Solved

OPEN DNS

  • 7 September 2014
  • 12 replies
  • 90 views

I have recently begun experiencing blocking via pop up windows by an application calling itself OPEN DNS. I did not willingly install it.  It randomly selects topics I try to navigate to via my web browser (IE) and blocks them.  It is not persistent as I can try again in a few minutes and access the navigation I chose.  It is, however, frustrating.  I have been unable to locate any spyware, malware, or registry entries and have run webroot secure scan as well as combofix trying to get rid of it.  Online research has not turned up a solution to squash the bug. 
icon

Best answer by Baldrick 8 September 2014, 20:13

View original

12 replies

Userlevel 7
Hi Ryd4Ever
 
Welcome to the Community Forums.
 
Not come across this question before but doing a little research have found the following that may be of use (link).  One thing I would say is that OpenDNS does not just appear on your system, some one must have configureed its use...as far as I can gather...a point worthy of considerastion...I suggest respectfully.
 
Regards, Baldrick
Userlevel 7
Badge +56
It could be some malware or PUP masquerading as OpenDNS.  OpenDNS itself is a legitimate application for web content filterning that would have had to be installed, as @ said.
Userlevel 7
Hi Ryd4Ever
 
As Nic has correctly pointed out this could be a PUA (Potential Unwanted Application) but it is best to check what I have already suggested.  If you find that this does not turn out ot be the case then please take a look at some information about and advice on how to deal with PUAs (just in case it can be of use to you).
 
These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
For those that are not detected by WSA, please see this KB Article. It has some easy to follow directions on locating and removing PUA's. You may also want to submit a Support Ticket, especially if you cannot remove it easily from the directions in the KB Article.
 
For those that ARE detected by WSA, but cannot be removed automatically, you can submit a Support Ticket.  Webroot Support will help you get these annoying 'crapware' off your computer at no extra charge, and the additional examples may help to better automatic removal of that particular PUA for all users in the future.
 
To make sure that your WSA is checking for PUA's with the best proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
 
  • Open Webroot SecureAnywhere
  • Click on ‘Advanced Settings’ from the top right
  • Select ‘Scan Settings’ from the left side
  • Unselect the option “Detect Potentially Unwanted Applications”
  • Click on the Save button (you may have to enter in a CAPTCHA)
  • Reselect the option to “Detect Potentially Unwanted Applications”
  • Click on the Save button
  • Run another scan with Webroot and remove any items that get detected.
To help avoid PUA's in the future, remember to read all of the information when installing or updating software (Adobe downloads often have those "extra special offers"attached... PUA'S!: often the PUA included will be mentioned, and you can opt out of installing it.  Those check boxes you see? Usually only one of them is for the User Agreement of the software you want, the others are for the junk you don't.
 
 I hope this helps you both understand, and resolve the problem and if not please let us know!
 
Regards, Baldrick
Thank you very much for your assistance.  I've reset my IE, reset the PUA detection and rescanned with my webroot scan/detection, and searched the installed software and add ons for suspicious critters (found none).  I've not seen Mr. OPEN DNS in a couple of days now so maybe he's gone away.  If not, my final step will be to open a trouble ticket.  Take care. 
Userlevel 7
Badge +62
@ wrote:
Thank you very much for your assistance.  I've reset my IE, reset the PUA detection and rescanned with my webroot scan/detection, and searched the installed software and add ons for suspicious critters (found none).  I've not seen Mr. OPEN DNS in a couple of days now so maybe he's gone away.  If not, my final step will be to open a trouble ticket.  Take care. 
Hello Ryd4Ever,
 
Thank you so much for reporting back and it looks like Baldrick has helped you out with PUAs..Lets hope you are sorted and the problem does not arise.
Either way will you keep in touch and let us know if you issued a support ticket or just come on back and join in the Forum to have fun and learn!:D
 
Best Regards,
Opendns by cisco is extremely invasive, and almost impossible to get rid of, without reinstalling your operating system.
I now have it hidden in my personal WiFi hotspot, blocking sites willy-Milly on my desktop etc.
Nobody seems to want know, they only seem to want to sell malware on pc's.
Now does anybody want to talk seriously about routing this out .
Lou
Userlevel 7
Hi lwnosh
 
Welcome to the Community Forums.
 
Thanks for your comments. What you say is not my undrstanding as to the general consensus on OpenDNS...and to be honest talking seriously about routing it out is not really a topic for this Forum.
 
If you have some ideas as to how the Development Team should be 'taking things seriously' (and I am not sayingnthatbthey don't already) then I would suggestnthat you post those as new Feature Request. Posting there gives a more direct avenue to bring ideas to the Development Teams attention (see the link at the top of any Community page).
 
In the interim perhaps ? would give us hos take on tbis, as a Webroot Threat Researcher? ;)
 
Regards, Baldrick
Thank you baldrick
I was referring to other web sites who have been giving advice on 'Opendns' , also I did not proof read my post very well, Anti virus and malware was what I meant, and my spelling checker should have spelt 'root' out this problem.
Now I will try to follow your suggestions.
Lou
Userlevel 7
No worries, Lou...it is an interesting debate like many in this area, and depending on who one reads on the Web sort of informs one's view...the whole topic is moot to say the least...which is why I thought a professional view from one of the Webroot Threat Researcher would be useful to all concerned. ;)
 
Regards, Baldrick
Userlevel 7
Badge +35
I'd refer to the previous post from Nic. What is being described does not sound like OpenDNS.
 
 
-Dan
Userlevel 7
Cheers for the input, Dan.
 
Regards, Baldrick
Userlevel 7
Badge +35
Without a better description it is difficult to say what may actually be going on. There is adware such as DNS Unlocker that changes DNS settings in order to display ads. If that is the case you can contact support and we can help remove that.
 
-Dan

Reply