Manually remove porlilman.com pop-up redirect malware
what’s the problem
Every once in a while, the computer pops up a website called porilman.com with the IE browser, and then the website will automatically redirect to some virus websites, which is very annoying. For example, this website requires you to download java, which is obviously a virus.
try to solve
By searching the process of this IE browser pop-up in the task manager, you will find that this is a program started by the command line.
In this case, then the question is, who make this command to start?
solution
Use the following command in powershell to find the parent process of this process. For example, as shown in the figure above, the process ID of this process is 11996, then the parent process ID can be found by this command.
wmic process where ProcessId=11996 get ParentProcessId
result:
ParentProcessId
1428
Searching the process with PID 1228 in Task Manager,and right click “Go to service”, you will find that this process is the Windows Task Scheduler.
The next step is obvious, find a Schedule named OperaUpdateService in the Task Scheduler, that is, this plan caused the pop-up event to occur, disable this pop-up program.
