Friday, May 25, 2012 0 comments
What is DNSChanger malware?
Yesterday, i reported that Google will warn users who are affected with DNSChanger trojan. After the post, many readers asked me to write about this Trojan in detail. In this post, i am writing about DNSChanger trojan.
DNSChanger is kind of trojan which changes the DNS (Domain Name System) settings of a system to redirect system to some illegal websites. This trojan changer the nameserver registry key value to a fake IP address. As a result of this change, when a user try to access that website, its computer redirectes the request to that fake IP addresses added by DNSChanger.
How to check your computer?
If you want to check this infection in your system, i am writing some steps for windows system.
open command prompt. (i assume you know what is command prompt and how to open this.)
ipconfig /all and press enter.
Now look for the entry "DNS Servers"
See the ip address in front of this and compare them to the
table of known rogue DNS servers listed below.
126.96.36.199 through 188.8.131.52
184.108.40.206 through 220.127.116.11
18.104.22.168 through 22.214.171.124
126.96.36.199 through 188.8.131.52
184.108.40.206 through 220.127.116.11
18.104.22.168 through 22.214.171.124
If your computer is configured to use one or more of the rogue DNS servers listed above, your system may be infected with DNSChanger malware.
You can also visit website www.dns-ok.de to check whether your system is infected or not.
How to remove infection?
If your system is infected with DNSChanger, download free DNS changer removal tool from Avira
Follow thse additional steps:
- Go to Start --> Control Panel -->Network Connections.
- Right click your default connection, usually Local Area Connection or Dial-up Connection, if you are using Dial-up, and left click on Properties.
- Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice.
- Go to Start --> Run, type CMD and then click OK.
- At the Dos Prompt Screen, type in cd\ and then press ENTER.
- Now type in ipconfig /flushdns and then press ENTER. (notice the space after ipconfig)
- Close the command prompt window.
- Reboot your PC and try to open any website.