Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Tuesday, September 15, 2015

Remove pop-up on startup (Uninstall Guide)

Tell your friends:
Adware is the name of a type of computer software program that shows you pop-up window whenever you start up your computer. It can be also detected as Gen.Variant.Kazy malware. Naturally, the main reason for this is to increase traffic to, and sales on, a designated website but it has another purpose to, and that is to generate a stream of revenue for the person who developed it. While this is all well and good for the developer, often the outlook can be not quite so rosy – or financially rewarding – for you and me. That's how adware usually works. However, to generate a stream of revenue probably isn't the main goal of pop-up. It's basically a blank page with embedded PSY - GANGNAM STYLE video. Maybe someone is just testing something or it could also be an attempt to manipulation stats since it the web page uses LiveInternet counter to track visitors. Anyway, no matter what's the reason behind this adware it's time to remove it!

The way in which adware works

First of all, it modifies Windows registry by adding a cmd.exe command which runs every time Windows starts. Secondly, it creates a start-up entry. As a result, black cmd.exe window pops up and opens the web page which redirects you to The whole Windows registry modification looks like this:

Command: cmd.exe /c start exit
Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

As you can see, the initial website is not but since it redirects very fast you can't really notice this.

Other problems with this adware

Pop up windows caused by an adware infection can be severely annoying and have a big knock on effect on your ability to use your computer. But that's not all and the real issue that many people have with adware is the fact that it has the ability to monitor which websites you look at. This is so that the programmer is able to customize the type of advertising they show you – once they know that you have been looking at new Nike sneakers, cheap flights to New York, or insurance broking services, you will then see adverts for the same type of products or providers. It's not only annoying but also potentially dangerous. Just imagine that it's not an embedded video any more but a malicious piece of code. Simply visiting such website is more than enough to infect your computer malware.

How can it generate a source of income for the developer?

As mentioned earlier, adware is often used to create revenue for the developer and this is often because they want to recoup the costs that they incurred when they developed another, usually more legitimate app or program. But as I said, the main goal of this particular adware is probably different than simply displaying ads. I'm not sure what exactly they are trying to achieve but I hope to find out soon.

However, I do not that adware will be packaged surreptitiously with that program or app and it is because they are making money off the adware, they are able to offer their real product (i.e. application, file, or software) at a low cost – and often even for free.

Does it fall under the malware umbrella?

It is true to say that there are some far more unpleasant types of malware – or malicious software – lurking on the internet, and adware is often discussed in conjunction with other malware programs but this can be a bit of a gray area. programmers of course will tell you that it is not even close to being malware as it doesn't do you harm, but many people see it as just another online threat. Just bear in mind that if it is installed on your PC or phone is could destabilize your device’s security settings or tools and leave you vulnerable to something far more dangerous.

How to get rid of pop-up?

To stop annoying pop-ups on your computer, you can use Autoruns for Windows or open up Windows registry editor, search for or and delete all entries you find. You can also remove this pop-up window by removing the start-up entry in the Windows Task Scheduler. I recommend using Autoruns. Once the problem is fixed, scan your computer with anti-malware software. Why? Because very often this adware comes bundled with PUPs and even spyware. There might be malware on your computer that you didn't notice yet. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, Pop-up Removal Guide:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.

2. Download Autoruns for Windows and save it to your Desktop.

3. Launch autoruns.exe program. From the menu, click Options and uncheck Hide Windows entries.

4. Go to the Logon tab and delete the key with the "" value. Possible registry entries: HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

Then go to the Image Hijacks tab and delete every entry you find that point

5. Close Autoruns and reboot your computer when done.

6. Scan your computer with anti-malware software.


Христо Неделчев said...

ty ^^

Anonymous said...

i removed


it works thank you

Anonymous said...

Thanks, using Autoruns worked! Unfortunately, nothing happened when I typed regedit.. and nothing happens when I try opening Malwarebytes.. :/

Tommy said...

Same here.. I removed HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run but nothing happened except the removal of the start up pop up.. Still can't open Ccleaner or Malwarebytes.. I need hep..

tequilla1304 said...

Hi Everyone today i had same issue with this ''SHIT'' I couldn't open neither Ccleaner or regedit and this is how i get fix it

1. Go to your HDD and Find Windows folder
2. Find regedit in this folder and copy it to desktop
3. Rename it to what ever you want and run it it should open registry
4. Now close this and go to Start/Run/regedit it should open even this
5. Find ( ctrl-f ) and delete it

This is how i fix this hope it was helpful. Bye.

Painis DeWitt said...

Hello, I have a big problem, I couldn't find anything in HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run nor HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run and there's nothing in Image Hijacks and the site is still opening for me on startup, scanned with malwarebytes and ccleaner and there's nothing ._. What's wrong?