What's the DNSChanger malware and how to clean it? » YugaTech

What’s the DNSChanger malware and how to clean it?

PLDT and Smart are asking their subscribers to check if their respective computers are infected by a malware called DNSChanger before July 9, 2012 as it may have long-term effects that may render your computer useless for browsing the web.

The DNSChanger belongs to the Zlob Trojan virus family which caused quite a stir in the US last year. The FBI has taken actions against it announced that theyâ€™ve found the source of the virus and shut down the operation November of last year.

Another DNS server were then setup to replace the malicious server for a certain period of time to give enough leeway for users to clean up their infected computer/s. But by July 9, the authorities will be pulling the cord on the temp servers and users with computers which are still infected will not be able to surf the net.

To check if your computer is infected follow these simple steps courtesy of PLDT-Smart:
Manual Checking/Detection

Windows

Click Start
1. Open the Command Window
2. (For Windows 7) Type cmd at the search bar
3. (For Windows XP) Click Run, then type cmd at the bar
4. Type ipconfig /all
5. Search for the DNS Servers section

Mac OS X

1. Click the Apple icon an the top left of the screen
2. Select System Preferences
3. Locate the â€œNetworkâ€ icon
4. Read the â€œDNS Serverâ€ line

Alternatively, subscribers may also visit the following sites to their system checked automatically.

http://www.dns-ok.us/
http:// dnschanger.detect.my

Ensure that the DNS Servers are not within the following range of Internet Protocols (IPs):

* 85.255.112.0 through 85.255.127.255
* 67.210.0.0 through 67.210.15.255
* 93.188.160.0 through 93.188.167.255
* 77.67.83.0 through 77.67.83.255
* 213.109.64.0 through 213.109.79.255
* 64.28.176.0 through 64.28.191.255

If the DNSChanger is detected, users may then use any of the following software to clean the infection:

â€¢ Hitman Pro (32bit and 64bit versions)
â€¢ Kaspersky Labs TDSSKiller
â€¢ McAfee Stinger
â€¢ Microsoft Windows Defender Offline
â€¢ Microsoft Safety Scanner
â€¢ Norton Power Eraser
â€¢ Trend Micro Housecall
â€¢ MacScan
â€¢ Avira’s DNS Repair-Tool

Even though Iâ€™m pretty sure that my PC is not infected, I still tried to do the manual detection as well as the automatic one (http://www.dns-ok.us/) just to be safe. We suggest you do it as well. Be sure to check your PC before the said date to avoid future inconvenience. It pays to be safe.

Ronnie Bulaong

This article was written by Ronnie Bulaong, a special features contributor and correspondent for YugaTech. Follow him on Twitter @turonbulaong.

https://www.yugatech.com

5 Comments

web1.fairfield-h. says:

12 years ago

Nice answers in return of this query with real arguments and explaining all about
that.
- Reply
Maria says:

12 years ago

I’ve visited both sites mentioned on the article and both says my computer is OK. Thanks for letting us know about this.
- Reply
balasubas says:

12 years ago

So when did PLDT start asking their subscribers about this? I am a PLDT user but I did not get any email or phone call from them, although I’m pretty sure I’m free from this virus.
- Reply
JM says:

12 years ago

There are tons of DNS changers currently in the wild, and I think the one used in the cybercriminal operation that got busted late last year is a different one. :)

Infection can also be verified here: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

Btw, Trojans are different from viruses :) Trojans do not have the capability to spread by themselves; viruses do.
- Reply
kouya1304 says:

12 years ago

Im doing this everyday just to make sure :D
- Reply