What is UnfriendAlert?
The Malwarebytes research team has determined that UnfriendAlert is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by UnfriendAlert?
You may see this entry in your list of installed programs:
and these warnings during install:
This is the first screen you will see when the program runs:
and you may find this icon on your desktop:
How did UnfriendAlert get on my computer?
Adware applications use different methods for distributing themselves. This particular one was offered as social media monitoring software.
How do I remove UnfriendAlert?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes UnfriendAlert completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the UnfriendAlert adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
There are no visible signs in a HijackThis log
You may see these signs in FRST logs:
() C:\Users\Public\Desktop\Unfriend Alert.lnk () C:\Users\{username}\AppData\Roaming\UnfriendAlert () C:\ProgramData\UnfriendAlert () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert UnfriendAlert (HKLM\...\UnfriendAlert) (Version: 3.0.58 - Fun Technology)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert Adds the file Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1931 bytes, A Adds the file Uninstall Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1714 bytes, A Adds the folder C:\ProgramData\UnfriendAlert Adds the file Newtonsoft.Json.dll"="5/28/2015 5:59 PM, 503296 bytes, A Adds the file System.Data.SQLite.dll"="5/28/2015 5:59 PM, 290816 bytes, A Adds the file UnfriendAlert.exe"="5/28/2015 5:59 PM, 287200 bytes, A Adds the file UnfriendAlert.exe.config"="5/28/2015 5:59 PM, 510 bytes, A Adds the file UnfriendAlert.ico"="5/28/2015 5:59 PM, 110592 bytes, A Adds the file uninstall.exe"="5/28/2015 5:59 PM, 655328 bytes, A Adds the file uninstall.exe.config"="5/28/2015 5:59 PM, 168 bytes, A Adds the folder C:\ProgramData\UnfriendAlert\x86 Adds the file SQLite.Interop.dll"="5/28/2015 5:59 PM, 854528 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\UnfriendAlert Adds the file FriendsDb.sqlite"="5/28/2015 5:59 PM, 7168 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Unfriend Alert.lnk"="5/28/2015 5:59 PM, 1943 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}] "p"="REG_SZ", "398" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4348cbd8-1d57-3abd-f207-d3fcc02835b8}] "id"="REG_SZ", "dd167fdd14e04c328a5c9b01bec8eae0" "ip"="REG_SZ", "398" "p"="REG_SZ", "398" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\UnfriendAlert_RASAPI32] "ConsoleTracingMask"="REG_DWORD", -65536 "EnableConsoleTracing"="REG_DWORD", 0 "EnableFileTracing"="REG_DWORD", 0 "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing" "FileTracingMask"="REG_DWORD", -65536 "MaxFileSize"="REG_DWORD", 1048576 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\UnfriendAlert_RASMANCS] "ConsoleTracingMask"="REG_DWORD", -65536 "EnableConsoleTracing"="REG_DWORD", 0 "EnableFileTracing"="REG_DWORD", 0 "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing" "FileTracingMask"="REG_DWORD", -65536 "MaxFileSize"="REG_DWORD", 1048576 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnfriendAlert] "DisplayIcon"="REG_SZ", "C:\ProgramData\UnfriendAlert\UnfriendAlert.ico" "DisplayName"="REG_SZ", "UnfriendAlert" "DisplayVersion"="REG_SZ", "3.0.58" "EstimatedSize"="REG_DWORD", 5000 "HelpLink"="REG_SZ", "http://www.yougotunfriended.com/about.html" "InstallDate"="REG_SZ", "5/28/2015" "Publisher"="REG_SZ", "Fun Technology" "UninstallString"="REG_SZ", ""C:\ProgramData\UnfriendAlert\uninstall.exe"" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "UnfriendAlert.exe"="REG_DWORD", 65535Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/28/2015 Scan Time: 6:08:54 PM Logfile: mbamUnfriendAlert.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.28.05 Rootkit Database: v2015.05.24.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 292333 Time Elapsed: 6 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [59ac2772f09a45f1d9714e164cb7a060], PUP.Optional.UnfriendAlert.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UnfriendAlert, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 4 PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnfriendAlert.A, C:\Users\{username}\AppData\Roaming\UnfriendAlert, Quarantined, [ec196f2a6f1bcd69cd3fb32de122c838], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\x86, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Files: 13 PUP.Optional.UnfreindAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.exe, Quarantined, [31d43465acdef244827fa8bbda2819e7], PUP.Optional.UnfreindAlert.A, C:\Users\{username}\Desktop\UnFreindChecker.exe, Quarantined, [0005f8a1d3b7e94ddc250d56b9497b85], PUP.Optional.UnFreindAlert.A, C:\Users\Public\Desktop\Unfriend Alert.lnk, Quarantined, [22e3ebae7515fc3a9674617f30d338c8], PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert\Uninstall Unfriend Alert.lnk, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnFreindAlert.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unfriend Alert\Unfriend Alert.lnk, Quarantined, [b3523960cbbf8fa769a2d40c9172b24e], PUP.Optional.UnfriendAlert.A, C:\Users\{username}\AppData\Roaming\UnfriendAlert\FriendsDb.sqlite, Quarantined, [ec196f2a6f1bcd69cd3fb32de122c838], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.exe.config, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\Newtonsoft.Json.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\System.Data.SQLite.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\UnfriendAlert.ico, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\uninstall.exe, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\uninstall.exe.config, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], PUP.Optional.UnfriendAlert.A, C:\ProgramData\UnfriendAlert\x86\SQLite.Interop.dll, Quarantined, [c73e9603aedc8ea8739a3da305feb14f], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention