DNS Changer

DNS Changer


DNSChanger is a malware that modifies system's Domain Name System (DNS) configuration to point to rogue name servers operated through affiliates of Rove Digital. Where this malware is a drive-by download pretends to be a video codec needed to view content on a Web site, particularly on rogue pornography sites. 

Once installed this malware routes the system to servers that primarily substituted advertising on Web pages with advertising sold by Rove. 

The United States Department of Justice reported that the rogue servers had blocked access to update servers for antivirus software.

The United States Attorney for the Southern District of New York announced charges against six Estonian nationals and one Russian national connected to the DNSChanger Trojan, for wire fraud, computer intrusion, and conspiracy as part of "Operation Ghost Click" on November 9, 2011 .  As a result FBI seized the rogue DNS servers in the U.S. 

A temporary court order was issued to operate replacement servers to serve DNS requests from those who had not yet removed the infection, because users infected by DNSChanger could lose internet access if the rogue DNS servers were shut down entirely.

The extension of the operation of the replacement servers was granted until July 9, 2012 which was referred to as "Malware Monday". 

To Check your PC gets infected with DNSChanger

 Click this hyperlink DNS Changer.

The DNSChanger Check-Up websites automatically checks your DNS servers and let you know that your PC is clean by flashing a green background. 

The above link takes you to a DNS Changer Check-Up page in the United States that the DNS Changer Working Group maintains; if you live outside the United States, you can consult the FBI's list of DNSChanger Check-Up websites to find an appropriate service for your region.

To be certain that PC is free of DNSChanger malware, a manual look up for the IP addresses of the DNS servers that your PC contacts to resolve domain names when browsing the Internet.

For Windows 7 PC:
  1.  Click Start menu.
  2. Run the Command Prompt, or type cmd in the Search field. 
  3. Type ipconfig /allcompartments /all at the command line, and press Enter. 
  4. Scroll through the command lines until the line that says 'DNS Servers'.
  5. Copy down the strings of numbers which are the addresses.
  6. Open FBI DNSChanger website and enter the addresses into the search box. 
  7. Press the big blue Check Your DNS button.
FBI's software will tell you whether your PC is using rogue DNS servers to access the Internet.

How to remove DNSChanger from PC

Take a complete back of your important data, and reformat your hard drive(s), and reinstall your operating system.

If you dont want to reformat your entire PC, then you can try with a free malware removal utility such as Kaspersky Labs' TDSSKiller. Kaspersky released the program to help PC owners seek and destroy the TDSS rootkit malware, but it also detects and attempts to eliminate DNSChanger and many other forms of rootkits. The DNSChanger Working Group website maintains a large list of links to malware clean-up guides and utility software you can use to try and eradicate DNSChanger from your PC.

No comments:

Post a Comment