Shopping Cart
Your Cart is Empty
There was an error with PayPalClick here to try again
CelebrateThank you for your business!You should be receiving an order confirmation from Paypal shortly.Exit Shopping Cart

Your Pc Surgeon, LLC

Transparency of Technology

PC Surgical News

PC Surgical News


Posted by Andy Branka A+, N+ on May 16, 2012 at 7:45 AM


Many times I am being ased what is the most dangerous type of the malware that can infect your computer?

Daily few hundreds are discovered "in the wild" and some of them make to the mainstream of thousands of PC's, but I think DNS Changer is one of the most malicious of them all.

I colaborated with  Alfonso Barreiro from Tech Republic to provide short overview of the problem and solutions.

Please contact me  for more information or if you think you are being affected by it.

If after visiting the site listed below your  result is red not green /as pictured/, please contact me immediately as you will lose your Internet on July 9th.

The DNS Changer malware family silently replaces the Domain Name System (DNS) settings of the computers that it infects (both Windows PCs and Macs) with the addresses of the malicious servers and routers (yes, small office/home office routers that were still using their default admin usernames and passwords). Affected users then would be directed to sites that served malware, spam or large advertisements when they tried to go to popular websites such as Amazon, iTunes and Netflix. Additionally, some variants of the malware blocked access to anti-malware and operating system update sites to prevent its removal. The operators of this botnet would receive advertising revenues when the pages were displayed or clicked on, generating them over $14 million in fees.


Due to the potential impact the removal of these DNS servers would have on millions of users, the FBI had the malicious servers replaced with machines operated by the Internet Systems Consortium, a public benefit non-profit organization, to give affected users time to clean their machines. Originally these temporary servers were to be shut down in March, but the FBI obtained a court order authorizing an extension because of the large number of computers still affected. The new deadline is July 9, giving more time to those still infected to fix their computers. As of March, the infected still included 94 of all Fortune 500 companies and three out of 55 major government entities, according to IID (Internet Identity), a provider of technology and services.


How do I check if I’m infected?


If you are a network admin or IT pro, and you are pretty confident your organization is in the clear, you still may want to share these instructions with your users so that they are aware that their home systems could be infected and so that they can perform the self-checks.


Both the FBI and the DNS Changer Working Group have provided detailed step-by-step instructions for manually checking Windows XP, Windows 7 and Mac OS X computers for infection. Essentially, if your DNS servers listed include one or more of the addresses in the following list, your computer might have been infected: through through through through through through

If your computer checks out okay, you should also check your SOHO router settings. Consult your product documentation on how to access your router settings and compare its DNS servers to those on the list above. If your router is affected, a computer on your network is likely infected with the malware.


There are also several self check tools that can help check your machine. One such tool is provided by the DNS Changer Working Group at This site will display an image with a red background if the machine or router is infected. On a clean machine, it will be a green background:


Depending on your organizations’ network configuration, you could set up alerts when machines from your internal network attempt to reach any of the listed addresses or you can block them outright. Be careful if you opt to block them though, as any infected machine will essentially lose its Internet connectivity since they won’t be able to resolve any Internet server name they attempt to reach. Of course, this will also be a big clue that something is wrong, if the support phone lines fire up on July 9 with users reporting mysterious Internet outages!


I found an infection! How do I fix it?


As with detection, there are also a number of tools available to fix an infection. Since the DNS Changer was delivered through different mechanisms over the years, some infections may be more difficult to remove than others. In some extreme cases, only a full reinstall of the operating system will ensure a successful repair. Some removal tools available include:


Kaspersky Labs TDSSKiller

McAfee Stinger

Microsoft Safety Scanner

Trend Micro Housecall


Avira DNS Repair Tool

This is by no means a complete list; most anti-malware companies should be able to detect this particular threat. But be aware that your mileage may vary. DNS Changer was also part of some web exploitation kits and other types of malware (backdoors, keyloggers, etc.) might have hitched a ride and complicated the removal process. If you have an affected router, you should also change its default admin password to something else (and don’t use an easily guessable password - it will be only a matter of time before someone else tries a similar attack).


What if my machine remains infected after the deadline?


Machines that remain infected or are served by an affected router after the temporary servers are removed will, for all intents and purposes, lose their Internet connectivity. How to fix it will remain the same, but with the added wrinkle that you will probably need a second, clean machine with Internet access for diagnostics and to obtain removal tools.


Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.



About Alfonso Barreiro


Alfonso is a technology specialist with experience in multiple IT roles with the latest one being in information security.

Your Pc Surgeon is local tech consulting firm specialising in new systems, networks and technology implementation for indyviduals and small businesses.


Categories: None

Post a Comment


Oops, you forgot something.


The words you entered did not match the given text. Please try again.

Already a member? Sign In


Reply supreme hoodie
5:57 PM on December 7, 2021 
You should participate in a contest for the most effective blogs on the web. I will recommend this site!
supreme hoodie
Reply yeezy boost 350
4:52 PM on December 7, 2021 
There is noticeably a bundle to know about this. I assume you made sure good points in features also.
yeezy boost 350
Reply Eyeroase
3:38 PM on December 7, 2021 
where can i purchase sildenafil buy tadalafil 20mg online fluoxetine 5 mg cost of brand name celexa sildenafil uk paypal generic viagra from us cialis soft tabs canada tadalafil pills 20mg cheap generic cialis canadian pharmacy can you order viagra without a prescription
Reply Denroase
3:05 PM on December 7, 2021 
cialis 20 mg lowest price lipitor 20 mg canada how to get amoxicillin without a script buy viagra tablet india online neurontin brand coupon
Reply Booroase
1:20 PM on December 7, 2021 
buy sildenafil with visa
Reply Wimroase
10:48 AM on December 7, 2021 
buy cheap doxycycline
Reply giannis antetokounmpo shoes
8:35 AM on December 7, 2021 
I�d need to examine with you here. Which is not something I normally do! I enjoy reading a publish that will make people think. Additionally, thanks for allowing me to remark!
giannis antetokounmpo shoes
Reply Infulty
7:41 AM on December 7, 2021 
plaquenil eye
Reply jordan 1 high
7:04 AM on December 7, 2021 
Spot on with this write-up, I really suppose this website needs rather more consideration. I�ll most likely be once more to read much more, thanks for that info.
jordan 1 high
Reply Ashroase
6:45 AM on December 7, 2021 
zithromax generic
Reply golden goose
11:32 PM on December 6, 2021 
There is noticeably a bundle to learn about this. I assume you made certain good factors in options also.
golden goose
Reply jordan retro
10:26 PM on December 6, 2021 
Youre so cool! I dont suppose Ive read anything like this before. So nice to find any individual with some unique thoughts on this subject. realy thank you for starting this up. this web site is something that is wanted on the internet, someone with a little bit originality. useful job for bringing something new to the web!
jordan retro
Reply Maryroase
5:47 PM on December 6, 2021 
generic sildenafil citrate
Reply Yonroase
3:41 PM on December 6, 2021 
buy tadalafil 100mg
Reply kyrie 6
3:35 PM on December 6, 2021 
I used to be more than happy to find this web-site.I needed to thanks for your time for this glorious read!! I positively having fun with every little bit of it and I've you bookmarked to take a look at new stuff you blog post.
kyrie 6
Reply lebron james shoes
2:33 PM on December 6, 2021 
Aw, this was a very nice post. In concept I wish to put in writing like this additionally ?taking time and precise effort to make an excellent article?but what can I say?I procrastinate alot and certainly not appear to get one thing done.
lebron james shoes
Reply ZirlAcirl
11:04 AM on December 6, 2021 
plaquenil dosage
Reply Switlirty
9:04 AM on December 6, 2021 
900mg gabapentin
Reply Zakroase
8:54 AM on December 6, 2021 
gabapentin cream over the counter
Reply hcq over the counter
8:33 AM on December 6, 2021 
Metronidazole Overnight