Why Can't I Remove DNS Unlocker? Update April 2017

Why Can’t I Remove DNS Unlocker?


DNS Unlocker has been around for a few years now, and still continues to be one of the most persistent adware pieces in the wild. In 2017, catching an intrusive and persistent potentially unwanted program like DNS Unlocker continues to be one of the nastiest unwanted PC intrusions. Perhaps you have encountered that nasty piece of code yourself, believing it will truly unlock geographically restricted websites, as suggested by its name.

Update April 2017. Unfortunately, DNS Unlocker is still active in the wild, affecting users and flooding them with ads. Having an intrusive adware such as DNS Unlocker running in the background of your system, however, may have worse outcomes than the display of unwanted ads. On top of everything else, the adware is quite challenging to uninstall from a system and has caused many headaches around the globe. This article provides detailed information about the adware and its methods of distribution. We have also provided an overview of the threat focusing on how it became so successful. It’s important to pay attention to these details. Knowing how the program sneaked into your system in the first place will help you prevent future intrusions. Education is the best prevention, especially when it comes to online threats. In addition, the fact that multiple antivirus programs detect the threat hasn’t stopped it from accessing users’ systems. Continue reading to learn how the initial intrusion may have happened.

Threat Summary

NameDNS Unlocker
TypeAdware, PUP
Short DescriptionDNS Unlocker states to help users unlock geo-restricted sites and provide a better and faster experience. However, it is filled with advertisements and considered an adware and unwanted application.
SymptomsYour DNS settings get mixed up. You might see your search engine changed or in a different language. Lots of advertisements associated with DNS Unlocker can show up when browsing.
Distribution MethodFreeware Installations, Bundle Packages
Detection Tool See If Your System Has Been Affected by DNS Unlocker


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss DNS Unlocker.

When Did the DNS Unlocker Nightmare Begin?

The very first time the program landed the Internet is in the autumn of 2014, when users were first tricked by the luring promise of DNS Unlocker. Our research indicates that back then the program was referred to as Netflix DNS Unlocker, maybe because it was somehow associated with Netflix or because it was advertised like this on dnsunlocker(.)com. Indeed, the Netflix logo is still situated on the homepage of the adware, along with other services DNS Unlocker promises to unlock.


Whatever the case was, the scenario worked because soon after its first release, there were many victims complaining over the Internet, sharing negative experience and trying to figure out a way to completely remove DNS Unlocker.

Not surprisingly, a counter-action followed on the side of the developers of the adware. In 2015 the direct download button on the dnsunlocker(.)com site was removed, and later in the year, its Privacy Policy was changed. However, disabling the direct download didn’t mean that the program ceased to exist. That’s a general practice often used by developers of unwanted software. The app just moved to bundling, meaning that it was distributed packed with other dubious software pieces.

According to a research, titled Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software, unwanted software and particularly the pay-per-install method is part of highly profitable global industry, protected by layers of deniability. No wonder the bundle business is so successful!

DNS Unlocker Distributed via the Pay-Per-Install Scheme?

Indeed, there’s a strong connection between pay-per-install practices and the spread of unwanted applications.

Symantec researchers have previously dubbed pay-per-install “the new malware distribution network”, stressing on the fact that in the foreseeable past malware (like worms) was self-propagating with the help of server-side vulnerabilities. The research results also depict the deceptive practices of some commercial PPI operators that currently persevere, and will likely continue to do so in the future.

Commercial PPI is a very effective monetization scheme where third-party programs are bundled with legitimate software. Even though it hasn’t been confirmed that the developers of DNS Unlocker have adopted this distribution method, we wouldn’t be surprised if DNS Unlocker was indeed distributed this way. It’s the easiest way to monetize software, be it bad or good.

Read More about the Pay-Per-Install Affiliate Business for Millions

What’s indeed quite surprising about DNS Unlocker is that it’s still successfully affecting users all over the world! Even though multiple antivirus programs detect the threat, users are still being entangled in its tentacles.

Here’s the VirusTotal list of antivirus programs detecting DNS Unlocker. The list is based on a scan of the file dnslockington.exe:

→ALYac Gen:Variant.Adware.DNSUnlocker.1
AVG: Downloader.AJUQ
AVware: Trojan.Win32.Generic!BT
Ad-Aware: Gen:Variant.Adware.DNSUnlocker.1
AegisLab: Adware.Msil.Dnsunlocker!c
AhnLab-V3: PUP/Win32.DNSUnlocker.C1346319
Antiy-AVL: GrayWare[AdWare:not-a-virus,HEUR]/MSIL.DNSUnlocker
Arcabit: Trojan.Adware.DNSUnlocker.1
Avast: Win32:Adware-gen [Adw] Avira (no cloud): ADWARE/CloudGuard.678912
BitDefender: Gen:Variant.Adware.DNSUnlocker.1
CAT-QuickHeal: Adware.CloudGuard.r3 (Not a Virus)
Comodo: ApplicUnwnt
CrowdStrike Falcon: (ML) malicious_confidence_62% (D)
Cyren: W32/Adware.MBZU-9272
DrWeb: Adware.DnsChange.5
ESET-NOD32: a variant of MSIL/Adware.CloudGuard.C
Emsisoft: Gen:Variant.Adware.DNSUnlocker.1 (B)
F-Secure: Gen:Variant.Adware.DNSUnlocker
Fortinet: Adware/DNSUnlocker
GData: Gen:Variant.Adware.DNSUnlocker.1
Ikarus: AdWare.MSIL.Cloudguard
Jiangmin: AdWare.MSIL.rca
K7AntiVirus: Adware ( 004ddf161 )
K7GW: Adware ( 004ddf161 )
Kaspersky: not-a-virus:HEUR:AdWare.MSIL.DNSUnlocker.gen
Malwarebytes: Adware.CloudGuard
McAfee: RDN/Generic PUP.x
McAfee-GW-Edition: RDN/Generic PUP.x
eScan: Gen:Variant.Adware.DNSUnlocker.1
NANO-Antivirus: Trojan.Win32.DnsChange.ebolyn
Panda: Trj/GdSda.A
Rising: Trojan.Generic-d1ixWH300GR (Cloud)
SUPERAntiSpyware: Adware.CloudGuard/Variant
Sophos: Generic PUA OH (PUA)
Symantec: Trojan.Zlob.Q
Tencent: Msil.Adware.Cloudguard.Anfq
TrendMicro: PUA_DNSUnlocker.GA
TrendMicro-HouseCall: PUA_DNSUnlocker.GA
VIPRE: Trojan.Win32.Generic!BT
ViRobot: Adware.Agent.678912.G[h] Yandex: PUA.CloudGuard!
Zillya: Adware.DNSUnlocker.Win32.28

DNS Unlocker is a great illustration of how well dubious developers are acquainted with human psychology. Part of the success of the adware is the very fact that it was advertised as a mean to access to inaccessible content, freely. However, nothing in life comes for free, as victims tricked by the promise ended up with systems compromised by multiple adware.

Did you know that DNS Unlocker has many iterations? The last DNS Unlocker version was 1.4. Process executables related to DNS Unlocker have versions and the names of American towns and municipalities associated with them:

  • DNSridgewood.exe
  • DNSpallenville.exe
  • DNSlockington.exe

How to Rid Your System of DNS Unlocker?

Because DNS Unlocker is very aggressive, simply deleting some of its files may not work to remove it permanently. If you want to try, you can remove it from your computer manually by following the step-by-step removal guide provided below. In case the manual removal method does not get rid of DNS Unlocker and all of its associated files, then you may want to try removing it with an advanced anti-malware tool. A tool like that can also keep your computer more secure in the future.

Besides following the steps below to remove the adware, you should also consider checking your DNS servers. More particularly, inspect the settings of your DNS server address and configure them if they are modified without your knowledge. In case they are tampered, you can use the IP addresses like the Google Public DNS.


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share