer:工具(齿轮图标)>管理附加组件>工具栏和扩展名>选择一个您不信任的一(s),然后单击“禁用”
Firefox: Menu (horizontal stripes) > Add-ons > click on “Disable” behind the ones you don’t trust or don’t recall installing.
Chrome:菜单(水平条纹)>设置>扩展>在您不信任或不记得安装的菜单后面“启用”。
Opera: click the Opera icon > Extensions > Extension Manager > click on Disable below the ones you don’t trust or don’t recall installing.
Index
Part 1:
- Identify the process
- 清除浏览器缓存
- Remove browser extensions and toolbars
接下来,第2部分
- 代理
- Winsock劫持者
- DNS劫机者
Pieter Arntz
注释