Ads by DNS Unlocker

[TrishaCat]

I'm not sure why, but for some reason I keep having this recurring piece of Malware appear on my computer no matter how many times I get rid of it. First off, from what I gather, this piece of malware causes intrusive ads to appear on various browsers (including Steam browser) regardless of what ad blocking software is installed. And all of these ads say "ads by DNS Unlocker" or some variant with that name. Upon inspection of my computer, I'll see that there's a folder in the C Drive titled "DNS Unlocker version something (can't remember)" and if I go into add or remove programs I can uninstall it. Uninstalling it and deleting my cache in appdata seems to temporarily alleviate this issue. Everything normally is all fine and dandy after doing this, however... After a few sleep modes and computer restarts, eventually I'll have the command prompt pop up a few times very very quickly and briefly and then shortly thereafter it'll be back. Over and over this process has been reoccurring, no matter what I uninstall, what anti-malware programs I run, etc. For the record, here's what malwarebytes brings up whenever I'm afflicted. If I run it, it finds stuff, and then if I run it again it won't unless the problems come back, which usually doesn't take too long to happen: 

 

I did some research on this https://www.reddit.com/r/techsupport/comments/3hwqwl/removong_dns_unlocker/ and https://www.reddit.com/r/techsupport/comments/3i5dq0/cant_remove_dns_unlocker_urgent/) and supposedly it affects my network settings DNS address, however if I go into such there's nothing there:

http://i.imgur.com/Ofmnmrv.png

There were suggestions to try changing my DNS server address to google's but I don't know what to put under subnet mask or even if that'll do anything considering that nothing is coming up. Does anyone know what I should do? I've even read that some people after doing a system restore will still have this issue. What's strange is that I haven't gone to any shifty sites in recent days, so I'm not sure where this came from either.

Edited March 10, 2016 by Battlechili

[ArielMT]

To use Google's public DNS servers, all you have to do is tick "Use the following DNS server addresses:" item in the "Internet Protocol Version 4 (TCP/IPv4) Properties" window (the middle window in your imgur screenie), and fill in

• Preferred DNS server: 8.8.8.8
• Alternate DNS server: 8.8.4.4

Don't worry about IP address settings; that whole section should stay on automatic.

I found manual removal instructions for Trojan.DNSChanger.DNSRst on the MalwareBytes forum: https://forums.malwarebytes.org/index.php?%2Ftopic%2F177617-removal-instructions-for-dnschanger%2F - One of the things it walks you through is the windows task scheduler.  A scheduled task is a pretty straightforward yet little-known way for malware like this to keep control.

Bleeping Computer is a good forum for this sort of thing, and in fact they host one of the tools I've taken to recommending for this sort of thing: AdwCleaner at http://www.bleepingcomputer.com/download/adwcleaner/ (or https://toolslib.net/downloads/viewdownload/1-adwcleaner/ on their home page).  This cleans up leftover files, settings, and browser extensions from adware.

[ArielMT]

Also, consider making a bootable CD or new thumbdrive with Windows Defender Offline (WDO) on it.  Follow the instructions at http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline using a known-clean PC to make the bootable media, then boot off of it on the problem PC.  Booting into WDO instead of your installed Windows OS prevents startup malware from running and hiding itself.  Be aware that although a quick scan will take about a half hour, a full scan is likely to take between five and 10 hours.

 

The surest solution, however, is also the most destructive and obviously least convenient: nuke and pave.  Save your files on removable disks, format and reinstall Windows, and reinstall and re-customize your programs.

[RTDragon]

Have you actually tried to follow these instructions here? https://malwaretips.com/blogs/ads-by-dns-unlocker-removal/

Considering DNS Unlocker been poping up on FA from journals. Odd i've have not gotten this considering i have ads blocked with ublock origin as well with Spyware Blaster and Spybot S&D. Also wouldn't be recommended torrenting cause most likely that's where you got it from. Since it's bundled often with free programs.

 

Edited March 16, 2016 by RTDragon

[TrishaCat]

4 hours ago, RTDragon said:

Have you actually tried to follow these instructions here? https://malwaretips.com/blogs/ads-by-dns-unlocker-removal/

Considering DNS Unlocker been poping up on FA from journals. Odd i've have not gotten this considering i have ads blocked with ublock origin as well with Spyware Blaster and Spybot S&D. Also wouldn't be recommended torrenting cause most likely that's where you got it from. Since it's bundled often with free programs.

 

I haven't torrented anything in a long time.

But nevermind that; I solved this problem. Downloaded a program that messes with my network settings and had it set my DNS server to be Google's. Apparently whenever you remove this from your system it re-adds it by changing your DNS settings to some server address where the malware can be resent to you. So that's how I kept getting it back. I think its gone now. Although I worry about what'll happen if I ever decide to change my DNS to just set itself automatically like it used to. Not that I need to for the moment.

[ArielMT]

It re-adds itself by leaving behind a scheduled task that MBAM doesn't clean up.

[TrishaCat]

1 hour ago, ArielMT said:

It re-adds itself by leaving behind a scheduled task that MBAM doesn't clean up.

Are you sure? I checked my scheduled tasks like you suggested earlier in the thread but didn't see anything out of the norm. Nonetheless, I am on my laptop at the moment and will recheck once I get back to my PC where it was originally the problem just to be absolutely sure. But I do recall checking and there was nothing there that shouldn't  be I believe.

Edited March 17, 2016 by Battlechili

[AshleyAshes]

Yeah, using a DIFFERENT program to try and undo what malware is doing to your system is a terrible idea.  It's like solving a bleeding gash in your arm by placing a bucket under it to catch the blood.  Rescue your Windows key, format the whole thing and reinstall the OS.

[RTDragon]

You may as well reformat completely now since you really messed around with your computer without following the instructions how to remove it.

[ArielMT]

12 hours ago, Battlechili said:

Are you sure? I checked my scheduled tasks like you suggested earlier in the thread but didn't see anything out of the norm. Nonetheless, I am on my laptop at the moment and will recheck once I get back to my PC where it was originally the problem just to be absolutely sure. But I do recall checking and there was nothing there that shouldn't  be I believe.

If that's true, then there's some other still-undetected nasty installed on your PC.  You'll know it's still there if your DNS settings get reset again.

[TheGreatFanatic]

If you have a shit computer:

*Step 1:

[Endless/Nameless]

4 hours ago, TheGreatFanatic said:

If you have a shit computer:

*Step 1: