«

»

Apr 25

DNS Changer Virus threatens to kick hundreds of thousands from the web


Hundreds of thousands of users could lose access to the internet simultaneously on July the 9th have you done enough to ensure that you are not one of those infected with the DNSChanger virus

The problem is caused by a piece of malware called the DNSchanger virus that was first discovered 5 years ago in 2007. The virus is estimated to have infected millions of computers worldwide with many still not disinfected of the virus.The DNSChanger virus altered settings in infected computers that means when your computer contacts its domain servers to find out the IP address of a website instead of being directed to legitimate DNS servers your computer is directed to rogue DNS servers setup by criminal organisations.

One sign of possibly been infected with this virus is that genuine sites are often redirected to sites that you did not want to visit. These sites could be copies of the legitimate sites that are designed to steal data or install even more malicious programs on your computer or they could just be redirecting you to advertising sites and limiting the use of your computer.

The criminals involved with this virus were arrested and imprisoned but the problem of what to do with the computer servers remained. The authorities knew that because of the high number of infections and the fact that many computers over the world now relied on these servers they could not just shut off the servers as that would be essentially turning off the internet for millions of people.

virus removalSo they decided to turn these servers into genuine DNS servers but the problem is that running these machines costs the government a lot of money so they will be shutting off the servers on the 9th of July and for anyone infected by this virus the web simply will not exist after that.

Even if you are not infected by the DNS changer virus it is now becoming obvious that an anti-virus program is not enough to keep us safe. Running anti-malware software alongside our anti-virus programs such as Malwarebytes Anti-Malware is becoming more and more necessary

So what can I do to check if im infected?

The simplest way to check for infection is via a website setup by the DCWG (DNSChanger Working Group) that allows you to check if your machine has been infected by the virus.

Visit http://www.dns-ok.us/ to check if you DNS servers are infected.

You can also check via a command prompt by entering the following if for some reason you cannot use the website.

ipconfig /allcompartments /all

DNSChanger virus removal

The virus used a number of DNS addresses. Compare your DNS server (highlighted red) to the below range to determine if you have been infected.

Starting IP Ending IP CIDR
85.255.112.0 85.255.127.255 85.255.112.0/20
67.210.0.0 67.210.15.255 67.210.0.0/20
93.188.160.0 93.188.167.255 93.188.160.0/21
77.67.83.0 77.67.83.255 77.67.83.0/24
213.109.64.0 213.109.79.255 213.109.64.0/20
64.28.176.0 64.28.191.255 64.28.176.0/20

I’m infected with the DNSChanger virus how do I remove it

There are a number of tools that can remove the virus but 3 I have used personally on this malware infection can be found below. Follow the links to install and then run the programs. Once you have run the removers perform the check via the DCWG website again after  restarting your computer.

Malwarebytes Pro – This is probably the most well known malware removal tool on the market.Not only will this remove malware infections it will also protect against future infections that can cause these kinds of problems. It is HIGHLY recommended you run an anti malware program alongside your anti-virus program nowadays to keep your computer clean. Malwarebytes Anti-Malware Lifetime can currently be picked up for under $20!

Norton Power eraserhttp://security.symantec.com/nbrt/npe.aspx

Kaspersky TDSSKillerhttp://support.kaspersky.com/faq/?qid=208283363

Once you have removed the virus it is Highly recommended you perform a full malware scan and virus scan. You can find help regarding anti-malware software at keeping  your computer free of spyware and malware.

Further Information

You can read the warning regarding the virus directly on the FBI website at

http://www.fbi.gov/news/stories/2011/november/malware_110911

It is highly recommended you check that you are not infected by this virus ASAP preferably before July the 9th or you too could be facing an internet blackout!