How to remove ExtenBro (Virus Removal Guide)

ExtenBro

What is ExtenBro?

ExtenBro (ExtenBro virus) is DNS changing malware, also known as a DNS Changer (DNSChanger), DNS Hijacker, or a DNS changing Trojan, that changes a computer’s existing DNS server(s) to a new server or roster of servers.

When ExtenBro is installed a task will be created to launch the Trojan on startup and it will change a computer’s existing DNS settings to use the following roster of DNS servers:

45.86.180.227
185.162.93.213
116.203.6.218
185.130.104.222

The change in DNS settings will cause affected internet browsers to block users from accessing popular antivirus websites where they can download software to remove the infection. The following domains are known to be blocked by ExtenBro:

avast.com
avg.com
bitdefender.com
kaspersky.com
malwarebytes.com
sophos.com

When attempting to visit these websites, the browser will display a message that says the site can’t be reached. For example, when attempting to visit avg.com with Google Chrome a message that says “www.avg.com’s server IP address could not be found” will be displayed. The page may also display an error message or code such as “DNS_PROBE_FINISHED_NXDOMAIN.”

This site can’t be reached www.acg.com’s server IP address could not be found.
Try running Windows Network Diagnostics.
DNS_PROBE_FINISHED_NXDOMAIN
Reload

In addition, ExtenBro not only modifies DNS settings, it also adds a root certificate to the Windows certificate store allowing it to observe encrypted traffic while users are browsing the web.

How did ExtenBro get on my computer?

DNS changing Trojans like ExtenBro utilize various methods to get onto a computer they infect; However, the most common way for ExtenBro and other DNS changing Trojans to get onto a computer is to bundle with free programs. Free program oftentimes make use of deceptive methods that essentially sneak ExtenBro, malware, adware, spyware, and PUPs onto a computer.

Although the infection may be involuntary, there may be scenarios where ExtenBro is offered as a custom or advanced installation option when downloading free programs online. If this is the case we advise you to stop the installation immediately and scan your computer for malware using the steps on this page.

Steps to remove ExtenBro Trojan:


Step 1: Scan your computer for malware


Step 2: Perform a second-opinion scan


Step 3: Clean your system and repair settings


Step 1: Scan your computer for malware

The first step is to scan your computer for malware, adware, spyware, and potentially unwanted programs using Malwarebytes Anti-Malware software.

1. Download Malwarebytes.

FREE DOWNLOAD

2. Double click the executable file or icon, such as mb3-setup-1878.1878-3.7.1.2839.exe to begin installing the program.

3. When you have installed Malwarebytes, click the Scan Now button to begin scanning your computer.

4. When the scan is complete, click the Quarantine Selected button to remove all threats detected by Malwarebytes.

Step 2: Perform a second-opinion scan

The second step is to perform a second-opinion scan with HitmanPro. Scanning your computer with a second anti-malware program will ensure that threats have been neutralized.

1. Download HitmanPro. Fill out the information on their website and download the executable file.

FREE DOWNLOAD

2. Double click the executable file or icon, such as HitmanPro.exe to begin installing the program.

3. When you have installed HitmanPro, click the Next button to begin scanning your computer.

4. When the scan is complete, click the Next button to remove all threats detected by HitmanPro.

Step 3: Clean your system and repair settings

The last step is to clean your system and repair settings with CCleaner once the infection has been removed. This allows you to automatically clean the registry and repair system settings such as scheduled tasks.

1. Download CCleaner.

FREE DOWNLOAD

2. Double click the executable file or icon, such as ccsetup556.exe to begin installing the program.

3. When you have installed CCleaner, click the Analyze button to begin analyzing your system.

4. Once analyzation is complete, click the Run Cleaner button to clean your system.

5. Now, let’s run through the Tools section; Go to Tools.

6. Uninstall: Is there a program you missed uninstalling before? CCleaner can often show you programs that are hidden from the Control panel.

7. Software Updater: Are there any programs to update? Make sure to keep the programs on your computer up-to-date to avoid issues with security vulnerabilities.

8. Startup: Go through the Windows, Scheduled Tasks, and Context Menu tabs. Are there any suspicious startup keys enabled? If so, highlight them with your mouse and click the Delete button to remove them.

9. Browser Plugins: Go through the tabs for each browser installed on your computer. Are there any suspicious plugins installed? If so, highlight them with your mouse and click the Delete button to remove them.

10. Finally, let’s clean up the registry. Get out of the Tools area and go to Registry.

11. Click the Scan for Issues button and follow the instructions.

12. Once the registry scan is complete click the Fix selected Issues… button and follow the instructions to fill all the selected issues found in your computer’s registry.

Sean Doyle

Sean Doyle is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. Sean's content has been featured in numerous publications.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.