Adware.FileTour.H is a potentially unwanted program (PUP) that disguises itself as a legitimate file-sharing or download manager utility while injecting aggressive advertisements into your browsing sessions. Once installed, this adware variant modifies browser settings, tracks your online activity, and bombards you with pop-ups, in-text ads, and sponsored search results designed to generate revenue for its operators. While not classified as a traditional virus, FileTour.H can significantly degrade system performance and expose you to further security risks through deceptive advertising networks.

Adware.FileTour.H — cybersecurity illustration
Photo by Firmbee.com on Pexels

This threat typically arrives bundled with free software downloads or through misleading installer packages that obscure its presence among "recommended" components. Users often don't realize they've agreed to install it until their browsers begin displaying unexpected behavior—extra toolbars, changed homepages, or ads appearing on websites that normally don't show them.

Think You're Infected Right Now? If you're experiencing unexpected pop-ups, browser redirects, or sluggish performance, disconnect from the internet and avoid entering passwords or financial information until the threat is removed. Don't wait—adware can track sensitive data and open doors to more serious infections. Call Computer Repair Roswell at (770) 679-9001 or bring your machine to our shop at 1753 Woodstock Rd for immediate assistance.

Threat Profile

Attribute Details
Family FileTour adware family (variant H)
Classification Adware / Potentially Unwanted Program (PUP)
Aliases PUP.Optional.FileTour, Adware:Win32/FileTour, FileTourAds
Platform Windows (7, 8, 8.1, 10, 11); may affect all major browsers
Discovered Variants in this family active since approximately 2014–2016
Distribution Software bundling, fake installers, misleading download buttons, compromised freeware sites
Persistence Mechanism Browser extensions, Run registry keys, scheduled tasks, helper DLLs injected into browser processes
Primary Capabilities Ad injection, browser hijacking, search redirection, tracking cookie deployment, affiliate fraud
Typical Indicators Unexpected pop-ups, in-text link ads (double-underlined keywords), changed browser homepage/search engine, new toolbars, CPU spikes during browsing
Data Collection Browsing history, search queries, clicked links, IP address, system specs (used for ad targeting)
Network Behavior Frequent connections to advertising networks and tracking domains; may redirect searches through suspicious intermediary servers
Removal Difficulty Moderate—installs multiple components that can re-enable each other if removal is incomplete

How It Spreads

Adware.FileTour.H spreads primarily through software bundling—a practice where legitimate freeware or shareware installers include "optional" offers for additional programs. These offers are often pre-checked or worded in confusing ways that trick users into accepting them. Many people click through installation wizards using the "Express" or "Recommended" settings without realizing they're agreeing to install multiple unwanted programs alongside the software they actually wanted.

The adware also proliferates through deceptive advertising on file-sharing sites and free software repositories. You might see fake "Download" buttons that actually trigger a PUP installer instead of the file you're looking for, or misleading warnings claiming your media player or PDF reader is "out of date" and needs an immediate update. Torrent sites, codec pack installers, and video converter utilities are particularly common vectors for this type of adware.

Common distribution methods include:

  • Bundled installers from third-party download sites that repackage legitimate software with adware components
  • Fake update notifications for Flash Player, Java, media codecs, or browsers appearing on sketchy websites
  • Misleading download buttons on file-sharing platforms that advertise instead of download
  • Compromised browser extensions that initially appear useful (PDF converters, video downloaders) but inject ads after installation
  • Malvertising campaigns using legitimate ad networks to display infected advertisements on otherwise trustworthy sites
  • Social engineering emails with attachments or links to fake software utilities

What It Does On Your Machine

Once installed, Adware.FileTour.H establishes multiple persistence mechanisms to ensure it survives reboots and casual uninstallation attempts. It typically creates a folder in your user profile with a randomized or generic name, places executable files and DLLs there, and registers these components to launch automatically through Windows registry Run keys or scheduled tasks. The adware may install browser extensions in Chrome, Firefox, and Edge that appear as legitimate-sounding utilities but actually function as ad-injection engines.

The most visible symptom is the sudden appearance of advertisements where they don't belong. You'll see pop-ups and pop-unders opening new browser windows or tabs, in-text ads that turn random words on web pages into clickable links (often with double underlines), banner ads injected into sites that normally don't display them, and video ads that autoplay when you visit certain pages. Your homepage and default search engine may change to an unfamiliar service, and search results get redirected through intermediary servers that track your queries and insert sponsored links at the top of results.

Behind the scenes, FileTour.H monitors your browsing activity to build an advertising profile. It logs which sites you visit, what you search for, what you click on, and how long you spend on different pages. This information gets transmitted to remote servers operated by the adware's distributors and their advertising partners. While the FileTour family isn't typically associated with stealing passwords or financial data directly, the tracking behavior represents a significant privacy violation, and the aggressive ad injection creates opportunities for more serious malware to enter your system through malicious advertisements.

Typical filesystem and registry artifacts for FileTour variants:
%LOCALAPPDATA%\FileTourHelper # or similar generic folder name %LOCALAPPDATA%\FileTourHelper\ftservice.exe %LOCALAPPDATA%\FileTourHelper\fthelper.dll %APPDATA%\Mozilla\Firefox\Profiles\{profile}\extensions\{random-guid} %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\{extension-id} Registry persistence locations: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\FileTourHelper HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FileTour Update HKCU\Software\FileTour # configuration data Scheduled task: Task Scheduler Library\FileTourUpdate # runs hourly or at logon

System performance takes a noticeable hit once FileTour.H is active. Your CPU usage may spike during browsing sessions as the adware injects content into web pages in real-time. Memory consumption increases because the adware runs multiple processes and loads additional DLLs into your browser. Your internet connection may feel slower because every page load now requires additional requests to advertising servers, and those servers may deliberately delay responses to maximize ad impressions. In severe cases, the constant background activity can drain laptop batteries faster and cause older systems to become noticeably sluggish even during basic tasks.

Manual Removal — Step by Step

01

Disconnect from the Network

Unplug your ethernet cable or disable Wi-Fi immediately. This prevents the adware from downloading additional components, communicating with command servers, or updating itself while you work on removal. If you're on a desktop with a wired connection, physically disconnect the cable. On a laptop, use the wireless toggle switch or disable the adapter in Windows settings.

02

Boot Into Safe Mode with Networking

Restart your computer and enter Safe Mode, which loads Windows with minimal drivers and prevents most startup programs from launching. On Windows 10/11, hold Shift while clicking Restart, then navigate to Troubleshoot > Advanced Options > Startup Settings > Restart, and press F5 for Safe Mode with Networking. This mode disables the adware's auto-start mechanisms and makes it easier to remove core components without them actively defending themselves.

03

Uninstall Suspicious Programs

Open Settings > Apps > Apps & Features (or Control Panel > Programs and Features on older Windows). Sort by install date and look for programs installed around the time your problems started. Remove anything named FileTour, file-sharing utilities you don't remember installing, browser helpers, download managers, or anything with generic names like "System Optimizer" or "PC Helper." Uninstall these one at a time, restarting if prompted.

04

Remove Browser Extensions

Open each browser you use and check for unfamiliar extensions. In Chrome, go to the three-dot menu > Extensions > Manage Extensions. In Firefox, click the menu > Add-ons and Themes > Extensions. In Edge, go to the three-dot menu > Extensions. Remove anything you don't recognize, especially extensions related to downloads, coupons, shopping, or search helpers. Don't worry about removing something legitimate—you can always reinstall it later if needed.

05

Clean Registry Persistence Entries

Press Win+R, type regedit, and press Enter to open Registry Editor. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Look for entries referencing FileTour, random executable names in your user folders, or anything suspicious that launches at startup. Right-click and delete these entries. Also check under HKEY_CURRENT_USER\Software for a FileTour folder and delete it completely. Be careful not to delete legitimate Windows entries—when in doubt, search the entry name online before removing it.

06

Remove Scheduled Tasks

Open Task Scheduler by pressing Win+R, typing taskschd.msc, and pressing Enter. Look through Task Scheduler Library for tasks with names like "FileTourUpdate," generic names referencing your user folders, or tasks that run hourly with no clear purpose. Right-click suspicious tasks and select Delete. Pay attention to tasks that trigger at logon or run frequently—legitimate Windows tasks are usually in Microsoft subfolders, not the root library.

07

Delete Adware Files and Folders

Open File Explorer and navigate to C:\Users\[YourUsername]\AppData\Local and C:\Users\[YourUsername]\AppData\Roaming. Look for folders with names like FileTour, FileTourHelper, or randomly-named folders containing executables with generic names. Delete these entire folders. If Windows says a file is in use, note the filename, open Task Manager (Ctrl+Shift+Esc), find the process, end it, then try deleting again. Also check your Program Files and Program Files (x86) folders for related directories.

08

Run a Reputable Anti-Malware Scan

Download and install Malwarebytes Free or another trusted anti-malware tool (reconnect to the internet briefly if necessary). Update its definitions and run a full system scan. These tools have signatures for FileTour variants and can catch remnants you might have missed. Let the scan complete—it may take an hour or more—and quarantine or remove everything it finds. Consider running a second scan with a different tool like AdwCleaner for thoroughness.

09

Reset Browser Settings

Even after removing extensions, the adware may have changed other browser settings. In Chrome, go to Settings > Reset and clean up > Restore settings to their original defaults. In Firefox, type about:support in the address bar and click "Refresh Firefox." In Edge, go to Settings > Reset settings > Restore settings to their default values. This won't delete your bookmarks or passwords but will remove lingering homepage changes, search engine modifications, and startup page alterations.

10

Reboot and Verify

Restart your computer normally (not in Safe Mode) and reconnect to the network. Open your browser and visit a few familiar websites to confirm the ads are gone. Check that your homepage and search engine are correct. Monitor Task Manager for unusual processes consuming resources. If pop-ups return or you see suspicious network activity, the infection may have additional components that require professional removal—don't spend days fighting it yourself when expert help is available.

Prevention

  1. Download software only from official sources. Get programs directly from the developer's website, not third-party download portals. Sites like Download.com, Softonic, and CNET Downloads have been known to wrap installers with bundled adware. If you must use a third-party site, choose the "direct download" option when available.
  2. Always use Custom installation. Never click "Express," "Recommended," or "Quick Install" when installing software. Choose "Custom" or "Advanced" and read each screen carefully. Uncheck any pre-selected offers for toolbars, browser extensions, system utilities, or other "bonus" software you didn't specifically want.
  3. Keep legitimate security software running. Windows Defender is competent for basic protection, but consider adding Malwarebytes Premium or a similar anti-malware tool that focuses on PUPs and adware. Keep definitions updated and run periodic scans even if you don't see obvious symptoms.
  4. Use an ad blocker in your browser. Extensions like uBlock Origin not only block regular ads but can also prevent many malicious advertisements and fake download buttons from appearing in the first place. This reduces your exposure to malvertising and deceptive links.
  5. Be skeptical of update notifications. Legitimate software updates usually come through the program itself or official Windows/macOS update mechanisms, not through pop-ups while you're browsing random websites. If a site tells you to update Flash, Java, or a video codec, close the tab and check the software yourself through official channels.
  6. Read installer prompts completely. Adware distributors count on people clicking Next rapidly without reading. When you see an installer screen with a lot of text, actually read it. Look for phrases like "also install," "recommended offer," or "enhanced browsing experience"—these usually signal bundled junk.
  7. Create a standard user account for daily use. Run as a standard user rather than an administrator for routine tasks. Many adware installers require elevated privileges to install system-wide components. A standard account prompts for admin credentials, giving you a chance to think twice before allowing installation.
  8. Educate other users on your system. If family members or employees use your computers, teach them the same precautions. One careless installation can compromise the whole machine. Make it clear that they should ask before installing anything unfamiliar.
Our 90-Day Warranty Promise: When Computer Repair Roswell removes Adware.FileTour.H from your system, we guarantee it stays gone. If the same threat returns within 90 days—not due to reinfection from unsafe browsing, but because we missed something—we'll fix it again at no charge. We document our work, verify removal thoroughly, and make sure your system is clean before you leave.

Bring It In

Manual removal works for straightforward infections, but adware like FileTour.H often installs deeper rootkits or partners with other threats that hide components and reinfect your system after you think you've cleaned it. If you've followed these steps and still see pop-ups, if your browser behaves strangely, or if you're just not comfortable working in the registry and system folders, don't waste more hours fighting it. Professional removal typically takes us 30-60 minutes using specialized tools and techniques developed from handling thousands of these infections.

Computer Repair Roswell has been cleaning PUPs, adware, and worse from Roswell-area computers since 2004. We're located at 1753 Woodstock Rd—easy to find, right near the intersection with Hembree Road. Bring your desktop or laptop in, or give us a call at (770) 679-9001 to discuss your symptoms. We'll run a thorough diagnostic, remove the adware completely, verify your system is clean, and explain what happened so you can avoid it in the future. Most adware removals are same-day service, and we'll make sure you leave with a machine that works the way it should—no pop-ups, no redirects, no hidden tracking. We're open Monday through Friday and we're here to help.