A new adware, resembling the infamous DNS Unlocker has been reported to affect users by heavily displaying online advertisements on their computers. The application may be advertised as a helpful software to cope with online content that is blocked in the country of the user. However, it is also rendered as a PUP (Potentially Unwanted Program) because besides modifying certain settings in Google Chrome, Firefox or IE, it may also collect certain information from PCs its installed on. The main risk associated with the Dnslockington is that it may advertise third-party websites that may be suspicious and dangerous to the user.
|Short Description||The process may do various dangerous or unhealthy to the PC activities.|
|Symptoms||The user may witness fake Java Update adsas well as redirects to other potentially harmful domains. Significant slowing down of the PC is highly likely.|
|Distribution Method||Via PUPs, installed by bundling or by visiting a suspicious third-party site that is advertising it.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by dnslockington.exe|
|User Experience||Join our forum to discuss dnslockington.exe.|
Similar to DNS Unlocker, this ad-supported application may use several different methods to be installed on your computer. One of them is via other unwanted programs that may redirect you to an installer which may add it as a browser extension. The software may also be advertised as a legitimate helper on a shady website on which users tend to be led by clicking on an ad.
The most dominant method of distribution, however, may be what is known as bundled install. This means that when a new free program is being downloaded from a third-party website it may have Dnslockington included in it. Often users who download free programs do not use the official websites of the freeware or use torrent websites. Sometimes the installers of those freeware apps may contain PUPs.
To protect yourself in the future and counter this aggressive marketing, it is advisable to take some precautions:
- Always choose the “Custom” or “Advanced” installation options.
- Use software that automatically spots words such as bundling, like EULALyzer or check manually the End User License Agreement for such.
Dnslockington In Detail
After it has been installed and is running on your PC, the process Dnslockington.exe, usually located in %Program Files(x86)% may elevate its permissions and modify the default DNS address, changing it to a custom one. This is particularly dangerous because the packets of data moving may be captured by the creators of this ad-supported PUP.
Furthermore, besides the Dnslockington.exe file, the program may also situate support files in a folder, named DNS Unlocker, for example:
→ “config.ini; ConsoleApplication1.dll; DNSLOCKINGTON.cer; Info.rtf; License.rtf; config.ini; LogoBlack.ico; LogoGreen.ico; LogoYellow.ico; Microsoft.Win32.TaskScheduler.dll; settings.ini; unins000.exe; unins000.dat; ZonaTools.XPlorerBar.dll; DNSLOCKINGTON.job”
The executable may become active and stay active in the Windows Task Manager, and the program may insert custom values to additionally prevent Uninstall.
Furthermore, besides making values In the Registry Editor, the program may also modify existing ones that may allow it to perform different activities, like change system settings, for example.
The main activity associated with Dnslockington.exe is reported to be the heavily taking over of the ad-spaces of the web browsers of the user to display its own adverts. And what is worse, ad-blocking software may not be able to do anything to prevent it, because the program runs internally. Other advertisements by this believed to be a variant of DNS Unlocker may be heavy displaying of pop-ups and browser redirects. There are also reports that indicate the software may use highlighted text ads.
The primary concern of malware researchers is that dnslockinghood.exe may:
- Collect different information about the user. (Location, language, system info, security software, etc.)
- Infect the user with malware by displaying malicious advertisements. (Less likely but typical for adware programs).
The information which is collected may be shared by other parties with either marketing or other purposes, and it may be used to display targeted advertisements that correspond to what you have searched online. This is known as behavioral advertising. It is considered that cyber-scammers use adware primarily to boost hoax traffic by inducing browser redirects to underdeveloped third-party sites, but some of those “developers” do not mind advertising malicious URLs via their ad-supported applications. This is why it recommended to have a decent knowledge and malware protection and update both of them to stay ahead and remain as secure as possible for longer.
If you have experienced the symptoms above and have decided to get rid of Dnslockington, it is highly recommended to uninstall this ad-supported app in a swift manner. We advise following the step-by-step manual below and to download and install an advanced anti-malware protection which unlike the conventional antivirus will detect and remove all objects (keys and files) associated with Dnslockington. Besides detecting this and other software of the same character, an anti-malware software may also be combined with an antivirus tool to ensure a higher level of protection against future infiltrations.