Manually remove pop-up redirect malware

(No anti-virus software)

Posted by fjh1997 on April 8, 2019

Manually remove pop-up redirect malware

what’s the problem

Every once in a while, the computer pops up a website called with the IE browser, and then the website will automatically redirect to some virus websites, which is very annoying. For example, this website requires you to download java, which is obviously a virus.

figure description

figure description

try to solve

By searching the process of this IE browser pop-up in the task manager, you will find that this is a program started by the command line. figure description

In this case, then the question is, who make this command to start?


Use the following command in powershell to find the parent process of this process. For example, as shown in the figure above, the process ID of this process is 11996, then the parent process ID can be found by this command.

  wmic process where ProcessId=11996 get ParentProcessId



Searching the process with PID 1228 in Task Manager,and right click “Go to service”, you will find that this process is the Windows Task Scheduler.

figure description

The next step is obvious, find a Schedule named OperaUpdateService in the Task Scheduler, that is, this plan caused the pop-up event to occur, disable this pop-up program.

figure description