Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 7 February 2012

How to Remove DNS Changer (Uninstall Guide)

Posted on 13:41 by Unknown
If you haven't already, we recommend that you take a few minutes to determine if your computer has been affected by the DNS Changer virus. There are still nearly half a million computers infected by this malicious software or at least using the Rove Digital domain name servers in Europe and the U.S. This DNS infrastructure was formerly used by botnet czars to redirect unsuspecting victims to infected websites, alter user searches, replace ads, block legit anti-virus software and promote fake security products. Cyber crooks earned millions of dollars display false advertisements and redirecting users to wrong websites.

The FBI arrested six Estonians who ran the botnet that infected millions of computers worldwide and took over the control of rogue DNS servers. They now produce correct DNS answers but only until March 8th, 2012 Update: DNS servers will be shut down on Monday, July 9. That's official. The FBI will discontinue to provide this service. Then what? Infected computers will not longer be able to look up names using those name servers. In other words, users who are still affected by this DNS Changer malware won't find anything on the internet. If that had happened, Internet Explorer for example, would say something like "Internet Explorer cannot display the webpage", "No such server", etc.



While there's a slight chance that the FBI will continue to provide this service, I don't think that keeping your computer infected is a good idea. Not only DNS Changer virus causes a computer to use rogue DNS servers, it also disables security updates and blocks anti-virus software/websites. It can also change the DNS settings within small (home) office routers. As you can see, it's rather sophisticated piece of malicious code that very often comes with additional payloads (Trojan.DNSChanger, Trojan.Fakealert, Trojan.Generic). It is thus very important to remove DNS Changer virus. And it isn't only the job of FBI and PC repair technicians. You have to take responsibility for your own security as well. Good luck and be safe online!


So, are you infected?

1. You can check your DNS settings by simply visiting one of the following websites:
  • dns-ok.us
  • dns-ok.de (Germany)
  • dns-ok.fi (Finland)
RED = your computer is using the DNS Changer rogue name servers and is therefore probably infected.


GREEN = your computer appears to be looking up IP addresses correctly.



2. Visit FBI's website and enter your IP address: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

If your computer is infected, you'll see the following notification.



3. Check your DNS settings manually. If your computers' DNS settings use the follow ranges, then you likely have been affected by the DNS Changer virus.

Between this IP...
... and this IP
77.67.83.1 77.67.83.254
85.255.112.1 85.255.127.254
67.210.0.1 67.210.15.254
93.188.160.1 93.188.167.254
213.109.64.1 213.109.79.254
64.28.176.1 64.28.191.254

Here's a very helpful document that explains how to check your DNS settings to see whether you are using bad DNS servers. Please see DNS-changer-malware.pdf

4. Check your router. Compare the DNS servers listed to those in the rogue DNS servers table above. If your router is configured to use one or more of the rogue DNS servers, your computer may be infected with DNSChanger malware. Please reset your router to default factory settings and change passwords.


How to restore DNS settings to default?

Changing DNS server settings on Microsoft Windows XP:

1. Go to Control Panel → Network Connections and select your local network.
2. Right-click Properties, then select Internet Protocol (TCP/IP).
3. Right-click and select Properties.
4. Click Properties. You should now see a window like the one below.



5. Select Obtain DNS server address automatically and click OK to save the changes.

Changing DNS server settings on Microsoft Windows 7:

1. Go to Control Panel.
2. Click Network and Internet, then Network and Sharing Center, and click Change adapter settings.
3. Right-click Local Area Connection, and click Properties.
4. Select the Networking tab. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and then click Properties.
5. Click Advanced and select the DNS tab. Select Obtain DNS server address automatically and click OK to save the changes.


How to remove DNS Changer malware?

1. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

2. Wait for scanning to finish. Select Cure and click Continue to cure found threat.



3. A reboot might require after disinfection. Click Reboot computer.



4. Download recommended anti-malware software (direct download) and run a full system scan to remove DNS Changer malware from your computer.

That's it! If you have any questions or need extra help removing DNSChanger virus, please leave a comment below.

Tell your friends:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Trojans | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ▼  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ▼  February (17)
      • How to Remove Smart Fortress 2012 (Uninstall Guide)
      • How to Remove Windows Basic Antivirus (Uninstall G...
      • Windows Secure Kit 2011 Browser Hijack
      • SysWatch Giveaways And Deals
      • Remove Antivirus Protection 2012 (Uninstall Guide)
      • How to Bypass Surveys? Online Surveys and Your Pri...
      • Windows Smart Warden Removal
      • Foodpuma, Datingpuma, Carpuma and Browser Redirects
      • Remove Windows Protection Master (Uninstall Guide)
      • Remove Security Scanner (Uninstall Guide)
      • How to Remove DNS Changer (Uninstall Guide)
      • AV Security Essentials (Uninstall Guide)
      • Avira Giveaways And Deals
      • Bitdefender Giveaways And Deals
      • Ad-Aware Giveaways And Deals
      • ZoneAlarm Giveaways And Deals
      • All-Around Digital Security: Bitdefender Sphere fo...
    • ►  January (20)
  • ►  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile