We mentioned we had Microsoft Security Essentials running, right? So what did it make of all the shenanigans? On the whole, very little. Throughout the whole procedure, we had two medium-level warnings while installing two downloads. One was highlighted as the software bundler DealPly and the other was the adware system WebCake. It's not an overly reassuring performance from what you would hope to be a more centralised system for blocking such software.
Cleaning up
As part of our delving, we wanted to see if it was possible to restore the system to its original state. Part of the confusing position with malware and PUPs is that you can remove the legitimate elements through the normal Uninstall a Program section of the Control Panel.
We started there and uninstalled the 30-plus items that had appeared. A problem, even with uninstall options, is that removal isn't at the top of these companies' minds. So the BearShare uninstaller was seemingly locked, until I forcibly quit the original running executable - at which point, it finished correctly.
While uninstalling many, we were taken to a final browser page imploring us to reinstall the product - one even amusingly had a phishing advertisement instructing the user to click a fake button to finish removing everything. Another uninstall left us with no Explorer interface at all, which would be very confusing for a novice user.
Rather annoyingly, it became apparent that for many systems, despite installing in one go, this process often left separate uninstallers for the main products, such as the FireFox toolbar and the Internet Explorer toolbar. Despite all of this, after sweeping through the Uninstall Control Panel (followed by a quick reboot), Windows was left in a far better state. FireFox still retained 7Go Game, LinkSwift and a disabled BrowserPlus2 extension, but even its default start page and search engine were restored. Internet Explorer was also clear of toolbars, but retained a number of search providers and the start page. Chrome was similar, retaining just the BrowserPlus2 extension and an alternative start page.
Looking deeper into the system, firstly with Microsoft Security Essentials, it appeared WebCake had left various Javascript elements behind, but it detected nothing else. The free version of Spybot Search & Destroy seemed largely interested in cookies. Trend Micro Hijack spotted a couple of rogue registry entries, but nothing that seemed too concerning. It was Malwarebytes Anti-Malware that seemed to spot the most remaining detritus, consisting largely of left-behind installation files from the array of PUPs we had running around.
Post clean-up, the system was back to 504MB memory used (659MB with all three browsers open). That's less than there was originally, as I'd reset the start pages to blank ones. We suspect we were lucky with most of the PUPs we encountered, as they largely uninstalled themselves. However, it's frightening to see what damage can be done after even a short time of downloading free packages.
- Now why not check out Top 50 best free games you should play today
