Jump to content

DNS CHANGER removal tools..

ShyWriter

By ShyWriter
in General Windows PC Help

 Share

Recommended Posts

ShyWriter

ShyWriter

Posted
Posted (edited)

.

hKhhF.jpg

(Partial excerpt from FORBES' article on this subject)

[...]

DNS CHANGER removal tools..

The DNS Changer Working Group (DCWG), the that’s been maintaining care of the servers since their seizure, has created a website that allows you check if your computer is infected and, if it is, remove the DNSChanger malware.

Back in January of this year the DCWG estimated that some 450,000 systems were still infected with DNS Changer.

If you are infected there are a whole host of removal tools available. Here is a listing:

[...]

SOURCE: http://www.forbes.co...cess-come-july/

EDIT: Malwarebytes also protects as well as scans for this problem (per Exile360 - thanks Samuel)

Steve

Edited by ShyWriter
Link to post
Share on other sites
redmane1981

redmane1981

Posted
Posted

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

Thanks, love your product!

Link to post
Share on other sites
exile360

exile360

Posted
Posted

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

It's certainly possible, as what you're describing sounds like a rootkit. There are many such rootkits that will redirect a user's system to a malicious DNS server, similar to how the above described infection does.
Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

There were a few basic variants.

One that changed the DNS table on a PC

One that changed the DNS table on a PC and poorly secured SOHO Routers

One that changed the DNS table on a PC and had protective rootkit constructs in earlier versions and later teamed with TDSS.

EDIT:

If I remember correctly the web site that pushed DNSChanger variants would look at the Browser User-Agent and subsequently foisted a DMG for Apple computers and a EXE to Windows computers.

Link to post
Share on other sites
redmane1981

redmane1981

Posted
Posted

thanks for the quick reply. I think that may be useful info for people. Especially if they are experiencing persistant dns changer effects and the recommended solutions aren't helping. Some of those tools listed do detect rootkits too so maybe its just me being overly cautious for people. I find "fixtdss" program to be very useful in detecting infected mbrs.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.