Jump to content

Removal instructions for UnfriendAlert


Recommended Posts

  • Staff

What is UnfriendAlert?

The Malwarebytes research team has determined that UnfriendAlert is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by UnfriendAlert?

You may see this entry in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning2.png

This is the first screen you will see when the program runs:

warning1.png

and you may find this icon on your desktop:

icons.png

How did UnfriendAlert get on my computer?

Adware applications use different methods for distributing themselves. This particular one was offered as social media monitoring software.

How do I remove UnfriendAlert?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of UnfriendAlert?
  • No, Malwarebytes' Anti-Malware removes UnfriendAlert completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the UnfriendAlert adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

There are no visible signs in a HijackThis log

You may see these signs in FRST logs:

 () C:\Users\Public\Desktop\Unfriend Alert.lnk () C:\Users\{username}\AppData\Roaming\UnfriendAlert () C:\ProgramData\UnfriendAlert () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend AlertUnfriendAlert (HKLM\...\UnfriendAlert) (Version: 3.0.58 - Fun Technology)
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert       Adds the file Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1931 bytes, A       Adds the file Uninstall Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1714 bytes, A    Adds the folder C:\ProgramData\UnfriendAlert       Adds the file Newtonsoft.Json.dll"="5/28/2015 5:59 PM, 503296 bytes, A       Adds the file System.Data.SQLite.dll"="5/28/2015 5:59 PM, 290816 bytes, A       Adds the file UnfriendAlert.exe"="5/28/2015 5:59 PM, 287200 bytes, A       Adds the file UnfriendAlert.exe.config"="5/28/2015 5:59 PM, 510 bytes, A       Adds the file UnfriendAlert.ico"="5/28/2015 5:59 PM, 110592 bytes, A       Adds the file uninstall.exe"="5/28/2015 5:59 PM, 655328 bytes, A       Adds the file uninstall.exe.config"="5/28/2015 5:59 PM, 168 bytes, A    Adds the folder C:\ProgramData\UnfriendAlert\x86       Adds the file SQLite.Interop.dll"="5/28/2015 5:59 PM, 854528 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\UnfriendAlert       Adds the file FriendsDb.sqlite"="5/28/2015 5:59 PM, 7168 bytes, A    In the existing folder C:\Users\Public\Desktop       Adds the file Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1943 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]       "p"="REG_SZ", "398"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4348cbd8-1d57-3abd-f207-d3fcc02835b8}]       "id"="REG_SZ", "dd167fdd14e04c328a5c9b01bec8eae0"       "ip"="REG_SZ", "398"       "p"="REG_SZ", "398"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\UnfriendAlert_RASAPI32]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\UnfriendAlert_RASMANCS]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnfriendAlert]       "DisplayIcon"="REG_SZ", "C:\ProgramData\UnfriendAlert\UnfriendAlert.ico"       "DisplayName"="REG_SZ", "UnfriendAlert"       "DisplayVersion"="REG_SZ", "3.0.58"       "EstimatedSize"="REG_DWORD", 5000       "HelpLink"="REG_SZ", "http://www.yougotunfriended.com/about.html"       "InstallDate"="REG_SZ", "5/28/2015"       "Publisher"="REG_SZ", "Fun Technology"       "UninstallString"="REG_SZ", ""C:\ProgramData\UnfriendAlert\uninstall.exe""    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]       "UnfriendAlert.exe"="REG_DWORD", 65535
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 5/28/2015Scan Time: 6:08:54 PMLogfile: mbamUnfriendAlert.txtAdministrator: YesVersion: 2.01.6.1022Malware Database: v2015.05.28.05Rootkit Database: v2015.05.24.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 292333Time Elapsed: 6 min, 36 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [59ac2772f09a45f1d9714e164cb7a060], PUP.Optional.UnfriendAlert.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UnfriendAlert, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 4PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnfriendAlert.A, C:\Users\{username}\AppData\Roaming\UnfriendAlert, Quarantined, [ec196f2a6f1bcd69cd3fb32de122c838], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\x86, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Files: 13PUP.Optional.UnfreindAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.exe, Quarantined, [31d43465acdef244827fa8bbda2819e7], PUP.Optional.UnfreindAlert.A, C:\Users\{username}\Desktop\UnFreindChecker.exe, Quarantined, [0005f8a1d3b7e94ddc250d56b9497b85], PUP.Optional.UnFreindAlert.A, C:\Users\Public\Desktop\Unfriend Alert.lnk, Quarantined, [22e3ebae7515fc3a9674617f30d338c8], PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert\Uninstall Unfriend Alert.lnk, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert\Unfriend Alert.lnk, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnfriendAlert.A, C:\Users\{username}\AppData\Roaming\UnfriendAlert\FriendsDb.sqlite, Quarantined, [ec196f2a6f1bcd69cd3fb32de122c838], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.exe.config, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\Newtonsoft.Json.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\System.Data.SQLite.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.ico, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\uninstall.exe, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\uninstall.exe.config, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\x86\SQLite.Interop.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.