Unusual Virus/Spyware: DNSUnlocker

[Jk-Palmy]

^{Quick Specs:}

 ^{- Windows 8.1 Pro N x64}

 ^{- Mini-Optiplex 7010 (with 12gig RAM, stock CPU [Core i5 3470K @3.2GHz] 1TB HDD and an Radeon 5670HD 2GB graphics card.)}

 

     While google is the best resource, I have yet to find something concrete to an issue i've been having. Its invaded my Web-browser now its even in my Steam. (See Screenshot-1)

 

     When first detected, I cleaned with Glary, checked my extensions in Chrome, then checked my installed programs. I found NOTHING. (can screen shot program lists upon request)

 

     So instinctively, I went into my Program Files and Program Files x86 to look through individual folders as well in my Temp Folder, Appdata and program Data, Found nothing. (Again can screenshot on request)

 

     I've grabbed Malwarebytes and ran a scan last night and found a registry entry was discovered, which I quarantined and deleted immediately. I'm doin another scan now and will grab Kasperky's Virus Removal Tool (and yes, i'm scanning for rootkits) and so far, nothing is coming up. What in the world do I do now?

[The Official Czex]

 

^{Quick Specs:}

 ^{- Windows 8.1 Pro N x64}

 ^{- Mini-Optiplex 7010 (with 12gig RAM, stock CPU [Core i5 3470K @3.2GHz] 1TB HDD and an Radeon 5670HD 2GB graphics card.)}

 

     While google is the best resource, I have yet to find something concrete to an issue i've been having. Its invaded my Web-browser now its even in my Steam. (See Screenshot-1)

 

     When first detected, I cleaned with Glary, checked my extensions in Chrome, then checked my installed programs. I found NOTHING. (can screen shot program lists upon request)

 

     So instinctively, I went into my Program Files and Program Files x86 to look through individual folders as well in my Temp Folder, Appdata and program Data, Found nothing. (Again can screenshot on request)

 

     I've grabbed Malwarebytes and ran a scan last night and found a registry entry was discovered, which I quarantined and deleted immediately. I'm doin another scan now and will grab Kasperky's Virus Removal Tool (and yes, i'm scanning for rootkits) and so far, nothing is coming up. What in the world do I do now?

 

 

Looks like an extension. Check your browser extension folder.

[RedSphyxis]

Looks like an extension. Check your browser extension folder.

@Jk-Palmy he's right MBAW doesn't scan the extensions in browsers. Some Anti-Virus programs do, but they need to be specified to do so.

 

So either check/remove any suspicious extension, or use your AV to scan the browser's extensions.

[EliasNM]

-

Use AdwCleaner.

[yoomanipop]

Hi 

 

I can help you with that infection

 

1. Go to appwiz.cpl or Programs and features

2. Uninstall the Ads by DNS Unlocker in the program list

3. After uninstallation go to your network and sharing center and go to change adapter settings

4. Choose the network card you are using, right click and go to properties

5. Choose the IPv4 on the list and go to properties

6. Make sure Obtain DNS Server addreses automatically is chosen

7. after that go to internet options in control panel.

8. Go to browsing history and click on delete and it will open another windows, just click delete again.

 

 

After that , the pesky adware should be off the system, also make sure when you install something, make sure to read first and not just hit next, if it still there, reply to this thread, we will do more advanced troubleshooting

 

 

Hope this helps

 

 

Yoomanipop

[Jk-Palmy]

In order:

 

@Czex, I think your on the right track, I'll look in that folder.

 

@RedSphyxis, same thing, my MWBTs scan got nothing, so i'll look at my extension folder.

 

@EliasNM, Tried that already before, didn't pick it up sadly, but thank you for the suggestion!

 

@yoomanipop, When in the Programs and Features, in the uninstall page, all the programs i've left installed are ones I put there and are clean. (Nothing tied to DNSUnlocker or the like.)

[yoomanipop]

Hi

 

If not there then proceed to the other steps

 

Yoomanipop

[Blake]

open powershell and run:

 

Get-Process | Select name

and

Get-Service | Select name

 

Post results, you will most likely have a service/process running that does this. Normally one of the services will auto re-install another process/service as your are trying to un-install them. I have not yet seen an Anti-virus that has even bothered to find one of these (malwarebytes, macafee, sophos etc).

[Jk-Palmy]

In order: 

 

@yoomanipop, sadly, this had no effect - Though I did find the fix to be interesting (this thread should be saved.).

 

@Blake, saw your post too late but found a suitable fix.

<br> </br>

 

Turns out, the DNSUnlocker I had creates a folder called 'htmlcache' in the 'Local\Appdata' directory. (i.e C:\Users\(user)\AppData\Local\Steam\htmlcache is where the steam-ads were) It may also create this in the root directory of the web-browsers as well as a re-install script in the registry. (forgot to screenshot that part).

[yoomanipop]

Hi

 

Sorry if it did not work, I work a techsupport and I have encounter this DNS unlocker a lot of times already, good thing you found it. I will note that down for future use

 

 

THanks

 

 

Yoomanipop