DNS Changer Malware: How to “Fix” Your Computer if Affected
Should you test positive for the DNSChanger malware, or just want to “make sure” you aren’t affected, there are now free tools available from respected AV and computer security experts that are available for download. [See this earlier post for test sites]
If you think you have been affected by this malware, you do need to fix your computer. The malware tool kits used that change your computer’s DNS settings are very pervasive. Initially, the only way researchers could ensure that a machine was fixed was to reformat the hard drive and reinstall the operating system from scratch. The malware affected the boot blocks on the hard disk of the computer, so even if people just reverted their operating system to a prior backup, the malware could reclaim the PC. Later on, several anti-malware software companies came up with fixes that removed software correctly. Some of them are listed below.
In addition to modifying your computer’s DNS settings, the malware also looked for home routers to which the computer was attached and modified their DNS settings as well. Not only were the infected computers using rogue DNS services, but other devices in the household or office as well, including wifi-enabled mobile phones, tablets, smart HDTVs, digital video recorders, and game consoles. The criminals would change the web content that users downloaded to suit their needs and make money.
Below are some steps to follow:
- The first thing you want to do is make a backup of all of your important files. You might go to a computer store or shop online for a portable hard drive and copy all of your files onto that drive.
- Either you or a computer professional that you rely upon and trust should follow the “self help” malware clean up guides listed below. The goal is to remove the malware and recover your PC from the control of the criminals that distributed it. If you were already thinking of upgrading to a new computer, now may be a good time to make the switch.
- Once you have a clean PC, follow instructions for ensuring that your DNS settings are correct. If you’re not using a new PC, you’ll want to check that your computer’s DNS settings are not still using the DNS Changer DNS servers. We hope to have some of our own instructions soon. Until then, the instructions and screen shots found in step 2 at http://opendns.com/dns-changer are quite good if you want to manually set your DNS settings. You also have the option to return to using your ISP-provided automatic settings by choosing the “automatically” option (Windows) or deleting any DNS servers listed (MacOS).
- After you have fixed your computer, you will want to look at any home router you’re using and make sure they automatically use DNS settings provided by the ISP. We’ll have a document for this soon.
- Changing DNS is only one of the functions of the malware kits. The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media. It would be a good idea to check your bank statements and credit reports as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.
How can you fix, remove, and recover from a DNS Changer Violation?
Please take immediate steps to safe guard your computer and data if any of the test indicate that you might be violated with DNS Changer. If the Check-Up Site indicates that you are affected then either follow the instructions on that site or run one of the following free tools listed below to remove DNSChanger and related threats:
|Name of the Tool||URL|
|Hitman Pro (32bit and 64bit versions)||http://www.surfright.nl/en/products/|
|Kaspersky Labs TDSSKiller||http://support.kaspersky.com/faq/?qid=208283363|
|Microsoft Windows Defender Offline||http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline|
|Microsoft Safety Scanner||http://www.microsoft.com/security/scanner/en-us/default.aspx|
|Norton Power Eraser||http://security.symantec.com/nbrt/npe.aspx|
|Trend Micro Housecall||http://housecall.trendmicro.com|
|Avira||http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199 Avira’s DNS Repair-Tool|
How can I use these tools to clean my computer?
Each of these tools has instructions for their use. BUT, the best recommendation is to use one of the proven “self help” malware clean up guides – using several tools to insure you clean all the infections from your computer. Most malware will disable your software and anti-virus updates. The procedures below address that problem, using several tools to remove the blocks, remove the malware, and then update your computer.
|Guide||How to Use||Language|
|Microsoft’s Safety and Security Center||Microsoft’s authoritative portal for all their security guidance, tools, and capabilities.||English|
|Apple’s Security Page with pointers to keep your MAC safe||Scroll down to the section on “Checking Security in your System.” This has the pointers to insure your MAC is as secure as possible.||English|
|DSL Report’s Security Cleanup FAQ||A community driven self help guide to fix malware problems on your systems.||English|
|Andrew K’s Malware Removal Guide||Andrew K is an individual who share’s his experience on-line. This guide is an often referenced guide to remediate malware problems on a computer.||English|
|Public Safety Canada’a Malware Infection Recovery Guide||The Canadian Public Safety office (publicsafety.gc.ca) has a malware removal guide updated and focused to help the general population.||English|
|Australia’s Stay Smart Online Factsheet to help Remove Malware||Stay Smart Online Factsheet 11, Part 1 – You suspect your computer is infected with malicious software – what should I do?||English|
Source: DNSChanger Work Group