DNS Unlocker adware / malware - how to fix it on a Mac

I just wanted to share my experience with this, which had caused me quite a few sleepless nights. I am not some computer expert, so it took me a lot of effort, and also I should thank bro Wiz and the people at Applecare (Giovanne) and Malwarebytes (Thomas R) for helping me to resolve this.

Essentially, I woke up one morning, and surfed the "AVS", "Clubsnap" forums and Straits Times pages, and suddenly found this green clover-shaped tag on the pages, and no matter where you clicked on the page, it caused a pop up to occur, leading to some advertisement page.

This Malwarebytes page gives a good summary of what it is:

Basically, it changes your DNS, which is like an address on your computer, then allowing the pop up ads to appear.

I did google for solutions online, but things like resetting the Firefox and Safari, or going into Network preferences to check the IP4 or DNS did not help.

I also found that it affected my Brand New iMac, which did not have any downloads or software from my older machines. Then it affected my iPhone and iPad, even my Macbooks and that was the last straw.

We then surmised that it wasn't sited on my computers. A virus check with Malwarebytes and Virus Barrier Plus did not reveal any infections. There were no plug-ins, or offending extensions.

So how did we lick the issue?

First, we discovered that if I eliminated the router, and plugged directly into my fibre ISP modem, the ads stopped.
At the same time, I discovered that all my other Macbooks were also affected if they used my wifi setup.

When the iMac plugged into the ISP modem directly, it actually took a while, almost an hour or more to find my ISP connection. Initially it could not connect to the internet, and I could not figure out why. Likewise when I swopped out my original router and used an older Apple Extreme Time Capsule, it also faced difficulties connecting to the internet.

But once it did, the ads stopped if I used the LAN connection. I then hauled my iMac to my office, used the office network and it was fine.

So the Applecare man (Giovanne) suggested that I reboot from an external HDD with a fresh OS, and then try using the hotspot from my iPhone, and it was fine. We then used the direct connection from the ISP modem, and it took a while but when it finally connected to the internet, it was fine too.

Then we switched to the older Apple Extreme wifi and it was fine too.

Later I had a setup when I used my Macbook and the issue re-appeared.

So I did the same thing, re-booted from an external OS on a HDD, and then used the ISP modem. Again it took a very long time (two days!) before it could connect. But then now it's fine.

So what happened?

I think somehow the original wifi network was affected.
Well it's my hypothesis that when I took the computers out of the original wifi, I took it out of the DNS address that was affected. By using the ISP modem direct, the two computers had to reset their original DNS settings, which then prevent the adware from coming on, and that's why it took so long to re-connect. And using the office wifi first also diverted them to a different DNS.

Finally I also flushed the DNS. This requires you to use the "Terminal" program, a very 'PC' type program :

So far, about three days after the tedious steps I am still ad-free.

So if everything else doesn't work for you, try the steps I did:

1 - reboot from an external HDD OS
2 - connect to a direct ISP Modem
3 - reset the web browser
4 - flush the DNS cache
5 - restart the computer and web browser

Hope it helps.


Popular posts from this blog

Dynaudio Special Forty Speaker review

Tips on choosing a fan and the Haiku Fan

My Setup March 2016