
What is Adware?
April 07, 2025
Adware is unwanted software specifically designed to display advertisements on your device. It works by making unauthorized changes to your system, primarily targeting your web browser settings and network configurations.
The primary purpose of adware is financial gain for its creators. These developers profit when you view or click on the advertisements they force onto your screen. Adware monetization typically works through three main models:
Pay-per-click (PPC) | Developers earn revenue each time you click on displayed advertisements. |
Pay-per-view (PPV) | Developers receive payment based on the number of ad impressions shown to users. |
Pay-per-install (PPI) | Developers are compensated when bundled software is installed on users' devices. |
Many adware programs also collect browsing data and location information to deliver targeted advertisements. This data collection creates an additional revenue stream for adware operators, who can sell your information to third-party marketers. However, the primary concern isn't just unwanted adsβit's the potential security risks they introduce.
Unlike legitimate advertising, adware typically promotes questionable or outright malicious content. Legitimate companies avoid association with intrusive advertising methods. The advertisements displayed by adware often contain links to suspicious websites that may attempt to distribute additional malware. Clicking on these ads might trigger unwanted downloads of other threats such as cryptocurrency miners, more adware variants, or browser hijackers.
Types of Adware
Adware exists in several forms, each with different characteristics and levels of intrusiveness:
- Ad-supported Software: Legitimate programs that display advertisements to generate revenue while providing useful functionality. These typically disclose their ad-displaying behavior in terms of service and may offer premium ad-free versions.
- Potentially Unwanted Programs (PUPs): Software that installs without clear consent, often bundled with legitimate programs. These applications display advertisements while providing minimal utility, and removal procedures are frequently obscured. Common examples include PUADlManager.Win32.InstallCore and PUABundler.Win32.uTorrent.
- Browser Hijackers: Specialized adware that specifically targets web browsers, modifying homepage settings, default search engines, and new tab pages to display advertisements and redirect search queries through affiliate links. The Epi Browser is a notable example of this type.
- Stand-alone Adware: Malicious programs with the sole purpose of displaying advertisements without providing any legitimate functionality. These often run in the background with no visible application interface and may employ techniques to resist removal, such as Adaware Web Companion.
Notable Adware Examples
- Fireball: A sophisticated adware infection that affected over 250 million computers worldwide. This threat hijacked browsers to generate fake search engine results and manipulated web traffic to boost ad revenue for its operators.
- Gator/GAIN: One of the earliest widespread adware programs that tracked browsing habits to deliver targeted advertisements. Initially marketed as a password manager, it collected significant amounts of user data while displaying personalized ads.
- CoolWebSearch: A persistent browser hijacker that modified homepages, redirected searches, and displayed relentless pop-up advertisements. It was notorious for its complex removal process and ability to reinstall itself.
- DollarRevenue: Installed unwanted toolbars and employed aggressive advertising techniques, including pop-unders, pop-overs, and persistent banner ads that significantly degraded system performance.
- OfferCore: A particularly intrusive adware that modifies browser settings and displays unwanted advertisements. If you're dealing with this specific threat, a specialized OfferCore removal guide can help you eliminate it completely.
- Eorezo: A browser extension that displayed intrusive advertisements across websites and collected browsing data. It was particularly difficult to remove due to multiple system integration points.
- WinAd: Consumed significant system resources while displaying excessive advertisements, resulting in noticeable system slowdowns and decreased battery life on laptops.
- PUA.Win32.Presenoker: A recent adware variant that installs as a browser extension and injects advertisements into web pages. According to GridinSoft's analysis, it also monitors browsing activities and may redirect users to affiliate marketing sites.
- Conduit: A browser toolbar and search engine that modified browser settings to display sponsored search results and advertisements while collecting user browsing data.
Is Adware Legal?
The legality of adware exists in a gray area and varies by jurisdiction. While some ad-supported software operates within legal boundaries by disclosing its advertising functions, many adware variants violate laws regarding consent and privacy.
State Laws
Several U.S. states have enacted specific anti-spyware legislation that applies to adware. California's Consumer Protection Against Computer Spyware Act prohibits the unauthorized installation of software that takes control of a computer, modifies settings, or collects personal information without explicit consent. Similar laws exist in states like Washington, New York, and Utah, providing legal frameworks to prosecute distributors of harmful adware.
Federal Laws
Under the Computer Fraud and Abuse Act (CFAA), causing damage to 10 or more computers within a year resulting in losses of $5,000 or more constitutes a federal offense. Adware that significantly degrades system performance, consumes bandwidth, or facilitates the installation of additional malware may qualify as causing such damage. The FTC has also taken enforcement actions against companies distributing adware under its authority to prevent unfair or deceptive business practices.
How You Get Infected with Adware
According to GridinSoft's research, adware infections typically occur through several common vectors:
- Software Bundling: Free applications often include additional software components without clearly disclosing them during installation. Always choose custom installation options and carefully review all components being installed.
- Deceptive Downloads: Websites offering free content, such as movies, music, or cracked software, frequently distribute adware alongside the desired files, particularly through P2P applications like uTorrent.
- Misleading Advertisements: Clicking on deceptive ads such as fake update notifications or prize announcements can trigger adware downloads. These are common on less reputable websites.
- Compromised Extensions: Browser extensions from unofficial sources or those that change ownership may introduce adware functionality through updates. GridinSoft's analysis shows this is an increasingly common infection vector.
- Drive-by Downloads: Visiting compromised websites can sometimes trigger automatic downloads without user interaction, particularly on systems with unpatched security vulnerabilities.
How Dangerous Is Adware?
While adware itself is not as immediately destructive as threats like ransomware, it poses several significant risks:
System Modifications: Adware frequently alters crucial system files to facilitate its operation. A common target is the HOSTS file, which controls network routing in Windows. By modifying this file, adware can bypass browser security features and ad-blocking tools, ensuring its advertisements remain visible. These modifications often persist even after the adware itself is removed, requiring separate remediation.
Browser Alterations: Most adware variants make extensive changes to browser configurations, including homepage settings, search engine preferences, and new tab behaviors. Some variants may even restrict access to browser settings to prevent users from reversing these changes. When distributed as browser extensions, adware often implements measures to prevent its removal through normal browser management interfaces.
Secondary Infections: The advertisements displayed by adware frequently link to additional malware. Clicking on these ads may result in the installation of more severe threats such as cryptocurrency miners that consume system resources, Trojans that steal sensitive information, or browser hijackers that further compromise your online experience.
Performance Impact: Adware consumes system resources to display advertisements and track user behavior, leading to noticeable performance degradation. This includes slower application response times, increased memory usage, and reduced battery life on portable devices. According to GridinSoft's analysis, some adware can consume up to 40% of system resources.
Warning Signs of Adware Infection
Adware typically produces several recognizable symptoms that indicate an infection:
- Changed Browser Settings: Unexpected modifications to your homepage, default search engine, or new tab page are strong indicators of adware presence. These changes typically persist even after attempting to restore default settings.
- Unfamiliar Browser Extensions: The appearance of unknown toolbars, extensions, or add-ons in your browser that you don't remember installing suggests adware intervention.
- Excessive Advertisements: A sudden increase in pop-up windows, banner ads, in-text links, or video advertisements, particularly on websites that normally don't display such content, strongly indicates adware activity.
- Redirected Web Searches: If your search queries consistently lead to unfamiliar search engines or results pages with numerous sponsored links, adware is likely intercepting your searches.
- Embedded Hyperlinks: Text on websites suddenly appearing with hyperlinks (often with double underlines or highlighted in different colors) that weren't present before suggests adware is injecting these links.
- System Performance Issues: Noticeable slowdowns, especially during web browsing, increased fan activity, reduced battery life, or unexpected application crashes may indicate adware consuming system resources.
- New Applications: The appearance of unfamiliar applications in your installed programs list that you don't remember installing often indicates bundled adware.
- Suspicious Processes: Unusual processes running in Task Manager with high resource usage may be adware components. For a comprehensive list of common adware processes, visit GridinSoft's adware process guide.
How to Remove Adware
Removing adware requires a systematic approach based on your operating system and affected browsers. For a comprehensive approach to eliminating all types of unwanted software from your system, you might want to check this detailed spyware removal guide. Follow these platform-specific instructions:
Safari (iOS and macOS)
For Apple devices using Safari:
- 1. Update macOS to the latest version, as updates often include security patches that remove known adware.
- 2. Restart your device after updating to ensure all system changes take effect.
- 3. Open Finder and navigate to the Applications folder to identify and remove suspicious applications.
- 4. In Safari, select Preferences > Extensions and disable/remove any unfamiliar extensions.
- 5. If problems persist, contact Apple Support at 1-800-275-2273 for specialized assistance.
Chrome (Android)
For Android devices using Chrome:
- 1. Restart your device in safe mode by pressing and holding the power button, then touching and holding "Power off" until the Safe Mode prompt appears.
- 2. Open the Google Play Store app and tap your profile icon.
- 3. Select "Manage apps & device" then "Manage".
- 4. Sort by "Recently installed" to identify suspicious applications.
- 5. Select any questionable apps and tap "Uninstall".
- 6. Restart your device normally and check if the adware symptoms persist.
- 7. If necessary, repeat these steps for any remaining suspicious applications.
To enhance Android protection:
- 1. Open Google Play Store and tap your profile icon.
- 2. Select "Play Protect".
- 3. Ensure "Scan apps with Play Protect" is enabled.
- 4. Tap "Scan" to check for existing threats.
- 5. Consider installing a reputable security application for additional protection.
To manage website notifications:
- 1. Open Chrome and tap the three dots menu.
- 2. Select "Settings" > "Site settings".
- 3. Tap "Notifications".
- 4. Review and disable permissions for suspicious websites.
Chrome (Windows)
For Windows computers using Chrome:
- 1. Open Chrome and click the three dots menu in the upper right.
- 2. Select "Settings".
- 3. Scroll down and click "Advanced" to expand additional options.
- 4. Under "Reset and clean up", select "Clean up computer".
- 5. Click "Find" to scan for harmful software.
- 6. Follow prompts to remove any detected unwanted software.
- 7. Restart your computer to complete the removal process.
- 8. Return to Chrome's "Reset and clean up" section.
- 9. Select "Reset settings to their original defaults" and confirm.
Chrome (macOS, Chromebook, Linux)
For non-Windows systems using Chrome:
- 1. Check for unauthorized applications in your system's application folder.
- 2. Remove any suspicious applications using your operating system's standard uninstallation method.
- 3. Open Chrome and access the three dots menu.
- 4. Select "Settings" > "Advanced".
- 5. Under "Reset and clean up", click "Restore settings to their original defaults".
- 6. Confirm by clicking "Reset settings".
- 7. Restart Chrome and check if adware symptoms persist.
Mozilla Firefox (All Platforms)
For any device using Firefox:
Reset Firefox to default settings:
- 1. Click the menu button (three horizontal lines) in the upper right.
- 2. Select "Help" (question mark icon).
- 3. Choose "More troubleshooting information".
- 4. Click the "Refresh Firefox" button in the upper right.
- 5. Confirm by clicking "Refresh Firefox" in the dialog box.
Remove suspicious extensions:
- 1. Click the menu button in Firefox.
- 2. Select "Add-ons and themes".
- 3. Click "Extensions" in the left sidebar.
- 4. Review the list and click the three dots next to any suspicious extension.
- 5. Select "Remove" and confirm when prompted.
- 6. Restart Firefox when finished.
How to Prevent Adware Infections
Preventing adware infections is significantly easier than removing them. According to GridinSoft's cybersecurity recommendations, you should implement these security practices to protect your devices:
- Practice Caution During Installation: Always choose custom or advanced installation options when installing software. Review each step carefully, declining any offered additional software, toolbars, or browser extensions.
- Download from Official Sources: Obtain software exclusively from official websites or authorized app stores rather than third-party download portals, which frequently bundle additional unwanted programs.
- Keep Systems Updated: Maintain current operating system and application updates, as these often include security patches for vulnerabilities that adware might exploit.
- Use Protective Software: Install reputable anti-malware protection that specifically targets potentially unwanted programs and adware. Windows Defender provides basic protection, but dedicated security solutions offer enhanced detection capabilities.
- Enable Browser Protection Features: Most modern browsers include built-in protection against malicious sites and downloads. Ensure these features remain enabled for an additional layer of security.
- Review Browser Extensions Regularly: Periodically examine installed browser extensions and remove any that are unfamiliar or no longer needed, as these are common adware vectors.
- Exercise Link Discipline: Avoid clicking on suspicious advertisements, pop-ups, or links in emails from unknown sources, as these often lead to adware distribution sites.
- Use Ad-Blockers: Consider installing reputable ad-blocking extensions in your browsers to reduce exposure to potentially malicious advertisements.
For new Windows computers that come with pre-installed adware (sometimes called "bloatware"), consider performing a clean installation of Windows or using the "Reset this PC" feature with the option to remove all applications. This creates a fresh operating environment without unwanted software.