According to McAfee’s 2008 The Web’s Most Dangerous Search Terms, “free” fell into the highest search term risk category. And my previous search for free stuff on the Internet ended ugly. What did I do? I searched for free things, clicked the top links, and initiated the first download on each page. This—no surprise—led me to download a bunch of adware and malware, what McAfee coined as Potentially Unwanted Programs (PUPs). For instance, a search for "free music downloads" (the worst search query from round one) left my desktop littered with them. From my download notes and desktop count, I went from three to 19 programs while adding six Firefox plugins and 12 extensions that made my browser a cluttered array of toolbars and icons. My computer was dogged with PUPs—point proven. Now this was my mess to clean up. Could I do anything to fix my computer, and was it even worth it?
Installations from downloading "free music" results:
Six Firefox plugins: Conduit Plugin 7.0.0.3, Exent AOD Gecko Plugin 7.0.0.3, GameTreatWidget 8.1.57.0, Google Update 1.3.21.145, Microsoft Windows Media Player Firefox Plugin 1.0.0.8, Shockwave Flash 11.7.700.202
12 Firefox extensions: Default Tab 2.0, Frostwire Toolbar 12.42738, MixiDJ V30 10.16.300.3, Mp3skull Toolbar initial.rev194, New Tab 5.0.0.7281, QuickShare Widget 1.1, SavetheChildren App By We-Care.com 4.1.20.1, SearchDonkey 2.6.14, Search-Results Toolbar 1.2.0.0, SelectionLinks 1.5, Yahoo Toolbar 2.5.7.20130322105505, Yontoo 1.20.02
16 programs downloaded: BearShare, Torch (Internet Browser), 24x7 Help, Free Ride Games / 7 Wonders II, FrostWire 5.5.6, Google Drive, Groove-Stream, Adobe Flash, iTunes (didn't install; it was a 32-bit version on 64-bit Windows), iMesh, inTuneMP3, PC Fix Speed, PC Optimizer Pro, SpeedItup Free, The Weather Channel App, WeatherBug
I went searching for answers on the Internet and found hints but no conclusions. McAfee’s white paper Potentially Unwanted Programs: Spyware and Adware, which dates back to 2005 when PUPs were on the rise, hinted at the worst. “Anecdotal evidence suggests that many home users and even system administrators periodically wipe out machines and reinstall from scratch or even buy completely new computers to rid them of spyware, adware, and other PUPs.” But picking up where I left off, I decided to see for myself just how easy it was to restore my computer to its normal, pristine state… if it was possible at all.
Part I: Just how bad is it?
I resumed my Windows 7 virtualization via Parallels from a more than two-month slumber on my MacBook Pro. Exactly how long had it been? PC Optimizer Pro popped up as soon as I restarted my computer. “Last Scan Performed 79 days ago. May 15, 2013 10:37pm.” According to this, I had a lot of work to do: 1,286 items. This broke down into 70 “Invalid Registry Entries," 629 “Junk Files,” and 587 pieces of “Internet Junk.” But since PC Optimizer Pro is adware itself, I didn’t trust it. Earlier, it detected “problems” after a fresh install with almost no other programs, classifying it as “scareware.”
Still, I did need to update my computer so I’d be using a current Windows version. The first 90 updates took more than two hours to download and install. From the Task Manager, adware was the obvious culprit. I was competing with a plethora of processes which I would document to benchmark my adware-infested computer against the results of my “soon," but increasingly delayed, un-installation efforts. In the interim, I slogged through adware windows, the first of which was the PC Optimizer Pro notification. It quickly got buried behind other equally “urgent” offers. SpeedItUp invoked a twist of the childhood fallen food rule, the five-second rule. It would update if you clicked "yes"… or after five seconds without you clicking on "no." Given the other program windows that greeted me (weather updates, more fictitious fixes), the Speed It Up install was guaranteed.
Restart and repeat. Two of the Windows updates didn’t install properly, so I fought off additional adware upgrades and updates to re-install. At least SpeedItUp had the decency to nominally ask for permission. My PC Backup started the installation wizard without any prompts. By this point, I had seen enough. I killed as many adware-running processes as I could and watched as the install processes worked their way to the top. (The updates completed installing just a few minutes afterward.) In total, it took six hours of getting my computer down to speed on performance to get it up to speed on updates.
In order to see the uninstallation improvement, I decided to take a ‘free music downloads’ adware inventory to see what I was dealing with compared to my original “plain vanilla” Windows 7 install. Taking the tally of my Control Panel yielded the first surprise. As it turns out, several programs installed that I’d forgotten about, since they didn’t make their presence known on the desktop or in Firefox extensions/plugins: an executable file of the Ask Toolbar, Sea App by Growth Systems LLC (Internet Explorer-only), and Music Oasis by W3i, LLC. That brought the initial program count to 18 programs (19 if you consider the Internet Explorer-only app to be a program).
In the image above, note the unstable oscillations between the blue and yellow Search Settings notification wars. These were ongoing, flickering back and forth in the lower right corner of my screen. Apparently I installed duplicate Ask Toolbars. I was able to uninstall one with difficulty, but not the other. Ask once, you’ll be in trouble. Ask again…and apparently you’ll be Ask-ing forever!
In the adware updating that took place, I “upgraded” FrostWire, SpeedItUp, and PC Optimizer Pro. That last update also included an automatic installation of My PC Backup. I clicked on the Exit window and closed it, but this didn’t actually stop the installation. This is a known tactic both McAfee’s PUP Report and the DEFCON 18 talk My Life as a Spyware Developer warned about. The additional version of the Ask Toolbar apparently became FrostWire’s Samaritan and savior in the process (“Installing this component will ensure the future of FrostWire!” said the splash window text). According to the Control Panel, somewhere in all of this my Free Rides Games Player added two more passengers: Mahjong Mysteries of the Past and My Farm Life 2. All aboard, I suppose—let the benchmarking begin.
I used default settings for space allocation in making my virtual machine—2GB—so additional processes primarily resulted in a delay time until launch. Nevertheless, my CPU and memory usage still shot up to hover constantly close to 100 percent after the downloads when compared to my Plain Vanilla version. The new programs created a big backlog for the adware infested version, and the running processes increased from 44 to 77 by default (that is, without opening any programs or touching anything in either case after a computer restart).
I also noticed a sharp uptick in startup processes. Fourteen new ones appeared in the free music downloads version, along with three applications which were running upon startup. (That's up from zero in the Plain Vanilla OS.) I was getting a lot for no money. It was time to try to rid myself of the freebies which were costing me no money, just so much time.
| Desktop version | Task Manager apps | Running processes | Sys Config startup processes | Firefox memory usage upon opening | Time to open browser and search "test" |
|---|---|---|---|---|---|
| Plain Vanilla (Windows 7 install) | 0 | 44 | 5 | ~75M | Less than 10s |
| Post-"free music" downloads | 3 | 77 | 19 | ~300M | More than 12m (19m to access extensions, plugins) |
Sys Config Startup Processes (Additions from Plain Vanilla to Post-Download): 14
Yontoo Desktop by Yontoo LLC, WeatherBug Desktop by AWS Convergence Technologies, Inc., EXETender Client by Exent Technologies Ltd., Search Protect by Conduit, Smartbar by Smartbar, BearShare by MusicLab, LLC, The Weather Channel App by The Weather Channel, SpeedItUp Free by MicroSmarts LLC., Data Manager by iMesh Inc., Search Protect by Conduit, PC Fix Speed by Crawler.com, 24x7Help by Crawler, LLC, ASK TBNotifier by APN, FrostWire by Frostwire.Task Manager Apps (Additions from Plain Vanilla to Post-Download): 3
Weatherbug, PC Fix Speed, The Weather Channel App
reader comments
167