DNS Changer
DNS Changer Description
DNS Changer is a Trojan that attempts to change the infected computer’s DNS (or domain name server) settings for malicious purposes. Although obvious symptoms of a DNS Changer infection may not be observable, SpywareRemove.com malware experts have noted that the full extent of DNS Changer’s attacks can be dangerously-impressive and often include browser hijacks and attempts at theft of personal information. DNS Changer is also known as FBI DNS Changer, DNS Changer Virus, DNS Changer Trojan, Trojan:W32/DNSChanger, DNSChanger, DNS Changer Malware, Ghost Click Malware, Win32.DNSChanger, Windows DNS Changer, Ghost Click Virus or Doomsday Virus.As of November 2011, many types of recent DNS Changer attacks have also used TDSS rootkits, banker Trojans and other forms of malicious software to enhance their spyware and security-lowering capabilities, and any attempt at removing DNS Changer should also include usage of anti-malware programs that can remove any additional PC threats.
The DNS Changer’s Looming Internet Lockout Strikes This Monday
Although reputable entities such as Google, Facebook, various Internet service providers and even the FBI have all coordinated efforts to help DNS Changer victims, current reports indicate that countless thousands of DNS Changer-infected computers will still lose internet connectivity next Monday. This internet blackout date is the current date that’s set for replacement DNS Changer servers to be taken down, which will leave PCs that are directed to those servers automatically without any ability to load even a single website.
There is a happy wrap up to this tale, but with a caveat: while DNS Changer’s attacks were effectively halted with the closure of its malicious servers, and these servers were replaced with benign ones (this move was called Operation Ghostclick), these replacements are only up for a limited time. Our malware researchers have noted a sharp increase in assistance methods for victims of DNS Changer attacks as this Internet blackout date looms ever closer, including easy methods of detecting DNS Changer infections by visiting sites like www.dns-ok.us. Other popular sites, such as the Google search engine, have also taken to providing warning messages for infected computers as soon as they attempt to search or use another website-related feature. However, many computers remain infected by DNS Changer, and as long as its DNS alterations are still in place, affected computers will soon lose the ability to load any website at all.
This video illustrates the number of computers worldwide infected with DNSChanger every hour for the time period 01/01/2012 to 03/31/2012.
It should be stressed that since there may be no symptoms of a DNS Changer infection until the server shutdown date arrives, you shouldn’t attempt to detect DNS Changer infections manually, particularly since they involve changes to sensitive system components. Our malware analysts recommend that you use a trustworthy brand of anti-malware application to detect and remove DNS Changer and its related changes, which can also be responsible for other attacks unless they’re completely deleted. You can learn more on how threatening DNS Changer is from the ‘DNS Changer Threatens Your Internet’ video.
If DNS Changer or related PC threats prevent you from using appropriate software or visited PC security sites, boot your computer from a removable media device (such as a CD or USB drive) and proceed on from there with the uninfected OS. In rare cases where it’s necessary, your ISP (among other sources) can also provide detailed instructions on DNS Changer removal.
The Unseen Dangers That Await with a DNS Changer Infection
Although DNS Changer can also be spread by other methods (most notably, via social networking-based links), most recent DNS Changer attacks have made use of TDSS rootkits to install themselves and gain access to the infected PC. DNS Changer is designed to attack Windows computers and does this in a very broad way – by abusing DNS settings to intercept and transmit online traffic. This allows DNS Changer to be used for many types of hijack-based attacks, such as:
- Redirecting you to a phishing website that looks identical to a legitimate site. This method allows DNS Changer to steal passwords and other forms of personal information by requesting you to log in to an account at a fraudulent site.
- Stealing passwords and other forms of online-transmitted information directly from legitimate sites.
- Redirecting your web browser to irrelevant sites that pay click-based revenue to DNS Changer’s criminal partners.
- Redirecting your browser away from anti-malware sites that could provide assistance for removing DNS Changer.
Affiliated rootkits that can install DNS Changer such as TDL4 rootkit may also be responsible for other attacks on your PC. Until you’ve removed DNS Changer (and any related infections) with an appropriate anti-malware program, your computer’s security will be severely-reduced, and you may be in danger of remote attacks that can take over or even damage your PC.
Find Out If You’re Infected with DNS Changer
If your PC is still infected with DNS Changer, it’s highly likely that you’ve experienced a total loss of Internet connectivity. This is due to a shutdown of servers that commenced at 12:01 AM on July 9th. In addition to technical methods of directly detecting DNS changes on your computer, SpywareRemove.com malware researchers can also recommend a profusion of various DNS Changer-detecting tools and websites. The afterward is an index of some of the many third-party entities that have worked to alert DNS Changer victims of the presence of DNS Changer malware:
- You may have visited dns-ok.us or similar DNS Changer-detecting websites for different regions, such as dns-ok.nl, dns-ok.fi or dns-ok.gov.au. These FBI-recommended websites are designed to display highly-visible red alerts if your computer is infected with a variant of DNS Changer. However, they aren’t foolproof – if your ISP redirects your DNS traffic by default, your PC may appear to be uninfected even if it truly is afflicted with DNS Changer.
- As of early June 2012, Facebook also issued automatic warnings to any PC that was determined to be infected by DNS Changer. Facebook’s warning message provides a link to DNS Changer Working Group or DCWG site, which, in its own turn, links back to one of the above sites for detecting DNS Changer.
- Similar to Facebook, Google has had its own warnings to hand out to DNS Changer-infected computers. SpywareRemove.com malware analysts noted that Google’s alert is much more generic than those used by the above sites, however; consequentially, some DNS Changer victims may have ignored Google’s ‘Your computer appears to be infected’ warning as a false positive or a symptom of a browser hijacker.
Other than visiting the aforementioned websites, no special action needs to be taken; these sites will detect DNS Changer on your computer as you load their web pages.
Watch out for Alternate Forms of DNS-Modifying Attacks
Not all types of DNS Changer attacks are confined to the DNS settings of an individual computer. SpywareRemove.com malware experts have also found instances where advanced DNS Changer variants may choose, instead, to modify the settings of a communal router or modem. Strong user login names and passwords can help to protect these devices from being hijacked by DNS Changer and similar PC threats. It should be noted that even uninfected computers that use DNS Changer-infected routers, for example, will suffer the consequences of infection – for example, loss of Internet connectivity or exposure to harmful websites.
Methods for acquiring DNS data from these products will vary with the type of product in question, and SpywareRemove.com malware researchers recommend that you reference your router or modem’s manual for guidance on how to acquire this information. However, once you’ve found your DNS Server information, you can check it for contamination by DNS Changer with any of the methods noted above.
Freeing Your DNS Settings from DNS Changer’s Dominion
Because DNS Changer, by definition, changes your DNS settings, you may need to change your DNS settings back to normal values after you’ve deleted DNS Changer. Most variants of DNS Changer will use techniques to hide themselves, such as by using randomly-named files in the Windows folder, and should be removed by suitable anti-malware programs if such programs are available. Some versions of DNS Changer will also damage certain drivers – in most instances, restoring these drivers from backup copies will restore DNS Changer, and so you should reinstall these drivers from clean sources.
Because DNS Changer is a generic label, DNS Changer can be used to identify many types of PC threats that display its DNS-changing characteristics. DNS Changer may also be identified by the labels of TR/Dldr.DNS Changer, Trojan.BAT.DNS Changer.a, Trojan.DNS Changer.BX, Trojan:Win32/DNS Changer.AI, Win-Trojan/DNS Changer.72210 and Trojan.Win32.DNS Changer.re (among others).
Tips to Prevent DNS Changer Malware
Although DNS Changer attacks encompass multiple types of PC threats, there are some general precautions that you can take to make your network settings less vulnerable than otherwise to DNS Changer attacks. SpywareRemove.com malware experts particularly recommend:
- Avoid default or commonly-used user names and passwords for network-related accounts, software and hardware. Passwords such as ‘admin’ and ‘password1′ are often cracked via brute force methods that allow malicious software like DNS Changer variants to change your network settings to their own preferences.
- Monitoring IP activity for computers in your network. If a computer appears to be accessing one of the compromised DNS Changer IP numbers, you should isolate it from both the Internet and other PCs until it’s disinfected.
- Some brands of PC security and anti-malware programs can also offer particularly advanced solutions such as blocking unauthorized changes to sensitive portions of your Registry. You should only attempt this form of defense against DNS Changer if you’re comfortable with working with the Registry and have your DNS server addresses set to be procured automatically. Specific instructions for this feature will vary with each brand of security software that offers it.
- Avoid common means of installation by various PC threats, particularly those that are favored by DNS Changer variants. DNS Changer-related PC threats often disguise themselves as legitimate programs or updates such as codecs or script (Flash or JavaScript) packages.
DNS Changer Automatic Detection Tool (Recommended)
Is your PC infected with DNS Changer? To safely & quickly detect DNS Changer, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect DNS Changer
What happens if DNS Changer does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
How to Detect Maliciously-Altered Domain Name System (DNS) Settings Manually
If you’re unable or unwilling to access the above websites, or have any motive to believe that they might be inaccurate for your situation, you can also attempt to detect DNS Changer-altered Domain Name System settings by manual methods. These instructions will differ for different PC users, depending on your operating system.
DNS Attack-Detecting Instructions for Windows Users
The FBI provides its own detection method on its website that’s usable once you know the IP address for your DNS Servers (which can be identified by a default Windows command). You can also use the Windows feature Ncpa.cpl, which is associated with Control Panel’s management of network connectivity properties. Both methods can be launched and finished quickly and easily from the CMD.exe (what older PC users than the norm may still think of as a modern replacement for DOS).
Using the Forms.fbi.gov Website
The website Forms.fbi.gov, or to be more specific than that, forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS, offers DNS Changer detection once you’ve input your DNS information for analysis. The information FBI service can be procured from CMD.exe as follows:
- Click Start and search for CMD.exe and launch it,
OR
Hold down your Start menu button on your keyboard while also holding R, type cmd.exe and click OK.
- Type ipconfig /all and make a note of the information (by taking a screenshot or writing it down, as preferred). However, for the purposes of this procedure, all you need are the numbers of the DNS Servers.
- Type your DNS Servers information (for an example of the format: 192.123.1.2) into the field at forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS. You’ll be informed on the website whether or not your PC’s DNS settings have been compromised by DNS Changer attacks.
Using the Ncpa.cpl Windows Feature
If you’re uninterested in using the FBI website, a second method is also available. Follow the instructions as above until you know your DNS Servers information. From that point:
- Click Start and search for Ncpa.cpl and launch it,
OR
Hold down your Start menu button on your keyboard while also holding R, type Ncpa.cpl and click OK. Either method will launch the Network Connections section of Control Panel.
- Right-click on the icon the network connection that’s in use (its description will vary with your type of connection) and click Properties.
- Scroll the Networking ‘items’ section until you find Internet Protocol and click it.
- Click the Properties button from within the window.
- If you’re set to obtain IP addresses automatically, your PC can be considered compromised. If you’re set to use ‘the following DNS addresses,’ then your computer may be compromised by DNS Changer. Write down the numbers for both preferred and alternate servers, if this is applicable.
- If any of the numbers fall within the following ranges (as determined by the United States FBI), your DNS settings have been altered with malicious intent:
64.28.176.0 to 64.28.191.255
67.210.0.0 to 67.210.15.255
77.67.83.0 to 77.67.83.255
85.255.112.0 to 85.255.127.255
93.188.160.0 to 93.188.167.255
213.109.64.0 to 213.109.79.255
DNS Attack-Detecting Instructions for Mac Users
Mac-based PCs can still use the same FBI website, forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS, to detect DNS Changer-based DNS modifications. However, the procedure for acquiring DNS information is slightly different from the Windows instructions, as follows:
- Left-click your Apple menu icon and select System Preferences.
- Left-click Network.
- Click your active network connection as noted in the display.
- Click the Advanced button from within the window.
- Select the DNS tab (just to the right of the TCP/IP tab). This will display your DNS Server information, which can be checked as per the Windows instructions.
Fixing DNS Server Settings By Hand (without Software-Based Assistance)
Switching from predetermined DNS settings to automatically-acquired ones is an easy way for Windows users to manually ‘turn off’ malicious DNS settings – although this does not necessarily remove the associated DNS Changer infection, which may reverse your changing if DNS Changer is not deleted by anti-malware software or other methods. If you feel that you need to make these changes by hand and are confident that they will not be reversed, follow the first four parts of the ‘Using Ncpa.cpl’ section.
Select ‘Obtain DNS server address automatically.’ Note that most, but not all ISPs provide automated DNS server acquisition via a DHCP or Dynamic Host Configuration Protocol. If your PC uses an ISP or network that doesn’t provide this feature, this solution will not work.
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name 1 C:\Windows\system32\wdmaud.sys 2 C:\resycled\bootmatrix.com 3 TDSSserv.sys 4 seneka.sys 5 gaopdxserv.sys 6 msqpdxserv.sys 7 gxvxcserv.sys 8 _VOIDd.sys 9 ndisprot.sys 10 H8SRTd.sys 11 MSIVXserv.sys 12 UACd.sys 13 ESQULserv.sys 14 PayPal-2.5.200-MSWin32-x86-2005.exe 15 %COMMON_DOCUMENTS%\cmijj.exe 16 %COMMON_DOCUMENTS%\csrss.exe 17 %COMMON_DOCUMENTS%\LSSAS.exe 18 %COMMON_DOCUMENTS%\msert.exe 19 %COMMON_DOCUMENTS%\mstsc.exe 20 %MYPICTURES%\resycled 21 %PERSONAL%\resycled 22 %PROFILE_TEMP%\AlfaBR.exe 23 %PROGRAM_FILES%\AccessMV 24 %PROGRAM_FILES%\AlfaBR 25 %PROGRAM_FILES%\aquaplay 26 %PROGRAM_FILES%\BestHD 27 %PROGRAM_FILES%\BlueRaTech 28 %PROGRAM_FILES%\Convert2Play 29 %PROGRAM_FILES%\DDnsFilter 30 %PROGRAM_FILES%\DecodingHQ 31 %PROGRAM_FILES%\DigitalHQ 32 %PROGRAM_FILES%\DigitalLabs 33 %PROGRAM_FILES%\DVDConv 34 %PROGRAM_FILES%\DVDextraPL 35 %PROGRAM_FILES%\DVDTool 36 %PROGRAM_FILES%\ExpressVids 37 %PROGRAM_FILES%\EZVideo 38 %PROGRAM_FILES%\FreeHDplay 39 %PROGRAM_FILES%\freshplay 40 %PROGRAM_FILES%\FullMovies 41 %PROGRAM_FILES%\HDExtrem 42 %PROGRAM_FILES%\HDQuality 43 %PROGRAM_FILES%\HDtvcodec 44 %PROGRAM_FILES%\HeroCodec 45 %PROGRAM_FILES%\homeview 46 %PROGRAM_FILES%\iVideo 47 %PROGRAM_FILES%\Mediaview 48 %PROGRAM_FILES%\MpegBuster 49 %PROGRAM_FILES%\Network Monitor 50 %PROGRAM_FILES%\PlayMe 51 %PROGRAM_FILES%\PLDivX 52 %PROGRAM_FILES%\PluginVideo 53 %PROGRAM_FILES%\PlusCodec 54 %PROGRAM_FILES%\PornoPlayer 55 %PROGRAM_FILES%\QuickTiming 56 %PROGRAM_FILES%\QuickyPlaeyr 57 %PROGRAM_FILES%\SiteEntry 58 %PROGRAM_FILES%\SunPorn 59 %PROGRAM_FILES%\TonsOfPorn 60 %PROGRAM_FILES%\totalvid 61 %PROGRAM_FILES%\ubervid 62 %PROGRAM_FILES%\UltraVideo 63 %PROGRAM_FILES%\VideoKey 64 %PROGRAM_FILES%\videoplay 65 %PROGRAM_FILES%\videosoft\Uninstall.exe 66 %PROGRAM_FILES%\XXXHoliday 67 %PROGRAMS%\AccessMV 68 %PROGRAMS%\aquaplay 69 %PROGRAMS%\BHVideo 70 %PROGRAMS%\BlueRaTech 71 %PROGRAMS%\Convert2Play 72 %PROGRAMS%\coolplay 73 %PROGRAMS%\DecodingHQ 74 %PROGRAMS%\DigitalHQ 75 %PROGRAMS%\DigitalLabs 76 %PROGRAMS%\DivxFree 77 %PROGRAMS%\DVDConv 78 %PROGRAMS%\DVDextraPL 79 %PROGRAMS%\DVDTool 80 %PROGRAMS%\ExpressVids 81 %PROGRAMS%\FreeHDplay 82 %PROGRAMS%\FullMovies 83 %PROGRAMS%\HDExtrem 84 %PROGRAMS%\HDQuality 85 %PROGRAMS%\HDtvcodec 86 %PROGRAMS%\HeroCodec 87 %PROGRAMS%\homeview 88 %PROGRAMS%\Mediaview 89 %PROGRAMS%\MoviesPlay 90 %PROGRAMS%\PlayMe 91 %PROGRAMS%\PlayMYDVD 92 %PROGRAMS%\PLDivX 93 %PROGRAMS%\PluginVideo 94 %PROGRAMS%\QuickTiming 95 %PROGRAMS%\QuickyPlaeyr 96 %PROGRAMS%\sexvid 97 %PROGRAMS%\SiteEntry 98 %PROGRAMS%\TonsOfPorn 99 %PROGRAMS%\totalvid 100 %PROGRAMS%\UltraVideo 101 %PROGRAMS%\UNICCodec 102 %PROGRAMS%\videoplay 103 %SYSTEM%\cmd32.exe 104 %SYSTEM%\cmd64.exe 105 %SYSTEM%\csrcs.exe 106 %SYSTEM%\csrns.exe 107 %SYSTEM%\csrss.exe 108 %SYSTEM%\drivers\ndisprot.sys 109 %SYSTEM%\kdgzh.exe 110 %SYSTEM%\kdkgg.exe 111 %SYSTEM%\kdlly.exe 112 %SYSTEM%\kdqwt.exe 113 %SYSTEM%\kduev.exe 114 %SYSTEM%\krl32mainweq.dll 115 %SYSTEM%\lsass.exe 116 %SYSTEM%\MSlgx.exe 117 %SYSTEM%\msmgs.exe 118 %SYSTEM%\msnqp.exe 119 %SYSTEM%\mssms.exe 120 %SYSTEM_DRIVE%\autorun.inf 121 %SYSTEM_DRIVE%\resycled 122 %SYSTEM_DRIVE%\resycled\ntldr.com 123 %SYSTEM_DRIVE%\Users\Manuel 124 %WINDOWS%\Tasks\MSWD-1b4abb06.job 125 %WINDOWS%\Tasks\MSWD-27e0d013.job 126 %WINDOWS%\Tasks\MSWD-28d8d31d.job 127 %WINDOWS%\Tasks\MSWD-2969d51d.job 128 %WINDOWS%\Tasks\MSWD-3e4ae7ad.job 129 %WINDOWS%\Tasks\MSWD-4354122e.job 130 %WINDOWS%\Tasks\MSWD-44fcb0c6.job 131 %WINDOWS%\Tasks\MSWD-4535c222.job 132 %WINDOWS%\Tasks\MSWD-469d5901.job 133 %WINDOWS%\Tasks\MSWD-56802d43.job 134 %WINDOWS%\Tasks\MSWD-5d240b12.job 135 %WINDOWS%\Tasks\MSWD-6145903c.job 136 %WINDOWS%\Tasks\MSWD-88e4ae02.job 137 %WINDOWS%\Tasks\MSWD-95cf3d27.job 138 %WINDOWS%\Tasks\MSWD-af53409d.job 139 %WINDOWS%\Tasks\MSWD-b2be9e3f.job 140 %WINDOWS%\Tasks\MSWD-b868995b.job 141 %WINDOWS%\Tasks\MSWD-c61509c8.job 142 %WINDOWS%\Tasks\MSWD-db3968bf.job 143 %WINDOWS%\Tasks\MSWD-ee6b7301.job 144 %WINDOWS%\Temp\DAB.tmp 145 %WINDOWS%\Temp\tempo-1145640.tmp 146 %WINDOWS%\Temp\tempo-161796561.tmp 147 %WINDOWS%\Temp\tempo-161797121.tmp 148 %WINDOWS%\Temp\tempo-289.tmp 149 %WINDOWS%\Temp\tempo-394365031.tmp 150 %WINDOWS%\Temp\tempo-394365218.tmp 151 %WINDOWS%\Temp\tempo-44B.tmp 152 %WINDOWS%\Temp\tempo-45B.tmp 153 %WINDOWS%\Temp\tempo-66D.tmp 154 %WINDOWS%\Temp\tempo-76546.tmp 155 %WINDOWS%\Temp\tempo-97265.tmp 156 %WINDOWS%\Temp\tempo-B7D.tmp 157 %WINDOWS%\Temp\tempo-E2B.tmp 158 %WINDOWS%\vkl_1250424439 159 %WINDOWS%\vkl_1250424989 160 %WINDOWS%\vkl_1250425116 161 %WINDOWS%\vkl_1250425221 162 %WINDOWS%\vkl_1250425267 163 %WINDOWS%\vkl_1250425328 164 %WINDOWS%\vkl_1250733143 165 %WINDOWS%\vkl_1251463593 166 %WINDOWS%\vkl_1251734499 167 %WINDOWS%\vkl_1251745894 168 %WINDOWS%\vkl_1251803401 169 %WINDOWS%\vkl_1252481066.exe 170 %WINDOWS%\vkl_1252511207.exe 171 %WINDOWS%\vkl_1252511321.exe 172 %WINDOWS%\vkl_1252765651.exe 173 %WINDOWS%\vkl_1252765671.exe 174 %WINDOWS%\vkl_1252768743.exe 175 %WINDOWS%\vkl_1252768769.exe 176 %WINDOWS%\vkl_1252834079.exe 177 %WINDOWS%\vkl_1252834085.exe 178 %WINDOWS%\vkl_1252968719.exe 179 %WINDOWS%\vkl_1253053752.exe 180 %WINDOWS%\vkl_1253165416.exe 181 %WINDOWS%\vkl_1253165426.exe 182 %WINDOWS%\vkl_1253173827.exe 183 %WINDOWS%\vkl_1253173833.exe 184 %WINDOWS%\vkl_1253181420.exe 185 %WINDOWS%\vkl_1253181421.exe 186 B:\resycled 187 C:\resycled 188 D:\autorun.inf 189 D:\resycled 190 D:\resycled\ntldr.com 191 E:\resycled 192 E:\resycled\ntldr.com 193 F:\autorun.inf 194 F:\resycled 195 F:\resycled\ntldr.com 196 G:\resycled 197 G:\resycled\ntldr.com 198 H:\resycled 199 H:\resycled\ntldr.com 200 I:\resycled 201 I:\resycled\ntldr.com 202 J:\resycled 203 K:\autorun.inf 204 K:\resycled 205 L:\resycled 206 M:\resycled 207 M:\resycled\ntldr.co 208 N:\resycled 209 O:\resycled 210 P:\resycled 211 Q:\resycled 212 R:\resycled 213 S:\resycled 214 T:\resycled 215 V:\resycled 216 W:\resycled 217 X:\resycled 218 Z:\resycled
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer = 85.255.xxx.xxx,85.255.xxx.xxxHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[RANDOM] DhcpNameServer = 85.255.xx.xxx,85.255.xxx.xxxHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[RANDOM] NameServer = 85.255.xxx.133,85.255.xxx.xxxHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F5A3FA3-74FB-41DD-AD5B-F8C6C8B3D0EC} NameServer = 85.255.116.86,85.255.112.157HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B7C04D2-0898-43A3-B374-B7AFA580EA23} NameServer = 93.188.163.113,93.188.161.83HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer = 85.255.xxx.xxx,85.255.xxx.xxx
Posted: November 20, 2011 | By SpywareRemove
MoreThreat Level: 8/10
(3 votes, average: 4.00 out of 5)
Loading ...Rate this article:
Just what the doctor ordered, thaknity you!
Thank you so much for all the detailed information. I used your article and another one together to repair IP whatever for my computer
i have the fbi porn virus
Detailed info. Thanks for your help.
I cannot thank you all enough for your Helpdesk services through Spyhunter. You were able to fix my dilemma and remove DNS Changer. Now have FULL internet access with no issues. You all are a Godsend!
Lots of information to digest. I just want to remove this bull shi*! DNS Change thing has been messed up on my HP laptop since monday! Can you not get this malware program on a usb thumb and then install and run it from that?
With all the fuss made by the media about this DNS Changer wave, how can still having people that didn’t check their computers in order to be on the safe side and avoid countless problems?
The DNS Changer plague is a good example of why computer users should be careful when it comes to their PCs security! I know a lot of people that clicks on everything they see, get badly infected and still think they are entitled to complaint… just sayin!!!
In my opinion, just sloppy computer users were affected by the DNS Changer blackout, I’m sure that people who take care of their PC’s security didn’t have any problem. I didn’t.
I had to go to library to find a solution for this. My PC runs just fine and I can run any program I want but the internet is not connecting. I spent almost 45 minutes on the phone with Comcast and the rep said I needed to use their Mcafee program to scan for viruses that could be blocking the internet. It was not until their supervisor said I could have the FBI DNS Changer on my computer. He told me to go to http://www.dcwg.org but how could I if I do not have internet access. They hung up after my connection was verified as working to the cable modem. I am at wits end here. How can I remove it if I have no internet to go to a fix site or download software to remove it???
On a year-old Dell XPS desktop tower with Windows 7 home. I must have the DNS Changer virus. Cannot go to any website. How do I install another browser to try that? Using my neighbors laptop now due to this. I must find a solution soon so I can return his laptop. Can this antimalware spyhunter remove it?
My Laptop keeps saying "this web page not available" when going to any site using IE. I use Chrome and I can pull up SOME sites. Could this be DNS Changer? What Do I do to find out?
have a good day.
I tried to do this a couple days ago, but did not have any luck. I find it confusing when you state all the files that were created.