What is DNS Unlocker virus

So first of all what is DNS virus, for example, what is DNS Unlocker? DNS Unlocker is used to redirect user to the specific DNS-servers where whole traffic what users will get infected with a different type of viruses, adware, malware and so on. Such virus easily hides every movement of the user’s eye, so many victims didn’t even know that their computer infected with DNS-type virus and just trying to remove adware what was installed after a dirty trick of DNS Unlocker. DNS Unlocker will insert its own Java-script, so user will see many ads what often sign as “Powered by DNS Unlocker” or “ads by DNS Unlocker” or many other adware names.


Need a fast solution for DNS Unlocker? Then scan your system with GridinSoft Anti-Malware and get rid of this annoying ads completely!


Why we choose DNS Unlocker to describe whole DNS type virus? Well, because this virus has unique technique what allow this virus change network settings, so users don’t even suspect a thing. It changes network adapter via this path HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS. The user won’t see that his network setting changed even if he check it by himself. After this virus change network setting user won’t see it (especially if user use “Obtain DNS server address automatically”).

DNS Unlocker used static DNS address what won’t be displayed in the list when user check local setting manually. ipconfig / all command also specifies the use of DHCP, but it displays a statically defined DNS address. It’s really hard to find out for what network connection is using DHCP and for what connection uses static addresses. So often user just closes command line and keep on searching for the solution.
The worst in this situation is that the developers of DNS Unlocker and alike viruses know that the average user can’t check the network setting alone, so this weak spot is used by unwanted applications to redirect user requests to the DNS they need. It’s used as a DNS hijack method and forces the user to work with spoofed DNS-servers.


There are millions of DNS Unlocker viruses on the Internet like Trojan.DNSChanger,DNSHijacker,FakeDNS. Our virus analysts create the most common diapason of malicious IP’s:

  • (“85.255.112.0″~”85.255.127.255”),
  • (“67.210.0.0″~”67.210.15.255”),
  • (“93.188.160.0″~”93.188.167.255”),
  • (“77.67.83.0″~”77.67.83.255”),
  • (“213.109.64.0″~”213.109.79.255”),
  • (“64.28.176.0″~”64.28.191.255”),
  • (“104.197.0.0″~”104.197.255.255”),
  • (“40.32.0.0″~”40.32.255.255”),
  • (“78.138.0.0″~”78.138.255.255”),
  • (“192.13.0.0″~”192.13.255.255”),
  • (“82.163.0.0″~”82.163.255.255”),
  • (“199.203.0.0″~”199.203.255.255”),
  • (“212.186.211.0″~”212.186.211.255”),
  • (“195.34.133.0″~”195.34.133.255”),
  • (“204.155.30.0″~”204.155.30.255”),
  • (“31.148.219.0″~”31.148.219.255”),
  • (“209.222.18.0″~”209.222.18.255”),
  • (“208.87.151.0″~”208.87.151.255”),
  • (“129.70.132.0~”129.70.132.255”),
  • (“82.166.96.0″~”82.166.96.255”),
  • (“80.58.61.0″~”80.58.61.255”),
  • (“31.168.228.0″~”31.168.228.255”),
  • (“31.168.224.0″~”31.168.224.255”),
  • (“8.38.77.0″~”8.38.77.255”),
  • (“5.135.12.0″~”5.135.12.255”),
  • (“95.211.158.0″~”95.211.158.255”),
  • (“209.88.193.133″~”209.88.193.141”)
  • And the single IP what can be detected as thread address

  • “176.119.37.193”,
  • “176.119.49.210”,
  • “52.8.68.249”,
  • “52.8.85.139”,
  • “64.186.146.68”,
  • “64.186.158.42”,
  • “218.186.2.16”,
  • “218.186.2.6”,
  • “192.99.111.84”,
  • “46.161.41.146”,
  • “192.119.194.131”,
  • “208.87.150.50”,
  • “52.17.204.69”,
  • “52.18.92.32”,
  • “81.218.119.11”,
  • “209.88.198.133”,
  • “81.218.119.2”,
  • “104.197.191.4”,
  • “87.118.74.138”,
  • “188.120.239.115”,
  • “107.178.255.88”,
  • “107.178.248.130”,
  • “107.178.247.130”

  • Such virus may connect to and download potentially malicious files from the following domains:
    likerut.info
    theget.biz
    bootfun.info
    sportnew.net
    ukjobmy.com
    moonas.info
    fasilmy.info
    paneljob.info
    usafun.info
    safesuns.info
    legco.info
    ough.info
    heato.info
    yelts.net
    deris.info
    big4u.org
    listcool.net
    listcool.info
    monoset.info

    And in additional this virus can get and steal the following information from the infected computer:
    Operating System type
    Operating System major version
    Operating System minor version
    Operating System build
    Service pack installed
    Architecture type
    And whole URL lists what infected user visit

    Lets sum up

    DNS viruses will change the infected system’s Domain Name Server (DNS) settings in order to divert traffic to unsolicited, and potentially illegal sites. If you want to protect your system you should be really careful and have strong anti-malware defense.

    However, if you still unsure about your system you should download, install and check your computer with GridinSoft Anti-Malware:

    We always will do our best to help you with any security issue on your computer. Leave your comments and questions below, or use our ticket system to contact with our professional support team. We will gladly help you!

    Leave a Comment


    *