|
Problem description: I'm getting ads/linked key words/popups in my browsers (primarily Chrome), from something that calls itself DNS Unlocker. I don't know what I downloaded and installed that included this gem but I'm really struggling to clear it out. Attempted fixes: Malwarebytes scan - shows nothing. Too scared to download anything else, lot of confusing information out there. This laptop also runs Symantec AV but it didn't catch it/doesn't find it. Capable of creating a USB bootable key if pointed in the right direction for an image. Recent changes: Not really, I occasionally download little tools here and there, usually from sourceforge or similar and don't think enough about it. -- Operating system: Windows 7 Pro 64bit System specs: Lenovo T440S, Core i7, 8gb ram 256gb SSD Location: Australia I have Googled and read the FAQ: Yes/Yes, still confused. Hijackthis log: http://pastebin.com/9Xz4K49N Here's what it looks like in Chrome Any help appreciated!
|
# ? Aug 20, 2015 06:50 |
|
|
# ? Apr 28, 2024 01:37 |
|
Try running these two: http://www.bleepingcomputer.com/download/adwcleaner/ http://www.bleepingcomputer.com/download/junkware-removal-tool/
|
# ? Aug 21, 2015 01:37 |
|
Actually this seems pretty simple to remove without tools, check out this guide specific to DNS Unlocker. Basically you just uninstall the software then remove the browser add-ons it installed. Never download any software from Sourceforge, it is a malware distribution site that hosts fake open-source projects with malware droppers bundled into the installers. SF used to be legit but in 2013 was acquired by Dice.com and turned into a malware distributor, this year they switched to creating fake projects with infected downloads for projects hosted on other sites. Alereon fucked around with this message at 01:45 on Aug 21, 2015 |
# ? Aug 21, 2015 01:40 |
|
Thanks for the responses guys! Unfortunately nothing shows up in Add/Remove programs for me to remove. I hit a few guides like that but it didn't seem to match up to what I'm seeing and often the instructions just seemed generic. AdwCleaner and JunkWare Removal Tool found nothing either :\ Not sure what to try next, is there an offline tool I can boot into that might work better?
|
# ? Aug 21, 2015 03:42 |
|
I've had a fair amount of success with : http://support.kaspersky.com/4162 One quick thing to check is to right click your browser's properties and check to see if there are any added switches in the "target" field that run when it loads.
|
# ? Aug 21, 2015 13:40 |
|
Nothing found, good thought about the target options but I can't see anything in the desktop shortcut and mostly I launch Chrome by mashing the windows key, typing chrome and hitting enter (which I think starts the app directly? might be wrong here) I'm starting to think I'll just wipe this thing with Windows 10, everything is backed up anyway. Also thanks for the tip about SF. I didn't realise it had gone that bad, very disappointing. I usually use ninite.com for my basic apps when I start clean. I'm fairly sure now that I picked this up from jpdf, which was a SF download. I stupidly ran the .bat file to launch the java app and I suspect this is the source. BurgerQuest fucked around with this message at 09:36 on Aug 22, 2015 |
# ? Aug 22, 2015 09:34 |
|
You could try an offline scan using: http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline If that doesn't help you could try ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
|
# ? Aug 22, 2015 21:26 |
|
|
# ? Apr 28, 2024 01:37 |
|
I don't really have much feedback on cleanup if the tool's Zogo linked don't find anything, but once you get up and running again I would strongly recommend that you install the uBlock Origin add-on, it's available for Chrome and Firefox and blocks ads, malware, and other crap without the performance impact of other add-ons like AdBlock Plus. Since your browser never downloads or renders that content it will actually significantly improve performance. Definitely don't install Java or any Adobe software.
|
# ? Aug 23, 2015 21:53 |