Browser popup / DNS Unlocker Infection

[allbs]

I also checked my DNS settings on my ethernet connection and it is set to automatic. I read something about DNS unlocker sometimes changing this so I thought I'd let you know.

Thanks,

Allbs

 

[TwinHeadedEagle]

Hello,


Did you delete all items found by AdwCleaner? Do you still need help?

 

[allbs]

I did and the problem still exists. I loaded up Steam and ads continue to pop up within the steam client. I haven't yet had it effect google chrome again though as of yet.

I uninstalled and re installed steam but the problem still exists.

 

[allbs]

Gyazo - 39cb72e2a52ff8e40c6797cc6db6667f.png

This popup appears along with whatever ad is also presented within steam

 

[allbs]

Just to update you. I found a steam guide on this site relating to my issue it seems. I followed it by using all the recommended ad / malware removal tools step by step.

I then deleted the steam folder in appdata/local and restarted my pc. Whilst restarting I bluescreened and then upon restart I had a black screen that said "Hitman Pro 3.x.x" before I returned to my desktop. Hitman Pro seemed to run a scan on computer restart and found this Gyazo - c0aec1dd04e729cde69c6169d98cfcd7.png. 'GameMon.des (Service) C:\Windows\SysWOW64\ - Suspicious.

I am yet to take action on this scan result.

Thanks in advance.

 

[TwinHeadedEagle]

That file looks legit:

The gamemon.des file, also called GameMon, is the process file that belongs to nProtect Game Monitor application program owned and developed by INCA Internet Company, Ltd. GameMon is also named nProtect GameGuard, or simply GameGuard, an online gaming security system that provides gaming companies product security and user-friendly portal sites to safeguard their computers from hacking, information theft, cracking, system viruses and malware, and all other cyber crimes. GameMon is bundled with an array of online multi-player games such as Phantasy Star Universe, Aion: The Tower of Eternity, MapleStory, GunZ: The Duel, GunBound, Sudden Attack, Ragnarok Online, and 9Dragons. GameMon does its function by terminating applications defined by INCA or the game vendor to be cheats, hiding the process of game application, monitors the entire system memory range, blocks calls to Windows APIs and DirectX functions, and automatically updates itself when new threats appear. Although subject to controversies, GameGuard continues to serve it purpose without any reported harm to the system.

Do you have Steam data only on one partition?

 

[allbs]

It's possible that I have some kind of data on my C drive but I installed steam onto D recently after reinstalling windows, though I did have some recovered data from the old install. From what I can make out it is all on D however. As of now the MalwareTips guide seems to have worked I have not experienced any pop ups or an appearance of DNS unlocker. It appears deleting the appdata did the trick, I hope.

I will let you know if it reappears in the next day or two but if not thank you for your responses.

 

[TwinHeadedEagle]

though I did have some recovered data from the old install

This could be a problem. Some cached data can stay in these files and it could be a reason why pop-ups return.