The FBI arrested six Estonians who ran the botnet that infected millions of computers worldwide and took over the control of rogue DNS servers. They now produce correct DNS answers but only until
While there's a slight chance that the FBI will continue to provide this service, I don't think that keeping your computer infected is a good idea. Not only DNS Changer virus causes a computer to use rogue DNS servers, it also disables security updates and blocks anti-virus software/websites. It can also change the DNS settings within small (home) office routers. As you can see, it's rather sophisticated piece of malicious code that very often comes with additional payloads (Trojan.DNSChanger, Trojan.Fakealert, Trojan.Generic). It is thus very important to remove DNS Changer virus. And it isn't only the job of FBI and PC repair technicians. You have to take responsibility for your own security as well. Good luck and be safe online!
So, are you infected?
1. You can check your DNS settings by simply visiting one of the following websites:
RED = your computer is using the DNS Changer rogue name servers and is therefore probably infected.
GREEN = your computer appears to be looking up IP addresses correctly.
2. Visit FBI's website and enter your IP address: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
If your computer is infected, you'll see the following notification.
3. Check your DNS settings manually. If your computers' DNS settings use the follow ranges, then you likely have been affected by the DNS Changer virus.
Between this IP... | ... and this IP |
| 77.67.83.1 | 77.67.83.254 |
| 85.255.112.1 | 85.255.127.254 |
| 67.210.0.1 | 67.210.15.254 |
| 93.188.160.1 | 93.188.167.254 |
| 213.109.64.1 | 213.109.79.254 |
| 64.28.176.1 | 64.28.191.254 |
Here's a very helpful document that explains how to check your DNS settings to see whether you are using bad DNS servers. Please see DNS-changer-malware.pdf
4. Check your router. Compare the DNS servers listed to those in the rogue DNS servers table above. If your router is configured to use one or more of the rogue DNS servers, your computer may be infected with DNSChanger malware. Please reset your router to default factory settings and change passwords.
How to restore DNS settings to default?
Changing DNS server settings on Microsoft Windows XP:
1. Go to Control Panel → Network Connections and select your local network.
2. Right-click Properties, then select Internet Protocol (TCP/IP).
3. Right-click and select Properties.
4. Click Properties. You should now see a window like the one below.
5. Select Obtain DNS server address automatically and click OK to save the changes.
Changing DNS server settings on Microsoft Windows 7:
1. Go to Control Panel.
2. Click Network and Internet, then Network and Sharing Center, and click Change adapter settings.
3. Right-click Local Area Connection, and click Properties.
4. Select the Networking tab. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and then click Properties.
5. Click Advanced and select the DNS tab. Select Obtain DNS server address automatically and click OK to save the changes.
How to remove DNS Changer malware?
1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.
2. Wait for scanning to finish. Select Cure and click Continue to cure found threat.
3. A reboot might require after disinfection. Click Reboot computer.
4. Download recommended anti-malware software (direct download) and run a full system scan to remove DNS Changer malware from your computer.
That's it! If you have any questions or need extra help removing DNSChanger virus, please leave a comment below.
Tell your friends:
