DNS Unlocker adware / malware - how to fix it on a Mac

-



I just wanted to share my experience with this, which had caused me quite a few sleepless nights. I am not some computer expert, so it took me a lot of effort, and also I should thank bro Wiz and the people at Applecare (Giovanne) and Malwarebytes (Thomas R) for helping me to resolve this.

Essentially, I woke up one morning, and surfed the "AVS", "Clubsnap" forums and Straits Times pages, and suddenly found this green clover-shaped tag on the pages, and no matter where you clicked on the page, it caused a pop up to occur, leading to some advertisement page.

This Malwarebytes page gives a good summary of what it is:
https://malwaretips.com/blogs/ads-by-dns-unlocker-removal/.

Basically, it changes your DNS, which is like an address on your computer, then allowing the pop up ads to appear.

I did google for solutions online, but things like resetting the Firefox and Safari, or going into Network preferences to check the IP4 or DNS did not help.

I also found that it affected my Brand New iMac, which did not have any downloads or software from my older machines. Then it affected my iPhone and iPad, even my Macbooks and that was the last straw.

We then surmised that it wasn't sited on my computers. A virus check with Malwarebytes and Virus Barrier Plus did not reveal any infections. There were no plug-ins, or offending extensions.

So how did we lick the issue?

First, we discovered that if I eliminated the router, and plugged directly into my fibre ISP modem, the ads stopped.
At the same time, I discovered that all my other Macbooks were also affected if they used my wifi setup.

When the iMac plugged into the ISP modem directly, it actually took a while, almost an hour or more to find my ISP connection. Initially it could not connect to the internet, and I could not figure out why. Likewise when I swopped out my original router and used an older Apple Extreme Time Capsule, it also faced difficulties connecting to the internet.

But once it did, the ads stopped if I used the LAN connection. I then hauled my iMac to my office, used the office network and it was fine.

So the Applecare man (Giovanne) suggested that I reboot from an external HDD with a fresh OS, and then try using the hotspot from my iPhone, and it was fine. We then used the direct connection from the ISP modem, and it took a while but when it finally connected to the internet, it was fine too.

Then we switched to the older Apple Extreme wifi and it was fine too.

Later I had a setup when I used my Macbook and the issue re-appeared.

So I did the same thing, re-booted from an external OS on a HDD, and then used the ISP modem. Again it took a very long time (two days!) before it could connect. But then now it's fine.

So what happened?

I think somehow the original wifi network was affected.
Well it's my hypothesis that when I took the computers out of the original wifi, I took it out of the DNS address that was affected. By using the ISP modem direct, the two computers had to reset their original DNS settings, which then prevent the adware from coming on, and that's why it took so long to re-connect. And using the office wifi first also diverted them to a different DNS.

Finally I also flushed the DNS. This requires you to use the "Terminal" program, a very 'PC' type program :
http://osxdaily.com/2014/11/20/flush-dns-cache-mac-os-x/

So far, about three days after the tedious steps I am still ad-free.

So if everything else doesn't work for you, try the steps I did:

1 - reboot from an external HDD OS
2 - connect to a direct ISP Modem
3 - reset the web browser
4 - flush the DNS cache
5 - restart the computer and web browser

Hope it helps.

Comments

Post a Comment

Popular posts from this blog

KEF LS 50 Meta review and comparison with the LS50

-
Image
The original KEF LS50 was one of those landmark speakers, a pocket rocket which performed at a much higher level than what it’s price tag might indicate. The original LS50 has been widely reviewed, and is well regarded by audiophiles everywhere.  However it does have some bite in the treble and lacks some deep bass, and works better for music which does not go too deep or with a sub to reinforce the bass. But what it does have is fabulous imaging, which allows you to how off great soundstaging, depth, and definition. If you are into details, you’ll love them. The coaxial design is also wonderful for those who sit a bit off axis. The construction is a marvel in itself and with a modern design, a beautiful gloss finish and a quality build. No wonder it’s loved by music lovers the world over. Now recently KEF has introduced the new KEF Meta. This is an updated version of the original and whilst it can look deceivingly the same, there are significant differences. First a link to the offici
Read more

Dynaudio Heritage Special Speaker Review

-
Image
Dynaudio is a company that has been in the speaker business for more than forty years and prides itself on making most of its components in house, especially the drivers and most of the cabinetry. Through the years they have developed many beloved components for their top end products and have also distilled them down to the masses whenever they launch a special edition. So they have adopted a similar format and take some of their finest drivers, an Esotar 3 tweeter and a woofer derived from the Evidence range and placed them into a more traditional walnut veneer speaker for us to sample.  Thus the Heritage Special (HS) was born. The catch ? Well there are two.. firstly it’s by no means cheap, even though it uses choice components. Second there are only 2500 pairs so if you’re waiting to get one, don’t ! And that’s the sum of my review if you may. If you’re a Dynaudio afficiando, just plonk down the deposit that had planned for the annual summer holiday and get this instead. Now reader
Read more

Setting Up A Mesh Network In Your Home - tips and links

-
Image
If you buy an older place, you need to check if the fibre cable is still working, and you also need to brush up on certain terms: FTP   (first termination point) ONT  (Optical Network Terminal -  also called the modem) connects to the First Termination Point (TP) https://support.myrepublic.com.sg/hc/en-us/articles/115003469974-Basic-ONT-Modem-Information-and-Troubleshooting OpenNet is the local company assigned to install the FTP, now they are called Netlink Trust. Intially they have gotten a bad rep simply because they were overwhelmed. Everyone was going into fibre a few years bad.  You need to call them to do the FTP setup. But first, find out if your home has already been reached by optical fibre. Then check if the line still works. Eg, if your builder has cut the line, then you might be in trouble. Now those chaps will charge you $160 for apartments or $288 for landed properties. You need to give them 2 weeks notice and select from a menu of dates. Then they will su
Read more