Monday 13 April 2015

Remove Saleplus malware completely without any anti-malware

SalePlus
SalePlus adware
Recently my laptop got infected by the Saleplus adware/malware from a website. Symptoms are :
1. You see ads on every page you visit even when you have the Adblock Plus installed.
SalePlus ads
SalePlus ads

Saleplus adblock
SalePlus ads even with adblock plus enabled

2. Biased Google search results.
SalePlus google
Expected search results
Saleplus google
Search results altered by SalePlus


3. Slow internet speed.

In my case, only Google chrome was the affected browser. Hence following are the steps to remove it from Google chrome and Windows only. ...

How to get rid of it.....
  1. Uninstall SalePlus from Windows installed Program and features.
    To achieve this in windows 7, press windows button --> Control Panel --> Programs --> Uninstall a Program. After that find "SalePlus" and uninstall it. For other windows versions, steps are almost similar.
  2. Remove it from startup of WIndows.
    Press windows button and type "msconfig", hit enter.
    Goto the Startup and look for suspicious entries. Generally the adware takes the name of whatever file you were trying to download from the infected website. e.g. in my case it was "Eluveitie - The Call of the Mountains".
    Disable such suspicious startup programs. Do not close the window yet.
    Saleplus startup
    Remove SalePlus from startup

    1. Delete its files and folders
      Have a look at its location in the same table in msconfig (previous step) and go to that location i.e. go to "C:\Users\code\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eluveitie - The Call of the Mountains".
      Right click on the shortcut "Eluveitie - The Call of the Mountains" ---> properties.
      Note down the value in target field and go to that address. e.g. go to "C:\ProgramData\{82d33535-da55-b0aa-82d3-33535da5d4d7}" and delete "{82d33535-da55-b0aa-82d3-33535da5d4d7}" from C:\ProgramData. Also delete the shortcut you found earlier at "C:\Users\code\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eluveitie - The Call of the Mountains".
    2. Delete C:\ProgramData\4288546593436265821 (or similar folder with date modified same as other two folders in step 2 and step 3.)
    3. Remove the SalePlus extension from Google Chrome.
      Visit chrome://extensions/ (just paste this in chrome address bar)  and enable developer mode.
      Search for SSalePlus and check the "Loaded from: " attribute of the extension. This is the address which allows it to rise from ashes even when you delete the extension from chrome. In my case it is located at C:\ProgramData\ambmpnbogdlmjcmpeejljnhbnmojogeh.
      Delete this directory "ambmpnbogdlmjcmpeejljnhbnmojogeh".
      Also disable and and remove the extension from Google chrome.
      Saleplus chrome
      Saleplus chrome extension

    4. Now close msconfig window from step 2 and restart.
    Now the annoying ads must be gone. All the best.
    Tried on : Windows 7, Google chrome Version 41.0.2272.118 dev-m
    May also work for : Any version of windows, Other browsers

    By at
    Labels: , , ,

    3 comments:

    1. Nawazz16 November 2020 at 01:51

      Try This Amazing app Chapters Mod Apk

      ReplyDelete
    2. mohsin18 April 2021 at 11:12

      It was wondering if I could use this write-up on my other website, I will link it back to your website though.Great Thanks. online security

      ReplyDelete
    3. mohsin19 November 2021 at 23:39

      Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also judi slot online

      ReplyDelete

    Subscribe to: Post Comments (Atom)

    Featured Post

    PHP EmailMessage class for extracting attachments

    Hi, recently I had to create a php program which fetches emails with attachments (including inline). I searched a lot and succeeded with h...