We were testing out our theory that all freeware download sites are awful when we got infected with the ShopperPro adware, which just completely takes over your entire browser window with obnoxious ads, redirects Amazon links to some shady site, and is awful. Here’s how to remove it.
The funny thing is that we were writing about how to remove the almost identical BoBrowser malware, and after removing that, the ShopperPro malware took over the computer almost instantly. It was literally hiding in the wings waiting for its chance to strike. This is why we recommend running Malwarebytes after uninstalling any badware, because there’s almost always something else hiding.
Note: we sometimes get criticized for using the actual malware uninstaller to uninstall the malware, rather than using some tool. But the fact is that to prevent going to jail, many of these malware companies actually do provide a (mostly) working uninstaller. As long as you run Malwarebytes after uninstalling, you are generally fine.
And that’s the thing, what they are doing isn’t technically illegal (although it should be). They trick you into agreeing to the install at some point while you were trying to install a stupid 3D screensaver, and then they provide an uninstall mechanism. It’s all perfectly legal, and somebody is going to hell for it. But nobody is going to jail.
The crazy thing about this malware is that if you go into Chrome’s plugin pages or extension pages, nothing shows up at all. As it turns out, this is a process that gets launched through Task Scheduler and then hijacks the browser using some deep dark Windows process hooking functions.
As we can see in this screenshot of Process Explorer, it comes from some entity called Goobzo LTD. Why they are allowed to have a certificate to digitally sign their software is beyond us.
When you head into the Threads tab and take a look at some of the DLLs that are in use, things become a little more clear. This actually comes from that YouTube Accelerator that you might have installed or been tricked into installing.
Because all of these malware types piggyback on each other, and then try to install even more adware. It’s awful.
Removing the ShopperPro Malware
The first thing you’re going to want to do is either open Task Manager or Process Explorer, and kill everything you see that has anything to do with ShopperPro or YouTube Accelerator (or anything else you don’t recognize). Make sure you’ve closed all your browser windows as well. We need to make sure that the processes aren’t in memory anymore, or the uninstall will fail.
Now that everything is closed, we can go into Uninstall Programs and remove Shopper-Pro.
And then remove YouTube Accelerator, making sure to remove all shared components. You should probably go ahead and remove every other app that you don’t recognize while you are at it.
At this point, ShopperPro is mostly gone.
Finish Removing All Traces with Malwarebytes
Sadly most antivirus programs won’t remove crapware and adware, because they aren’t technically malware since at some point you got tricked into clicking Accept on a screen when you should have turned off the computer and thrown it out the window instead of installing freeware from shady websites.
That’s why we always recommend running a scan with Malwarebytes, which focuses on adware and spyware and removing all of these awful things. And no matter how much you try to clean things up yourself, there are going to be traces of stuff left over — and in many cases, there is just more adware waiting to take the place of the adware that you just removed.
Download and run a scan with the free version of Malwarebytes — it’s completely free to scan and remove the badware. They do have a paid version that tries to block this stuff from happening in the future, but you can use the free version or the free trial to clean up your system without paying anything.
Click that green Apply Actions button when the scan completes, and then reboot your computer. If anything else shows up, might want to run another scan.
Even though we did a bunch of manual cleaning, Malwarebytes still found some places in the registry that were referencing ShopperPro. It’s worth taking this extra step for sure.