ShyWriter

DNS CHANGER removal tools..

10 posts in this topic

ID: 1   Posted (edited)

.

hKhhF.jpg

(Partial excerpt from FORBES' article on this subject)

[...]

DNS CHANGER removal tools..

The DNS Changer Working Group (DCWG), the that’s been maintaining care of the servers since their seizure, has created a website that allows you check if your computer is infected and, if it is, remove the DNSChanger malware.

Back in January of this year the DCWG estimated that some 450,000 systems were still infected with DNS Changer.

If you are infected there are a whole host of removal tools available. Here is a listing:

[...]

SOURCE: http://www.forbes.co...cess-come-july/

EDIT: Malwarebytes also protects as well as scans for this problem (per Exile360 - thanks Samuel)

Steve

Edited by ShyWriter

Share this post


Link to post
Share on other sites

.

Thanks Firefox.. Unfortunately I run across quite a bit more information/news/help than I can safely post (without getting yelled at :)) so it's doubly nice when I pick out a good one.

Steve

Share this post


Link to post
Share on other sites

Great Thanks!

TH

Share this post


Link to post
Share on other sites

Thanks for the thanks, guys.. It's greatly appreciated as I'm not in the running for MBAM's Taco give-away.. only 4462 posts.. Day late and 538 short.. *snif*

:P:D:lol:

Steve

Share this post


Link to post
Share on other sites

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

Thanks, love your product!

Share this post


Link to post
Share on other sites

I have been cleaning virus infected computers for years, like many of you, and I was wondering if the dns changer that's infecting everyone might come in two flavors. One being the standard version which all of these programs may detect, and the second being a boot-time (less common but I've seen it in the past) infected mbr which may reload or reinfect with the first option. Does this sound at all plausable or is it not possible/checked for?

It's certainly possible, as what you're describing sounds like a rootkit. There are many such rootkits that will redirect a user's system to a malicious DNS server, similar to how the above described infection does.

Share this post


Link to post
Share on other sites

There were a few basic variants.

One that changed the DNS table on a PC

One that changed the DNS table on a PC and poorly secured SOHO Routers

One that changed the DNS table on a PC and had protective rootkit constructs in earlier versions and later teamed with TDSS.

EDIT:

If I remember correctly the web site that pushed DNSChanger variants would look at the Browser User-Agent and subsequently foisted a DMG for Apple computers and a EXE to Windows computers.

Share this post


Link to post
Share on other sites

thanks for the quick reply. I think that may be useful info for people. Especially if they are experiencing persistant dns changer effects and the recommended solutions aren't helping. Some of those tools listed do detect rootkits too so maybe its just me being overly cautious for people. I find "fixtdss" program to be very useful in detecting infected mbrs.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.