9 replies to this topic

[ShyWriter]

.


(Partial excerpt from FORBES' article on this subject)

[...]

DNS CHANGER removal tools..

The DNS Changer Working Group (DCWG), the that’s been maintaining care of the servers since their seizure, has created a website that allows you check if your computer is infected and, if it is, remove the DNSChanger malware.

Back in January of this year the DCWG estimated that some 450,000 systems were still infected with DNS Changer.

If you are infected there are a whole host of removal tools available. Here is a listing:

• Hitman Pro (32bit and 64bit versions)
  
• Kaspersky Labs TDSSKiller
  
• McAfee Stinger
  
• Microsoft Windows Defender Offline
  
• Microsoft Safety Scanner
  
• Norton Power Eraser
  
• Trend Micro Housecall
  
• MacScan
  
• Avira

[...]

SOURCE: http://www.forbes.co...cess-come-july/

EDIT: Malwarebytes also protects as well as scans for this problem (per Exile360 - thanks Samuel)

Steve

Edited by ShyWriter, 23 April 2012 - 03:57 PM.

[Firefox]

Nice article... thanks for sharing...

[ShyWriter]

.
Thanks Firefox.. Unfortunately I run across quite a bit more information/news/help than I can safely post (without getting yelled at ) so it's doubly nice when I pick out a good one.

Steve

[hayc59]

Nice and thanks!!

[Triple Helix]

Great Thanks!

TH

[ShyWriter]

Thanks for the thanks, guys.. It's greatly appreciated as I'm not in the running for MBAM's Taco give-away.. only 4462 posts.. Day late and 538 short.. *snif*



Steve

[redmane1981]

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

Thanks, love your product!

[exile360]

redmane1981, on 04 May 2012 - 09:18 AM, said:

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

It's certainly possible, as what you're describing sounds like a rootkit. There are many such rootkits that will redirect a user's system to a malicious DNS server, similar to how the above described infection does.

[David H. Lipman]

There were a few basic variants.

One that changed the DNS table on a PC

One that changed the DNS table on a PC and poorly secured SOHO Routers

One that changed the DNS table on a PC and had protective rootkit constructs in earlier versions and later teamed with TDSS.

EDIT:

If I remember correctly the web site that pushed DNSChanger variants would look at the Browser User-Agent and subsequently foisted a DMG for Apple computers and a EXE to Windows computers.

[redmane1981]

thanks for the quick reply. I think that may be useful info for people. Especially if they are experiencing persistant dns changer effects and the recommended solutions aren't helping. Some of those tools listed do detect rootkits too so maybe its just me being overly cautious for people. I find "fixtdss" program to be very useful in detecting infected mbrs.