DNS Unlocker/Browser hijack

[JCheong]

I reset my router... back to factory settings. And the problem is affecting my IE now too...

 

[JCheong]

The situation tends to happen on some specific websites... e.g. www.nytimes.com, NBA - National Basketball Association Teams, Scores, Stats, News, Standings, Rumors - ESPN, etc...
Don't happen in the tab that I used to come to this website though.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[JCheong]

Yessir... here's the attached logfiles.

 

[TwinHeadedEagle]

Your PC isn't infected.

You said that it is happening on multiple devices? Does it happen in the same browsers, on the same websites? Do you have the same google account on these browsers? There must be some pattern.

 

[JCheong]

See screenshot below - DNS unlocker ad + unwanted popups... it's still infected unfortunately...

 

[JCheong]

It happens across different browsers but usually on the same websites as mentioned in my earlier post.

I don't have the same google account on both laptops.

 

[TwinHeadedEagle]

What is your router model?

 

[JCheong]

D-Link DIR-865L

 

[JCheong]

I just connected a 3rd computer to the same network and the same problem is occurring on the same websites.

 

[TwinHeadedEagle]

Were you able to access your router's online settings?

Tools --> System --> Restore to factory default settings

 

[JCheong]

Hi Sorry I don't quite understand what you meant... do you mean to go to control panel and look for the router??

 

[JCheong]

OK i figured out what you meant. Yes, I went to the Router setup -> tools -> system and clicked on restore to factory default.
Same problem is still appearing on Chrome, same sites.

 

[JCheong]

One detail that may be relevant - I am using Chromecast to cast videos to my home TV.... not sure if the malware/hijacking is "stored" in the Chromecast device instead of the router since it's also connected to the network?

 

[TwinHeadedEagle]

So it is only happening on Chrome?

 

[JCheong]

No it's not... i have 2 browsers on my computer and IE is also affected (together with Chrome).
BTW a number of malware removal software, TDSS, CODOMO, Zemana crashes my computer... MalywareBytes/AdwCleaner don't detect any malware.

 

[TwinHeadedEagle]

I don't know what is going on, but your PC isn't infected.

You can try to reset IE: Change or reset Internet Explorer settings - Windows Help

Also to delete Chrome along with your browsing data: Uninstall Google Chrome - Chrome Help

Then you can reinstall Google again.

Also, tell me is it still happening with other devices connected on this network?

 

[JCheong]

Hi - I've reset IE, reinstalled Chrome (including deleting the localappdata google folder) and the problem seems to have gone away.

I'll monitor this and let you know if it's still clean after a couple of days. Perplexing problem!

 

[JCheong]

The ads/pop-ups came back and it's on the same sites.

Tried some different settings on Chrome and found that disabling Javascript is the only way to disable the ads. Will see if the situation improves.