Jump to content


Photo

whats with this DNS changer malware on monday 7/9/12?


  • Please log in to reply
11 replies to this topic

#1 jrutter

jrutter

    New Member

  • Members
  • Pip
  • 1 posts

Posted 05 July 2012 - 02:05 PM

hey all,

perhaps this has been previously covered on this forum..........

there is supposed to be a DNS changer malware that the FBI has been involved in
and I'm told that if this malware is on my pc then I will lose internet connection next monday

is this for real????

#2 ccorwin

ccorwin

    New Member

  • Members
  • Pip
  • 3 posts

Posted 05 July 2012 - 02:39 PM

I have also seen several media outlets reporting on this. My question is, Does MalwareBytes effectively search for and elliminate this virus/malware? I have also seen a link to a website that is supposed to be an agency working with the FBI to help people search their system for the malware...

#3 ccorwin

ccorwin

    New Member

  • Members
  • Pip
  • 3 posts

Posted 05 July 2012 - 02:42 PM

dcwg.org is the website that I have found that will check your PC for the malware... supposedly working with FBI

#4 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 05 July 2012 - 03:22 PM

Hello and welcome to Malwarebytes

Yes the information is correct. They have supplied you with methods to test your system for this as well.
You can also have someone assist you here to check your system for rootkits or other potentially hidden malware.



If you think you are infected, here are the steps needed to get your computer cleaned....
Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:
  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support
OPTION 1


As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the
Malware Removal forum so a qualified helper can help you fix any malware related problems or infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.
NOTE: Please do not post back to (bump) your topic within the first 48 hours.
Replying to your own posts changes the post count and helpers are looking for topics with zero replies.
If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

  • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    Or
  • You may send a Private Message to a Moderator asking for assistance.
OPTION 2


Alternatively, as a paying customer, you can contact the help desk here


OPTION 3


If you would like to use our Malwarebytes Premium Consumer Services partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site.


Please be patient, someone will assist you as soon as possible.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#5 gerardwil

gerardwil

    True Member

  • Experts
  • PipPipPipPip
  • 451 posts
  • Gender:Male
  • Location:The Netherlands

Posted 06 July 2012 - 09:23 AM

For more info:

http://www.networkwo...rity_2012-07-06
Gerard

#6 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,222 posts
  • Gender:Male

Posted 06 July 2012 - 02:14 PM

Also malwarebytes will remove this on the computer end. It is a good idea to scan your setup at the dcwg.org site as this can also change settings in a router if you use one. That being said we haven't seen any removals recently in reports.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#7 sharonsss

sharonsss

    New Member

  • Members
  • Pip
  • 2 posts

Posted 06 July 2012 - 04:09 PM

Sorry to sound dense about this, but I'm still not sure whether Malwarebytes (the FREE version) checks for this DNS changer malware. I've checked my PC at more than one "checker" site (all found on the FBI's official web site), and I always get a green background/banner/border/whatever that says it APPEARS I do not have the malware on my computer. But it ALSO says that if my "ISP is redirecting DNS traffic for its customers", my PC may STILL be infected.

One reply in this string just gives complicated instructions about how to remove the malware (I thought that Malwarebytes automatically removed malware when it found it in a scan). The last post says Malwarebytes DOES remove the DNS changer "on the computer end". I thought to myself, "what other end IS there?" It also says that it is a good idea to "scan your setup" at the dcwg.org site, "as this can also change settings in a router if you use one". Why would I want the dcwg to change my router settings?!

I have been running Malwarebytes free version for about 18 months now. It has never, EVER said that it found a single instance of malware. That's either very good (very lucky)...or the free program, which I DO update regularly, isn't really able to detect current malware programs.

#8 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,853 posts
  • Gender:Not Telling

Posted 06 July 2012 - 04:22 PM

Hi, sharonsss:

AFAIK, yes, even MBAM Free will pick this up (it's the same program with the same database as MBAM PRO -- it just doesn't offer real-time protection, scheduled scans/updates or incremental database updates).
If you've scanned your system with MBAM and at the recommended sites and you come up clean, you are likely just fine for this particular problem.
(There's a lot of FUD out on the internet about this... :angry: )

Additional information about the DNS changer can be found here:
http://forums.malwar...=1

No security program can possibly detect or remove 100% of the ever-changing malware that are out there.
However, in combination with a robust, up-to-date, real-time anti-virus (free or paid) and a good firewall (software and/or hardware), MBAM offers excellent layered, complementary protection.
So -- generally speaking -- it is a good thing that MBAM has never detected anything on your system.
If you are maintaining good, safe computer security practices, it is possible you've never been infected.

Speaking only as a home user with NO financial interest whatsoever, I can attest to the value of the nominal cost of a lifetime license for MBAM PRO precisely b/c of the advantages (ESPECIALLY real-time protection) that it offers.
PREVENTING a malware infection is far better, easier and ultimately cheaper than trying to remove one and/or recover one's lost data.
Strictly JMHO.

HTH,

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#9 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 06 July 2012 - 04:22 PM

What symptoms of malware are you experiencing on your computer??

"as this can also change settings in a router if you use one". Why would I want the dcwg to change my router settings?!

You're not reading it correctly. The implication is that malware can also do that.

Scan at the dcwg site.. your router may be infected, which MBAM does not scan for, to the best of my knowledge.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,853 posts
  • Gender:Not Telling

Posted 06 July 2012 - 04:26 PM

What symptoms of malware are you experiencing on your computer??

Scan at the dcwg site.. your router may be infected, which MBAM does not scan for, to the best of my knowledge.


Thanks for the clarification, screen317. :)

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#11 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,222 posts
  • Gender:Male

Posted 06 July 2012 - 08:10 PM

Screen317 is correct. Malwarebytes can not fix a router if it is infected. If you have never detected this on your computer system then you are safe. It has to be installed on a computer first and your router has to be using default passwords for this to happen. Even then its incredibly rare.

Dcwg.org site will not change settings. Its just a tool to see if your dns is redirected. That's all it does.

What you saw is about your provider possibly having its dns corrupted on the servers. This simply would be incredibly rare and there is absolutely nothing you can do on your end about it.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#12 sharonsss

sharonsss

    New Member

  • Members
  • Pip
  • 2 posts

Posted 06 July 2012 - 10:15 PM

Thank you, to everyone, for helping to clarify what Malwarebytes does and doesn't do. I have not had any kind of errors or corruption on my PC...I was just reacting to all the news reports on TV today. I could not find a "scan" to run on the dcwg site, but I did find an explanation of how to manually check my PC. I got into CMD mode and checked the ipconfig /all information, comparing the addresses listed under DNS on my PC with a list of "bad" address ranges. I remember doing that about a year ago, after a newspaper article suggested it. So I think I can ignore all the disaster warnings on network news. Thanks for all you help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users