


We were testing out our theory that all freeware download sites are awful when we got infected with the ShopperPro adware, which just completely takes over your entire browser window with obnoxious ads, redirects Amazon links to some shady site, and is awful. Here’s how to remove it.

我们正在测试我们的理论,即当我们感染ShopperPro广告软件时,所有免费软件下载网站都将变得糟糕,该广告软件仅用令人讨厌的广告完全取代了整个浏览器窗口,将Amazon链接重定向到某个阴暗的网站,而且效果糟糕。 这是删除方法。

The funny thing is that we were writing about how to remove the almost identical BoBrowser malware, and after removing that, the ShopperPro malware took over the computer almost instantly. It was literally hiding in the wings waiting for its chance to strike. This is why we recommend running Malwarebytes after uninstalling any badware, because there’s almost always something else hiding.

有趣的是,我们正在写有关如何删除几乎相同的BoBrowser恶意软件的信息 ,而在删除之后,ShopperPro恶意软件几乎立即接管了计算机。 它实际上隐藏在机翼中,等待其袭击的机会。 这就是为什么我们建议在卸载任何恶意软件之后运行Malwarebytes的原因,因为几乎总会隐藏其他东西。

Note: we sometimes get criticized for using the actual malware uninstaller to uninstall the malware, rather than using some tool. But the fact is that to prevent going to jail, many of these malware companies actually do provide a (mostly) working uninstaller. As long as you run Malwarebytes after uninstalling, you are generally fine.

注意:有时,我们批评使用实际的恶意软件卸载程序来卸载恶意软件,而不是使用某些工具。 但是事实是,为了防止入狱,许多恶意软件公司实际上确实提供了(主要是)有效的卸载程序。 只要您在卸载后运行Malwarebytes,通常就可以了。

And that’s the thing, what they are doing isn’t technically illegal (although it should be). They trick you into agreeing to the install at some point while you were trying to install a stupid 3D screensaver, and then they provide an uninstall mechanism. It’s all perfectly legal, and somebody is going to hell for it. But nobody is going to jail.

事实就是如此,他们在做什么在技术上不是非法的(尽管应该是非法的)。 当您尝试安装愚蠢的3D屏幕保护程序时,它们会欺骗您在某个时候同意安装,然后提供卸载机制。 这完全是合法的,有人为此而死。 但是没有人要入狱。

调查ShopperPro (Investigating ShopperPro)

The crazy thing about this malware is that if you go into Chrome’s plugin pages or extension pages, nothing shows up at all. As it turns out, this is a process that gets launched through Task Scheduler and then hijacks the browser using some deep dark Windows process hooking functions.

关于该恶意软件的疯狂之处在于,如果您进入Chrome的插件页面或扩展页面,则什么都没有显示。 事实证明,这是一个通过Task Scheduler启动的进程,然后使用一些深暗的Windows进程挂钩功能劫持浏览器。

As we can see in this screenshot of Process Explorer, it comes from some entity called Goobzo LTD. Why they are allowed to have a certificate to digitally sign their software is beyond us.

正如我们在Process Explorer的屏幕快照中看到的那样,它来自某个名为Goobzo LTD的实体。 为什么我们不让他们拥有数字签名软件的证书。

When you head into the Threads tab and take a look at some of the DLLs that are in use, things become a little more clear. This actually comes from that YouTube Accelerator that you might have installed or been tricked into installing.

当您进入“线程”选项卡并查看一些正在使用的DLL时,事情就会变得更加清晰。 这实际上来自您可能已经安装或被欺骗安装的YouTube Accelerator。

Because all of these malware types piggyback on each other, and then try to install even more adware. It’s awful.

因为所有这些恶意软件类型相互依存,然后尝试安装更多广告软件。 糟透了

删除ShopperPro恶意软件 (Removing the ShopperPro Malware)

The first thing you’re going to want to do is either open Task Manager or Process Explorer, and kill everything you see that has anything to do with ShopperPro or YouTube Accelerator (or anything else you don’t recognize). Make sure you’ve closed all your browser windows as well. We need to make sure that the processes aren’t in memory anymore, or the uninstall will fail.

您要做的第一件事是打开“任务管理器”或“进程资源管理器”,并杀死所有与ShopperPro或YouTube Accelerator(或其他您不认识的东西)有关的内容。 确保您也关闭了所有浏览器窗口。 我们需要确保进程不再在内存中,否则卸载将失败。

Now that everything is closed, we can go into Uninstall Programs and remove Shopper-Pro.


And then remove YouTube Accelerator, making sure to remove all shared components.  You should probably go ahead and remove every other app that you don’t recognize while you are at it.

然后删除YouTube Accelerator,确保删除所有共享组件。 您可能应该继续进行,并删除在使用过程中不认识的所有其他应用程序。

At this point, ShopperPro is mostly gone.


完成删除所有带有恶意软件字节的跟踪 (Finish Removing All Traces with Malwarebytes)

Sadly most antivirus programs won’t remove crapware and adware, because they aren’t technically malware since at some point you got tricked into clicking Accept on a screen when you should have turned off the computer and thrown it out the window instead of installing freeware from shady websites.


That’s why we always recommend running a scan with Malwarebytes, which focuses on adware and spyware and removing all of these awful things. And no matter how much you try to clean things up yourself, there are going to be traces of stuff left over — and in many cases, there is just more adware waiting to take the place of the adware that you just removed.

因此,我们始终建议使用Malwarebytes进行扫描,该扫描专注于广告软件和间谍软件,并删除所有这些糟糕的东西。 而且,无论您尝试自己进行多大的清理,都会留下一些痕迹-在许多情况下,有更多的广告软件正在等待替换刚刚删除的广告软件。

Download and run a scan with the free version of Malwarebytes — it’s completely free to scan and remove the badware. They do have a paid version that tries to block this stuff from happening in the future, but you can use the free version or the free trial to clean up your system without paying anything.

下载并使用免费版本的Malwarebytes运行扫描-扫描和删除恶意软件是完全免费的。 他们确实有付费版本,试图阻止这种情况在将来发生,但是您可以使用免费版本或免费试用版来清理系统,而无需支付任何费用。

Click that green Apply Actions button when the scan completes, and then reboot your computer. If anything else shows up, might want to run another scan.

扫描完成后,单击绿色的“应用操作”按钮,然后重新启动计算机。 如果仍然显示其他任何内容,则可能要运行其他扫描。

Even though we did a bunch of manual cleaning, Malwarebytes still found some places in the registry that were referencing ShopperPro. It’s worth taking this extra step for sure.

即使我们进行了大量手动清理,Malwarebytes仍然在注册表中找到了引用ShopperPro的某些位置。 确实值得采取这一额外步骤。

翻译自: https://www.howtogeek.com/207675/how-to-remove-the-awful-shopperpro-adware-malware/


