Computer Service / Network Integration / Performance Tuning

Home » Amazon Assistant Popup Virus

Amazon Assistant Popup Virus


Amazon Assistant

Popups Galore


Sound familiar?

I had a client contact me at dinner time yesterday in near hysterics.  The desktop of her Windows 7 computer had been overtaken by white screen popups that covered everything and she was working on some very high priority projects and a tight deadline.

I managed to remote into her computer and look at it.

The culprit identified itself as “Amazon Assistant” and a legitimate looking Amazon icon was pinned to the taskbar and associated with an open application.  Large white windows were repeatedly popping up and covering all other applications.  Closing one only spawned another in  a few seconds.

This is not a virus.  It is not technically malware.  It is a HIJACKER.  It takes over your desktop like so many other hijackers that want you to dial a toll-free number for “Microsoft”, “Windows”, “Dell” or some other “brand” support – all of which are bogus.

Looking through the Uninstall Programs list I found Amazon Assistant had been installed January 16 (3 weeks ago).  It could not be uninstalled.

Locating the directory for aa.hta (almost never a legit file extension to find on a PC) proved to be in Program Files(x86)/Amazon/Amazon Assistant

The files in this directory are:

  • aa.hta
  • aaLoader.dll
  • aaMessenger.dll
  • amazonAssistantService.exe

There is no way to delete them in normal mode. (not really a surprise.  You cannot delete files that are running in memory or locked)

This file is a HIJACKER. AVG identifies it as IDP.Generic

The ONLY way to remove it is to:

  1. Reboot in SAFE MODE
  2. Go to Program Files(x86)/Amazon/ and delete the entire Amazon Assistant directory.
  3. If you’re comfortable editing the registry and have done it thousands of times like I have, run regedit and search for “Amazon”. Delete every ROOT key pertaining to Amazon Assistant.
  4. <reboot> in normal mode.
  5. Go to Control Panel and Programs – Uninstall Amazon Assistant.
  6. Update AVG (now Avast) and configure it to correctly:
  • scan ALL FILES
  • Scan for potentially unwanted programs
  • Scan archives
  • Basically check off every single option for a Deep Scan
  • and run a full scan (now Deep Scan).


In searching the web for aa.hta I found 3 questions and responses on the AVG help forums.  All the responses were useless.  Unfortunately this is typical and goes right along with my experience selling AVG since about 2006 or so.  AVG has always made a great product, but their support is absolutely the worst in the industry.  They know this.  I have spoken to them about it numerous times.

I am personally responsible for selling, installing and configuring over 4,000 AVG products since about 2006.  I know what I am doing and have written several blogs on properly configuring both Norton and AVG products for optimal protection.  I have removed hundreds of thousands (may actually be millions by now) malware infections over the years.

It would be refreshing to see some actually helpful support from AVG for once.

I have to say I absolutely HATE the new AVG / Avast interface.  It is very unfriendly, difficult to configure and it CHANGES SETTINGS THAT I HAVE INTENTIONALLY CONFIGURED FOR OPTIMAL PROTECTION.

I hate it.

Did I say I hate it?

Yes I HATE it.


Are you listening?

You took the best malware protection on the market and you made it significantly LESS effective.

What a monumentally STUPID and arrogant thing to do.

If all of this makes you just wring your hands in dismay, contact us for a solution

If you’re local to Dallas, Texas we can come to you – or

We can remote in to anyplace in the world.

DFW Computer Integration
7522 Campbell Rd
Dallas, TX 75248

Name of author

Name: Wizard

Short Bio: The Computer Wizard (TCW). TCW was founded by Warren P. Harris in 1994 to service and repair computers in the San Francisco Bay Area. Relocating the business to Plano, Texas in 1999, TCW continued to flourish when an unfortunate loss of data for a wedding Mr. Harris photographed, caused him to research data recovery options. Realizing he would have to either pay someone to recover the photos or find out how to do it himself, the rest, as they say "is history". Approached by a friend who was a Private Investigator in 2006, Mr. Harris studied for his Investigator's license and began honing his skills in Computer Forensics. The company was renamed DFW Computer Integration in 2015.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.