Jump to content

Recommended Posts

I recently downloaded and ran AdwCleaner on a client's system (Windows 10 v.1904), as I have with many others. This time, though, I found that, upon each subsequent startup, an AdwCleaner command window appears, momentarily, and then disappears. My understanding (as inaccurate as it may be) is that AdwCleaner is a standalone app that does not permanently install.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the AdwCleaner Help forum.
In order to help us assist you to resolve your issue, please post or attach your latest AdwCleaner log files with your post. https://support.malwarebytes.com/hc/en-us/articles/360039021593

Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue:

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

 

 

 

notify me.jpeg

mbst_advanced_gather_logs.jpg

mbst_get_started.jpg

mbst_getting_logs.jpg

mbst_log_saved_desktop.jpg

Link to post
Share on other sites

Thanks, Jerome; I appreciate the prompt reply.

This is installed on a client's machine, though it does not appear in the Apps control panel. I want to disable the behaviour or remove the app before the client picks up the device, to prevent client confusion. I do not see a CLI flag to remove the app or disable this behaviour. How should I proceed? Best Wishes to All!

Link to post
Share on other sites

Please do the following:

Create an Autoruns Log:
Please download Sysinternals Autoruns from here and save it to your desktop.

Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following:

                Right-click on Autoruns.exe and select Properties
                Click on the Compatibility tab
                Under Privilege Level check the box next to Run this program as an administrator
                Click on Apply then click OK

  • Double-click Autoruns.exe to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:
        Hide empty locations
        Hide Windows entries
  • Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:
        Verify code signatures
        Check VirusTotal.com
  • Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish.
  • When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns.
  • Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP folder you just created to your next reply
Link to post
Share on other sites

The Autoruns file will hopefully show a startup entry/loading point for ADWCleaner which, once removed should resolve the issue.  ADWCleaner is a portable app which is why no uninstaller was found.  I suspect it just created a startup entry in one of the system's loading points, likely for cleanup or some similar function, and that it failed to delete the startup entry once it was done, though that's just a hypothesis as I'm not one of the Devs or anything.

Just as a general suggestion, I'd recommend staying away from tools like Revo when dealing with security apps if possible.  Unlike most typical Windows applications, security apps tend to use components and functions which make them more complex to install, run and remove.  In particular, drivers, services and DLLs which might hook into other processes in memory, as well as self-defense/self-protection components which may prevent them from being properly or fully removed unless using the app's own uninstaller or an official uninstall tool for the app (like the ones provided by many AV/AM vendors).  Using a tool like Revo might break the installation without properly removing it which has the potential to not only leave orphaned items behind (which obviously defeats the purpose of using a tool like Revo in the first place), but also has a small chance of damaging or modifying system components or corrupting the app's installation as an unintended consequence of failing to remove certain components of the application properly.  This could potentially result in any number of issues such as errors, orphaned startups and services, or even system crashes/BSODs (though the latter is far less likely, however I have seen it more than once in my years as a PC repair tech).  Because of this, I'd suggest trying to uninstall such apps normally first or using the vendor's dedicated uninstall tool if they have one, then check for orphaned entries and data if necessary and clean them up with Revo or by hand (though be sure to reboot first before doing so as many uninstallers rely on a system restart to clean up locked/in-use objects and data).

In this particular case ADWCleaner is a portable app so using Revo probably doesn't matter and it's likely to just delete whatever data is left behind on the system after running it, I just thought it would be a good idea to indicate the potential risks of using tools like Revo for certain types of applications.  One of the biggest issues is that you're dealing with an app often deliberately engineered to resist being removed by any code which was not written by the vendor that created the app in the first place (like Kaspersky's self-defense, Malwarebytes' self-protection/Chameleon etc.) because forcefully removing such apps is precisely what many malware threats try to do, and when under attack there is no way for the app's self-protection component(s) to know whether the source is malicious or a legitimate application like Revo.

Link to post
Share on other sites

  • Staff

Hello,

@PharazirAdwCleaner doesn't install anything. To remove it, you simply have to manually delete `AdwCleaner.exe` and the directory (usually C:\AdwCleaner). You can also do it from AdwCleaner directly, with the button at the bottom of the Settings page.

Otherwise, for the cmd.exe window that is displayed during a very short period of time (less than a second usually) it is expected. Please see the notes from 8.0.7:

Quote

Note: the cmd.exe window that might show up briefly when launching AdwCleaner doesn't delay the launch time compared to previous versions nor install anything on your computer. It is a side affect of the CLI execution ability introduced in 8.0.6 being contained within the same executable. The amount of time for which it is displayed will be dependent upon the speed of your computer.

There is nothing to worry about with it.

Regards,

Link to post
Share on other sites

Thank you for your response.  Is there a method to keep the user from seeing this?

12 hours ago, jboursier said:

Otherwise, for the cmd.exe window that is displayed during a very short period of time (less than a second usually) it is expected. Please see the notes from 8.0.7:

 

Link to post
Share on other sites

Thanks for the replies; I appreciate your time and help. I had had a number of inquiries from clients who were concerned, as this window varies from the usual startup. I will remove AdwCleaner, for those clients who find it unsettling, and will simply download, run and remove it at each periodic maintenance session.

Again, many thanks. Best Wishes to All!

Link to post
Share on other sites

On 7/16/2020 at 6:11 PM, exile360 said:

Just as a general suggestion, I'd recommend staying away from tools like Revo when dealing with security apps if possible ...

Thanks, Exile. I don't use Revo casually; in this case I thought it appropriate as a possible alternative, since there were obviously start-points, reg entries or other components causing this behaviour. It's been so long since I needed AutoRuns that I'd completely forgotten about it. Thanks very much for the reminder.

Parenthetically, though, I have used Revo a number of times, over the years, to remove various applications whose uninstallers failed or were simply not present, some of them quite complex, and have done so without problem (so far). I suppose that it could fail, for example, to remove an anchored software-license file or something of the sort but even in such a case the program components that called the file would be absent so, there should be no functional issue other than the mere presence of the file on disk.

You raise a good point though, and I shall keep it in mind. Thanks again!

Link to post
Share on other sites

On 7/27/2020 at 1:46 AM, dubdevlin said:

AdwCleaner Command window appears each time at startup after 8.07 install

followed directions found in previous link [above] running autoruns

exile360https://forums.malwarebytes.com/topic/261849-adwcleaner-command-window-appears-each-time-at-startup/

file attached.

Thanks for any assistance on this matter

999C.zip 377.4 kB · 0 downloads

If you still require assistance removing the startup entry, please do the following:

  • Launch Autoruns again and wait for it to scan
  • Once it completes, click on the Scheduled Tasks tab at the top
  • Right-click on the first entry listed: \AdwCleaner_onReboot    AdwCleaner    (Verified) Malwarebytes Inc    c:/users/999c/desktop/dsktp/adwcleaner_8.0.6.exe    6/24/2020 6:26 PM    0/72 and select Delete then confirm when prompted that you wish to delete the entry
  • Close Autoruns

Once that is done, ADWCleaner should no longer launch on startup.  Please be sure to download the latest version of ADWCleaner which does not cause this issue if you wish to continue using it as an on-demand scanner without having to worry about the startup issue.

Link to post
Share on other sites

58 minutes ago, Pharazir said:

Thanks, Exile. I don't use Revo casually; in this case I thought it appropriate as a possible alternative, since there were obviously start-points, reg entries or other components causing this behaviour. It's been so long since I needed AutoRuns that I'd completely forgotten about it. Thanks very much for the reminder.

Parenthetically, though, I have used Revo a number of times, over the years, to remove various applications whose uninstallers failed or were simply not present, some of them quite complex, and have done so without problem (so far). I suppose that it could fail, for example, to remove an anchored software-license file or something of the sort but even in such a case the program components that called the file would be absent so, there should be no functional issue other than the mere presence of the file on disk.

You raise a good point though, and I shall keep it in mind. Thanks again!

Yep, it's just that some security apps use self-protection drivers/services and the like which might interfere (or break the installation, or even potentially cause a system crash when improper removal is attempted), though for the most part that should not be an issue if you are able to actually exit the application, or at least disable its self-protection component(s), assuming it has any.  There are some other potential risks, but that is the biggest one for security apps.

I'll cite an example which, while not precisely the same scenario, it does highlight how issues can occur.  Malwarebytes uses a self-protection driver called Chameleon; at one time, a few years back, Kaspersky AV products were trying to forcefully remove Malwarebytes if it was found on a system where Kaspersky was being installed.  In doing so, it would fail numerous times, attempting several different brute-force methods to terminate and remove the driver, eventually resulting in a BSOD.  As I recall, we were able to get the user's system to boot back up normally, however I believe it either required Safe Mode, or else it simply required giving up on the Kaspersky install and removing Malwarebytes manually through the normal uninstall process.

With a tool like Revo, it isn't likely to go that far to try and remove a driver/application, so that specific scenario isn't too likely, however the self-protection in Malwarebytes is actually pretty tame compared to some of the AV products I've tested in the past, some of which can be a real pain if anything tries to tinker with them or the application they are protecting.

Link to post
Share on other sites

1 hour ago, Pharazir said:

Thanks for the replies; I appreciate your time and help. I had had a number of inquiries from clients who were concerned, as this window varies from the usual startup. I will remove AdwCleaner, for those clients who find it unsettling, and will simply download, run and remove it at each periodic maintenance session.

Again, many thanks. Best Wishes to All!

You can use Autoruns to remove the startup entry if it exists on a user's system, then use the latest version of ADWCleaner from that point on so that the startup entry does not get created and left behind again (since this issue was fixed in the latest release).  It's also likely possible that you could write a batch script or similar to delete the scheduled task if it exists on a system automatically, though only attempt that if you are familiar with doing such things, as removing the wrong startup could potentially cause any number of issues, including the system failing to boot if the wrong thing is removed such as a critical system task/process (I'm sure you were already aware of such things; I just wanted to clarify for anyone else who might come across this topic in the future).

Anyway, we are glad to help, and if any of you require our assistance with anything else, please don't hesitate to post again.

Thanks

Link to post
Share on other sites

1 hour ago, exile360 said:

If you still require assistance removing the startup entry, please do the following:

 

  • Launch Autoruns again and wait for it to scan
  • Once it completes, click on the Scheduled Tasks tab at the top
  • Right-click on the first entry listed: \AdwCleaner_onReboot    AdwCleaner    (Verified) Malwarebytes Inc    c:/users/999c/desktop/dsktp/adwcleaner_8.0.6.exe    6/24/2020 6:26 PM    0/72 and select Delete then confirm when prompted that you wish to delete the entry
  • Close Autoruns

 

Once that is done, ADWCleaner should no longer launch on startup.  Please be sure to download the latest version of ADWCleaner which does not cause this issue if you wish to continue using it as an on-demand scanner without having to worry about the startup issue.

Thx Exile, this solution proved useful. 

2 hours ago, Pharazir said:

Thanks for the replies; I appreciate your time and help. I had had a number of inquiries from clients who were concerned, as this window varies from the usual startup. I will remove AdwCleaner, for those clients who find it unsettling, and will simply download, run and remove it at each periodic maintenance session.

Again, many thanks. Best Wishes to All!

Thx Phazir, employing the same.

Link to post
Share on other sites

Eh, I'm kinda disappointed that I have to see the cmd window at each launch of the app.

It's a minor annoyance but still... it's also disappointing that you said it'll get fixed and it isn't. Is it correct to assume that you were wrong about the reason why this cmd window shows up in the first place?

Sorry if I sound bad. Malwarebytes is still my favorite security company, I'm grateful for these free tools and the time you spend on them but...

I also have a problem with "might"

Note: the cmd.exe window that might show up briefly

You wanna tell me there are systems where it doesn't show up?

Edited by Beenthere
Link to post
Share on other sites

The command window showing up when ADWCleaner is launched is the expected behavior, not an issue to be fixed, as explained above.

The bug was with the startup entry for ADWCleaner, which is only supposed to run once, instead running on every system restart (and that issue has been fixed in the latest version, however if a system still has the buggy startup entry from a previous build, the startup needs to be removed manually as running the latest ADWCleaner only prevents the buggy startup from being created; it does not remove an already existing buggy startup entry).

I hope that clarifies things a bit.  There are different issues being discussed in this thread involving the command window, one of which was a bug and is now fixed in the latest release, and the other which is the expected behavior and is a direct result of integrating CLI functionality into ADWCleaner.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.