Jump to content
Sign in to follow this  
Metallica

Removal instructions for UnfriendAlert

Recommended Posts

What is UnfriendAlert?

The Malwarebytes research team has determined that UnfriendAlert is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by UnfriendAlert?

You may see this entry in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning2.png

This is the first screen you will see when the program runs:

warning1.png

and you may find this icon on your desktop:

icons.png

How did UnfriendAlert get on my computer?

Adware applications use different methods for distributing themselves. This particular one was offered as social media monitoring software.

How do I remove UnfriendAlert?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of UnfriendAlert?
  • No, Malwarebytes' Anti-Malware removes UnfriendAlert completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the UnfriendAlert adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

There are no visible signs in a HijackThis log

You may see these signs in FRST logs:

 () C:\Users\Public\Desktop\Unfriend Alert.lnk () C:\Users\{username}\AppData\Roaming\UnfriendAlert () C:\ProgramData\UnfriendAlert () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend AlertUnfriendAlert (HKLM\...\UnfriendAlert) (Version: 3.0.58 - Fun Technology)
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert       Adds the file Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1931 bytes, A       Adds the file Uninstall Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1714 bytes, A    Adds the folder C:\ProgramData\UnfriendAlert       Adds the file Newtonsoft.Json.dll"="5/28/2015 5:59 PM, 503296 bytes, A       Adds the file System.Data.SQLite.dll"="5/28/2015 5:59 PM, 290816 bytes, A       Adds the file UnfriendAlert.exe"="5/28/2015 5:59 PM, 287200 bytes, A       Adds the file UnfriendAlert.exe.config"="5/28/2015 5:59 PM, 510 bytes, A       Adds the file UnfriendAlert.ico"="5/28/2015 5:59 PM, 110592 bytes, A       Adds the file uninstall.exe"="5/28/2015 5:59 PM, 655328 bytes, A       Adds the file uninstall.exe.config"="5/28/2015 5:59 PM, 168 bytes, A    Adds the folder C:\ProgramData\UnfriendAlert\x86       Adds the file SQLite.Interop.dll"="5/28/2015 5:59 PM, 854528 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\UnfriendAlert       Adds the file FriendsDb.sqlite"="5/28/2015 5:59 PM, 7168 bytes, A    In the existing folder C:\Users\Public\Desktop       Adds the file Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1943 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]       "p"="REG_SZ", "398"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4348cbd8-1d57-3abd-f207-d3fcc02835b8}]       "id"="REG_SZ", "dd167fdd14e04c328a5c9b01bec8eae0"       "ip"="REG_SZ", "398"       "p"="REG_SZ", "398"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\UnfriendAlert_RASAPI32]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\UnfriendAlert_RASMANCS]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnfriendAlert]       "DisplayIcon"="REG_SZ", "C:\ProgramData\UnfriendAlert\UnfriendAlert.ico"       "DisplayName"="REG_SZ", "UnfriendAlert"       "DisplayVersion"="REG_SZ", "3.0.58"       "EstimatedSize"="REG_DWORD", 5000       "HelpLink"="REG_SZ", "http://www.yougotunfriended.com/about.html"       "InstallDate"="REG_SZ", "5/28/2015"       "Publisher"="REG_SZ", "Fun Technology"       "UninstallString"="REG_SZ", ""C:\ProgramData\UnfriendAlert\uninstall.exe""    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]       "UnfriendAlert.exe"="REG_DWORD", 65535
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 5/28/2015Scan Time: 6:08:54 PMLogfile: mbamUnfriendAlert.txtAdministrator: YesVersion: 2.01.6.1022Malware Database: v2015.05.28.05Rootkit Database: v2015.05.24.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 292333Time Elapsed: 6 min, 36 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [59ac2772f09a45f1d9714e164cb7a060], PUP.Optional.UnfriendAlert.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UnfriendAlert, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 4PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnfriendAlert.A, C:\Users\{username}\AppData\Roaming\UnfriendAlert, Quarantined, [ec196f2a6f1bcd69cd3fb32de122c838], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\x86, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Files: 13PUP.Optional.UnfreindAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.exe, Quarantined, [31d43465acdef244827fa8bbda2819e7], PUP.Optional.UnfreindAlert.A, C:\Users\{username}\Desktop\UnFreindChecker.exe, Quarantined, [0005f8a1d3b7e94ddc250d56b9497b85], PUP.Optional.UnFreindAlert.A, C:\Users\Public\Desktop\Unfriend Alert.lnk, Quarantined, [22e3ebae7515fc3a9674617f30d338c8], PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert\Uninstall Unfriend Alert.lnk, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert\Unfriend Alert.lnk, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnfriendAlert.A, C:\Users\{username}\AppData\Roaming\UnfriendAlert\FriendsDb.sqlite, Quarantined, [ec196f2a6f1bcd69cd3fb32de122c838], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.exe.config, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\Newtonsoft.Json.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\System.Data.SQLite.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.ico, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\uninstall.exe, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\uninstall.exe.config, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\x86\SQLite.Interop.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.