DNS Changer Trojan - How to detect and remove?

Posted by Muhammed Posted on Friday, May 04, 2012


July 9 might be "Internet doomsday" for PC and Mac users who haven't taken steps to make sure their systems are not infected with what's being called DNS Changer malware.

This news is spreading across the world. Your Internet connection may not work on that day if your computer is infected with this dangerous DNS Changer Trojan.
In my previous post we have discussed about the DNShijacking, this malware is doing the same by replace the default DNS IP address with rogue DNS server. These malicious DNS servers alter the user searches and redirect to fake websites and prompt to download dangerous product. This threat also known as TDSS, Tidserv etc...
DNS Changer malware causes a computer to use rogue DNS servers in one of two ways. First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal. Second, it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHO network, even if those computers are not infected with the malware.
If you want to make sure that your computer is not infected with this dangerous Trojan, visit the website http://www.dcwg.org/detect and follow the instructions. During diagnose if you find that your computer is infected, visit http://www.dcwg.org/fix/ to fix the problem.