How do I find the source of my virus that creates popups when new programs start up [duplicate]

Posted on


I have a virus on my windows computer. It seems to create new chrome tabs when I start using a new application. For example, if I go to Youtube and I start up flash, it may create a new tab.

When I navigated to the superuser question entry field it created a new tab and that tab was an advertisement for a survey to win 50 bucks.

A friend of mine commented:

Hmmmm. You might be able to delete it manually if you find where it is
on your computer. If you go in the Task Manager, there’s an option to
show the command line argument that was used to run a program so you
might find its filepath that way. You could also just try and stop it
from launching by deleting the launch operation from the Windows
Registry. Just google Regedit and find the section for .exe files and
check if there are any fishy things in it.

Any help is appreciated! :3

Windows 8


I’ve run

avast antivirus
ad-aware antivirus

ad-aware quaranteened some files, but the problem persists.


I assume this issue also occurs across different browsers not just Chrome? Do a test…can you download a new browser ie Firefox , fresh install and see if the ads still pop up right away.

It is very likely and simply a resident program and can be killed from within Task Manager — Just post here a list of your running tasks and we can tell you which one is the evil doer. Sadly i dont have Windows 8 (only using W7) so i may not be entirely familiar with all the new System processes. I suggest you open Task Manager, right-click for Properties for each running process and identify and close each app (via “End Process”) that is not an executable file located within the C:Windows folder. And then see if the pop ups still persist. Also run Microsoft’s monthly updated “Malicious Removal Tool” (type “mrt.exe” from the Run dialog — assuming the tool is updated for July 2013) to make sure none of your System files have been tampered with. Yes the obvious thing a spam tool writer would do is copy their file into the system folder and rename itself as a benign filename but just want to narrow the field. After you do all that and the problem persists then jump into the Services (via “services.msc” from the Run dialog) and turn off Services that are not system specific. You should be able to identify which ones via “msconfig” (via Run dialog) and clicking the “Services” tab and selecting “Show only non-Microsoft Services” — the ones that remain try turning them all off (or rather: Stopping the service) and then checking your browser.

Another possiblity is that they replaced your winsock stack with their own infected one which monitors your in/outs.

If they are really creative they could simply inject their dll into a running browser like Chrome which then it could do all sorts of things.

But in most cases you have a evil running process (or service) which can be spotted and killed via he Task Manager.

Anti-Virus/Anti-Malware tools aren’t very reliable since its way too easy to make apps to get around them. Experience to know what is happening and why is the best defense.

Leave a Reply

Your email address will not be published.