An Ad-Ware Horror Story

A screenshot from Microsoft's campaign about using pirated software.
This is what happened to me yesterday... technically speaking.
If you've been in the Internet long enough (and are familiar with Internet and all threats within), you're bound to know about ad-ware (or adware, whichever one is right doesn't matter). If you don't know, then I'll gladly give you a brief explanation.
Generally, computers (that have contact with the outside) have two kinds of threats: malwares (worms, viruses, trojans, etc.) and adwares. Malwares, as the name suggests––malicious wares, are programs created with the intention to break or damage your system. It can steal your precious data, delete important system files, or even access your computer when you least expect… or, just multiply itself to annoy the hell out of you. Regardless, malwares are evil, that's for sure.
But, what about adwares? Well, adwares aren't as malicious as malwares, but they're still annoying anyway. They're created to 'offer' its potential users with 'relevant ads' that usually pops up within your browser or worse, they can do something worse… just like what just happened to me. Head past the break to find out more.
An example of what adware can do
Hey, I know that this looks like a click bait, but trust me, it's not. People don't like reading long posts in the front page, so that's why I'm saving the content for the article page. Oh, and one more thing: I don't have any screenshots with me since there's no way I'm going through that horrible experience again… I'll try to describe my story as precise as I can. I hope you can understand this.
Warning: Some terminologies in this post might be incorrect. However, the terms I'm using here is 'adware' for programs that infect your machine and feed you ads and 'malware' for other kinds of threats such as worm, trojan, virus, etc.

It all started with a simple search for an activator. I've just upgraded to Windows 10 (which is genuine, fortunately…) and the activator no longer works. So, I'm heading out to Google to find what I need. Then, I come across this website (identity hidden to prevent misunderstandings) which offered a familiar activator, but with an upgraded version. At first, I thought it was harmless, since comments below were good, and the poster seemed like a nice guy (giving his readers all sorts of nice replies and some support). With that, I confidently clicked on the download link.
The link was fine. It downloaded an .exe which is the same according to the instructions written in the article. Next steps should've been a breeze––all you have to do was just install it, then click the simple "Activate" button on the window. However, it soon turned out that I was actually about to open Pandora's Box.
Opening the .exe file, I was greeted with a usual UAC pop-up (you Windows users must've already known this, unless you've been staying on the Windows XP boat). I approved the file's request to open, and then I had this old-time installer (seems like XP ones or earlier, with gray theme and square-ish buttons).  At first glance, nothing seemed to be wrong with the installer. You were just presented with EULA and the usual User Agreement. Click 'Agree' to proceed, while 'Decline' to cancel. That was when I realized something was wrong.
Firstly, I didn't read through the EULA. What caught my attention was the part right below the EULA. There are a couple of radio buttons (circular checkbox).  The first radio button said that I agreed to accept the terms and conditions, and that I was willing to install a bunch of software (around 3 to 4 I think… I didn't remember the exact amount).  The second radio button said that I agreed to the terms and conditions, but didn't want to install those software. Well, having installed numerous legit ad-ridden software, I always had a keen eye to this 'side offers'. It was a no-brainer––I chose the second one.
It turned out that I was tricked… horribly tricked. I had the second button selected when I was about to click 'Next'. However, somehow before the installer proceed to the next step, my selection was automatically changed to the first one. Of course, I was shocked by this preposterous sudden change to my selection. After that, two pop-ups came to me. I remembered it quite well that they were 'discount' software, engineered to give you special discounts on various online shops while you browse (some kind of browser toolbar… but it's very intrusive and very, very annoying. Trust me, you don't want to get hit by one of those things). Fortunately, they gave me a choice to decline their TOS, which usually means that the software wouldn't be installed. I declined both those pop-ups.
After that, I noticed that the activator was being installed. It said that the package was being extracted to my 'Program Files' folder. However, another set of installer window popped up again. It was similar to the first one: an EULA with a few choices. Then they had two choices: express install or custom install. As usual, they decorated the 'custom install' choice with 'Experts Only'. It said that the installer was about to install the activator into my machine. A question then popped up in my mind,
"Then what the hell was that first installer for?"
Anyway, I still chose 'Custom Install', as it was trying to slip another batch of software into my machine. I was right, after choosing 'custom install', there were three additional software. Each of them had a checkbox saying that I agreed to each of their TOS and that I was willing to install them. Of course, I didn't want those software as these bundled third-party software tend to bring more problems rather than solutions. I unchecked one of them, and something popped up:
"You decide not to install this software. Your computer settings will be changed," or so it said. The pop-up had two choices: OK and abort. The most sensible choice was to select 'OK', wasn't it? So I did. And again, I was tricked. I clicked that little 'ok' button but the checkbox stayed checked. Okay, that was weird. I did the same thing with the second and third checkboxes but they all had the same behavior. So, I tried to reverse my action. Instead of clicking OK, I clicked on 'Abort'. Yes, after I clicked 'Abort', the checkmark was gone. Okay, so I clicked next and proceed. Do you think it's over? No, it's not…
Another pop-up came out, saying that my computer was new, but was unstable due to dirty registry and no antivirus software (Windows 10 comes with Windows Defender, for God's sake, which is pretty much the same as Microsoft Security Essentials, Microsoft's free antivirus). They were trying to install another software. I declined, but suddenly a new software, coming out of nowhere, popped up. It was a browser that I had never seen or heard of before. Another pop-up was an ad window, offering me something which I couldn't remember. All I know is that it was something that I certainly didn't need. Again, I clicked the 'Decline' button, hoping that it would close and stop bothering me again.
That annoying window was then closed. However, I then noticed that the number of icons on my Desktop increased. There are a couple of additional installers with gibberish name. I tried deleting it, but I couldn't, saying that I didn't have enough authority even though I was (and always am in my PC…) the Administrator. A couple of minutes later, another couple of new installer windows showed up. Right at that moment, it didn't take a genius to know that my system was under attack.
So, I popped out my Task Manager and yes, my memory usage had hiked to an unsettling number-something it had never achieved before, unless opening resource-hungry apps such as Photoshop or Dreamweaver. There were rogue processes with gibberish name. Not only that, there were also some unknown services (yes, services, meaning that it belonged to an installed software) in Windows Local Services. The war finally begun.
I then tried to fire up the only security solution I had: Windows Defender. It was an Atom tablet with only 2GB of RAM. I personally didn't dare to install an additional antivirus, since I know how heavy one is. But unfortunately, my Windows Defender had already been defeated by the time my machine were infected. It was shut down. I was told to turn it on in gpedit.msc (Group Policy Editor) but I couldn't find mine anywhere. After looking it up on the Internet, I found out that only Windows Pro edition has that (my desktop is running Windows Pro, so I could open that setting easily). Internet forums claim that gpedit.msc can actually be installed. However, the process was quite complicated and it was getting very late past midnight. I really, really had to get some sleep.
"Okay… then I have no choice but to install a new antivirus,"  I thought. So, I went ahead and download an antivirus. Even as I was downloading, my Internet connection was sucked by unknown processes trying to download even more crapware. A couple of new icons showed up, meaning that they've somehow got through the UAC and installed those crapware without my consent. I just prayed at the time, hoping that it wouldn't crash my system. A windows tablet without any CD/DVD drive and no keyboard… it would be like Hell just trying to reinstall Windows. Believe me, you won't want to do that. I did that once, and it was so horrible.
A few moments later, the antivirus finally concluded its installation. It took approximately half an hour to install and update. The installation itself took about 150MB while the initial definition files took about 50MB if I remember correctly. As soon as I got that message, I quickly turned off Wi-Fi, hoping that those ad-wares would stop bringing in reinforcements.
Then, came the conclusion. I started to quick scan the machine. Quick scan basically means cleaning up whatever junk is dwelling in your memory (in other words, running) or in system-critical folders. Since there were lots of unknown new processes running in my precious memory, many were caught and finally disinfected (around 12, I think). As a result of that disinfection, some of my memory was emptied and my system ran noticeably faster and more responsive (it's an Atom tablet, the difference in performance is very clear). After clearing up junk in my memory, I proceed to do a full scan. Dormant threats don't mean they're not dangerous, right? So, I let the antivirus scan my whole computer while I went to sleep. It was 2 AM, and I was desperately in need of sleep since I needed to get up early on the same day.
In the morning, I checked the tablet first thing in the morning, and I was pretty delighted to see that the antivirus caught 41 (yes, the exact number; I still remember it very clearly) threats. With those 41 threats gone, my desktop was back to normal (that annoying un-delete-able shortcut was gone) and I could feel the performance of the tablet returning to normal, although stuttered due to the antivirus service running in the background.
Now, I'm restoring all my settings and uninstalling unwanted software from my tablet. Moral of this story, guys, is never, ever, download from obscure websites. It's much safer to download legit free apps rather than downloading cracks from obscure websites. Sure, you get to use the program for free, but at what cost? Your privacy? Your data? Please give that a thought. Only download things from the websites you know, and you're sure that it's 100% safe to download from it. Otherwise, just leave it be. You don't want to end up like me, do you?

Oh, and one more thing which you should keep in mind: being on top of Google's search page doesn't mean it's legit and safe. You still have to be careful nevertheless since Google is not perfect. It can't check every single page in the Internet for you; you'll have to take care of yourself.
Okay, I guess that's enough story, Folks. I hope this one doesn't scare you to venture the Internet world, and I hope you're not. The Internet is a utopia, a world of limitless opportunities and possibilities but just like the real world, you have to be careful and be vigilant at all times. Stay curious, stay vigilant.
Finally, thanks for reading, and I hope this post is useful for you. If you have any questions/comments, feel free to sound off below and I'll get back to you as soon as possible. Have a nice day, guys, and I'll see you soon.


Popular posts from this blog

Logitech mk240 Mouse Combo Review

Flashing Evercoss Winner Tab V (AT8B)... and Possibly Other Spreadtrum Devices

Which WinRAR Compression Do You Need? [GUIDE]