Jump to content


Photo

DNS CHANGER removal tools..


  • Please log in to reply
9 replies to this topic

#1 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,509 posts
  • Gender:Male

Posted 23 April 2012 - 10:13 AM

.
Posted Image

(Partial excerpt from FORBES' article on this subject)

[...]

DNS CHANGER removal tools..

The DNS Changer Working Group (DCWG), the that’s been maintaining care of the servers since their seizure, has created a website that allows you check if your computer is infected and, if it is, remove the DNSChanger malware.

Back in January of this year the DCWG estimated that some 450,000 systems were still infected with DNS Changer.

If you are infected there are a whole host of removal tools available. Here is a listing:[...]

SOURCE: http://www.forbes.co...cess-come-july/

EDIT: Malwarebytes also protects as well as scans for this problem (per Exile360 - thanks Samuel)

Steve

Edited by ShyWriter, 23 April 2012 - 03:57 PM.


#2 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,118 posts
  • Gender:Male
  • Location:USA

Posted 23 April 2012 - 10:41 AM

Nice article... thanks for sharing...

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#3 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,509 posts
  • Gender:Male

Posted 23 April 2012 - 03:49 PM

.
Thanks Firefox.. Unfortunately I run across quite a bit more information/news/help than I can safely post (without getting yelled at :)) so it's doubly nice when I pick out a good one.

Steve

#4 hayc59

hayc59

    Elite Member

  • Moderators
  • PipPipPipPipPip
  • 947 posts
  • Gender:Male
  • Location:I'm Your Huckleberry

Posted 27 April 2012 - 03:51 PM

Nice and thanks!!

Posted Image
9.11.01
'Never Forget'
Moderator-Beta Tester @
Outpost Users Support Forum

Microsoft® MVP Consumer Security-13


#5 Triple Helix

Triple Helix

    Expert

  • Experts
  • PipPip
  • 76 posts
  • Gender:Male
  • Location:Ontario, Canada
  • Interests:Windows Security, NASCAR, Blue Jays Baseball

Posted 27 April 2012 - 04:28 PM

Great Thanks!

TH

Triple Helix

asapvip.png

 

MVPgif.png Microsoft® MVP Consumer Security

 

Webroot Community Forums Silver VIP & Sr. Expert Advisor


#6 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,509 posts
  • Gender:Male

Posted 28 April 2012 - 12:57 AM

Thanks for the thanks, guys.. It's greatly appreciated as I'm not in the running for MBAM's Taco give-away.. only 4462 posts.. Day late and 538 short.. *snif*

:P :D :lol:

Steve

#7 redmane1981

redmane1981

    New Member

  • Members
  • Pip
  • 2 posts

Posted 04 May 2012 - 09:18 AM

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

Thanks, love your product!

#8 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,030 posts
  • Gender:Male

Posted 04 May 2012 - 09:37 AM

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

It's certainly possible, as what you're describing sounds like a rootkit. There are many such rootkits that will redirect a user's system to a malicious DNS server, similar to how the above described infection does.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,268 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 04 May 2012 - 09:57 AM

There were a few basic variants.

One that changed the DNS table on a PC

One that changed the DNS table on a PC and poorly secured SOHO Routers

One that changed the DNS table on a PC and had protective rootkit constructs in earlier versions and later teamed with TDSS.

EDIT:

If I remember correctly the web site that pushed DNSChanger variants would look at the Browser User-Agent and subsequently foisted a DMG for Apple computers and a EXE to Windows computers.
David H. Lipman
DLipman@Verizon.Net

#10 redmane1981

redmane1981

    New Member

  • Members
  • Pip
  • 2 posts

Posted 04 May 2012 - 11:54 AM

thanks for the quick reply. I think that may be useful info for people. Especially if they are experiencing persistant dns changer effects and the recommended solutions aren't helping. Some of those tools listed do detect rootkits too so maybe its just me being overly cautious for people. I find "fixtdss" program to be very useful in detecting infected mbrs.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users