Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, February 2, 2015

Remove and pop-up on startup (Virus Removal Guide)

Tell your friends:
When it comes to using malware to con innocent computer users out of their hard earned money, cyber criminals are becoming increasingly clever and have numerous ways of making a fast buck. And big bucks too. And just one of those methods is browser hijacking. and pop-up windows show up on startup and shutdown when your computer is infected by malware. These pop-ups are not only intrusive and annoying but also indicate that your computer is infected by a PUP. Of course, it's not the most sophisticated malware out there and won't steal your passwords, encrypt or delete files. However, it modifies Windows registry so that once your computer boots a CMD window shows up for a second and opens your web browser. The first thing you will see is but only for a few seconds because it works like a redirect website to Or bizigame might show up first and then redirect you to the other website. Both websites currently say "Website is blocked" in English and Russian for some reason. Maybe they can't handle the traffic or maybe there's something else that we don't know yet. One this is obvious, they've infected lots of computers. One way or another, it's better to fix this issue instead of allowing cyber crooks to have control of your web browser adn redirect you to dodgy websites.

The whole Windows registry modification looks like this:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run then it should be "CMD" running cmd.exe /c start & & exit.

The good news is that it's not so difficult to remove and pop-ups. You just need to download and use this very useful tool called Autoruns from Microsoft website. Please follow the steps in the removal guide below.

But there's one thing you should know about this infection: it comes bundled with adware and potentially unwanted programs (PUPs). In other words, if you're getting and pop-ups on startup then your computer is probably infected by other malware as well, most likely PUPs. Let's get the first thing straight, we're not talking about man's best friend here – in fact we're talking about something that is closely related to one of man's worst enemies! The PUPs we're going to take a look at today are not our furry four legged friends, they are Potentially Unwanted Programs: a different beast entirely.

Potentially Unwanted Programs install themselves on your computer without clearly telling you that this is their intention. PUPs can be tool bars, home pages, web browsers and search engines and although that doesn't sound dangerous – in fact it sounds quite the opposite – in actual fact PUPs are incredibly annoying thanks to their nasty little habit of redirecting all of your web searches to completely different websites instead of the one you were attempting to visit. is a good example, isn't it? Not only that but they can also make your computer more vulnerable to online attacks from malicious software.

More often than not a PUP will be bundled or packaged with another item of software. And it doesn't matter whether this is a well known program or not, as Potentially Unwanted Programs attach themselves to software and applications of varying degrees of legitimacy. That means you could fall victim to a PUP because you downloaded a hit movie, some adult X rated content, new desktop wallpaper or even the widely used, and very reputable, program Skype. Some companies or people who offer downloads are completely aware that a PUP is packaged with their product; however others are none the wiser. As I said before I got this pop-up after downloading Far Cry.

But it's not all doom and gloom for it is often possible to spot a Potentially Unwanted Program before it gets installed on your computer. The trick is to properly read the End User License Agreement when you're downloading something. Oftentimes PUPs that display and pop-ups are mentioned in these (one reason that the developers of PUPs can claim they are not true malware). Malware and PUP creators know that most of us skim through License Agreements and they play on this. You need to watch out though because even when an 'added extra' is referenced the wording can be rather ambiguous or deliberately confusing. You may also come across sneaky little tricks such as awkward wording and check boxes that have already been checked in advance.

To stop and from popping up on your computer, you can use Autoruns for Windows or open up Windows registry editor, search for and delete all entries you find. You can also remove this error message by removing the start-up entry in the Windows Task Scheduler. I recommend using Autoruns. Once the problem is fixed, scan your computer with anti-malware software. Why? Because very often this adware comes bundled with PUPs and even spyware. There might be malware on your computer that you didn't notice yet. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, and pop-up removal guide:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.

2. Download Autoruns for Windows and save it to your Desktop.

3. Launch autoruns.exe program (Vista/Windows 7/8 users right-click and select Run As Administrator).

4. In the top menu, click Options > Filter Options.

5. Uncheck Hide Microsft entries and click Rescan.

6. Open Longon tab. Find HKCU\Software\Microsoft\Windows\CurrentVersion\Run in the list. Then right-click CMD and select Delete.

7. Close Autoruns and reboot your computer when done.

8. Scan your computer with anti-malware software.


Mustrum Ridcully said...

Thanks alot, it worked

Anonymous said...

Wow, thank you!

Anonymous said...


Anonymous said...

it worked, thanks:)

Robin Utoyo said...

thanks man..

Anonymous said...

Or instead of downloading another malware, launch regedit.exe (type in RUN box) and find the key:
HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run and just delete CMD (where it says: cmd.exe /c start & & exit)

Anonymous said...

Follow anon instructions worked great!!

Anonymous said...

The Anonymous person who gave those directions, it works great, now i don't have that stupid pop-up! THANKS :)

Anonymous said...

Worked, thanks.

Anonymous said...

Thanks to what Anon said on Feb 8th, it's the best method. You don't need to download any more nonsense.

Anonymous said...

if you do a search for just "cmd.exe /c start http" in regedit, and delete that random url that it pops, it will get all iderations that tend to popup. Ive seen zivling as well as bizigames before.

Anonymous said...

thanks for posting the instructions, i didn't want to download this malware but the regedit deletion worked finally. Kinda surprised malwarebytes wasn't detecting this thing

Tyler said...

Didn't know this program existed.. awesome.
Thanks, I'm am skeptical on one thing...we're taking away it's ability to load up on start but are we actually eliminating the problem?

Admin said...

@Tyler, it's basically just a Windows registry modification which can be removed quite easily (see the removal steps above). Removing the malicious registry entry not only stops the pop-ups but also eliminates malware itself. However, please note that you should still scan your computer with anti-malware software because very often this infections comes packed with adware and other potentially unwanted programs.

Anonymous said...

This is not a scam, 100% works. Did this on 05-17-15 Couldn't find any other way to get rid of it except for this. Thanks alot!