Jump to content

DNSUnlocker infection ... again?

Recommended Posts

Thankyo for previous help in thread



It looked like DNSUnlocker had come back in force. I had lots of we DNSUnlocker ads coming up.


I used one of your suggestions in another tread


ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh winsock reset catalog
netsh int ip reset reset.log

and it looks like it has gone.


I did have a problem with my wifi network earlier and received Google Chrome error DNS_PROBE_FINISHED_BAD_CONFIG

This I thought was because I had lost wifi router due to accidentally unplugged. I am pretty sure I got DNS Unlocher just after this.


I have attached files again.


Changes I have made since last are:

lots of installs relating to Eclipse ARM IDE install - I do not suspect this software

GoPro Studio used shortly before infection both times ... I have uninstalled

I used an old USB just before but it had linux software on it -  - I do not suspect this 


All seems OK at the moment.


Thanks for all your help.






Link to post
Share on other sites

More Info.


This morning I went to news.com.au, a site I had previously visited. DNS Unlocker was there.

I Ctl-F5 refreshed - No change

I ran previous ipconfig script - No change

I rebooted - all seems OK


Also ... for past week I have been having Outlook sync problems with IMAP folders. I looked and does not seem like bad addins.


Hmmm... so I restarted Outlook and refreshed browser on site that had a previous DNSUnlocker. I got a chrome error: ERR_NETWORK_CHANGED. 

Page seemed to then download 20% of page. After a few minutes I refreshed.


Still news.com.au and other site seem free of infection.




Link to post
Share on other sites

There is some minor cleanup still needed.

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-21-696374699-2731462149-812581520-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: C:\WINDOWS\Tasks\Superclean.job => c:\programdata\{221f7bda-269d-4969-221f-f7bda269ef68}\hqghumeaylnlf.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...