AcmeUK
2016-08-13, 17:37
My browser got hijacked by DNS Unlocker!
I am using Win10 with Defender activated and I am careful about what sites I visit, but I still got hit!
Spybot S & D did not find the ‘Malware’ neither did AdAware.
Analysis of my system showed that DNS Unlocker had made 2 changes to my system.
The first change I located was that DNS server addresses had been added to my network adapter TCP/IP settings. See image below
12637
I deleted these addresses and rebooted my PC, all fixed; or so I thought.
After a while I was again bombarded by DNS Unlocker adds. I checked the TCP/IP settings and there was nothing there.
I eventually found that a Registry key had been added. See details below:-
Key Location : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Key Name : NameServer
Key Type : REG_SZ
Key Value : 82.163.142.7 95.211.158.134
I deleted the key, rebooted and all is well.
I hope this helps others.
----------------------------------------------------
Admin Edit: Forum FAQ: https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated&p=1092&viewfull=1#post1092
"If someone posts instructions in their own topic, "this worked for me", it will be removed, possibly without notice. Just so you know. http://forums.spybot.info/images/smilies/smile.png"
We'll let this one stand but... anyone surfing in to this topic please note the FAQ. Thanks.
I am using Win10 with Defender activated and I am careful about what sites I visit, but I still got hit!
Spybot S & D did not find the ‘Malware’ neither did AdAware.
Analysis of my system showed that DNS Unlocker had made 2 changes to my system.
The first change I located was that DNS server addresses had been added to my network adapter TCP/IP settings. See image below
12637
I deleted these addresses and rebooted my PC, all fixed; or so I thought.
After a while I was again bombarded by DNS Unlocker adds. I checked the TCP/IP settings and there was nothing there.
I eventually found that a Registry key had been added. See details below:-
Key Location : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Key Name : NameServer
Key Type : REG_SZ
Key Value : 82.163.142.7 95.211.158.134
I deleted the key, rebooted and all is well.
I hope this helps others.
----------------------------------------------------
Admin Edit: Forum FAQ: https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated&p=1092&viewfull=1#post1092
"If someone posts instructions in their own topic, "this worked for me", it will be removed, possibly without notice. Just so you know. http://forums.spybot.info/images/smilies/smile.png"
We'll let this one stand but... anyone surfing in to this topic please note the FAQ. Thanks.