DNS Changer: Fix it Before it Strikes

(First I’m going to explain a few things, you can scroll down to the removal steps if you’d like to skip the educational part that will make you a better person.)

I’ve been cleaning malware (the general term for trojans, viruses, and unwanted programs) for over 14 years now. I’ve seen the “Black Hat” hackers go through all sorts of fads trying to put a new spin on old exploits. There is truly “nothing new under the sun.”

Today I’ve heard quite a buzz about this next lap around the block called “DNS Changer” So I thought I’d do a little post on how to get rid of it before it has a chance to do its worst.

DNS refers to a set of servers out on the internet (Domain Name Servers). Everything on the internet has an identifying number called an IP address (there is no such computer called “google.com.” When you type “google.com” into an internet browser that request goes to a Domain Name Server and translates “google.com” into the IP Address for their server and points your request to San Francisco.

Typically your internet service provider (ISP) points you to a specific domain server automagically. But, there is a place in your computer that you can specify which DNS servers you want to use. The DNS Changer exploit just changes those settings so you can’t get online. First thing to do is to scan your computer to remove the virus then if you know someone who gets hit with this thing you can go HERE to help them out by showing them how to change their DNS settings back to something that works.

I’ve simplified this process down as much as I can (am going to). If you need more help you can ask in the comments section. If you think I’ve made a “mistake” go back to the top and start again reading every word on the page. If the “mistake” still exists make a comment and I’ll tell you where you went wrong 🙂

Install Malwarebytes and Scan Your Computer

  1.  Open Internet Explorer (or Firefox or Chrome) and type in the address malwarebytes.org Do not “search” for the page. There are many fakes and you could end up giving yourself a virus thinking that you are fixing one. Only go to the page malwarebytes.org by typing it into the address bar of the browser and pressing Enter (on the keyboard).
  2. Once at the website click one of the two buttons listed Buy Now (24.95) for active protection and ongoing support and you appreciate good hearted people who offer this great application to you. And click Download Now if you  are an opportunistic cheapskate.
  3. Having clicked Download Now (I knew you would) you will be directed to a “mirror” site- don’t freak out. Its expensive to serve big files so small companies use bigger companies to host the file for them just click the download link that you see.
  4. Your download will begin. Click Save and download the file to your desktop.
  5. When the file has finished downloading you can click on it from the desktop to start the install or if you are asked you can click Run from the Download Complete window.
  6. There will be a Security Warning, click Run.
  7. Choose your preferred language and click OK
  8. At the Setup window, click Next
  9. Change the setting to “I accept…” and click Next
  10. Click Next
  11. Don’t change anything about the destination. Click Next.
  12. Click Next
  13. Click Next
  14. Click Install
  15. Leave BOTH boxes checked and click Finish
  16. There will be a pause where nothing appears to be happening and then MWB will begin to update.
  17. There will be a message that informs you of the old version and the new version to which you just updated. These numbers may (should) be higher than pictured (that’s a good thing).
  18. There is now an option to do the right thing (Start Trial) or continue (Decline)
  19. Click the “Update” tab and then the “Check for Updates” button.
  20. Repeat the last step until you see this message:
  21. 1. Click the “Scanner” tab 2. Select “Perform quick scan” 3. Click the “Scan” button.
  22. The Scan will start below is a guide to what the software is doing. Information only.
  23. If Nothing Was Found: When done there will be a text file with the results, close it. Then click OK on the message that nothing was found and click the Exit button.
  24. If There Were Threats Found:  Click OK and Show Results
  25. Right Click one of the results and left click on “Check all items.” Scroll down the list and make sure everything found has a check mark then click Remove Selected.
  26. When finished removing the infections there will be a text log file detailing everything MWB did- close it (1) and click Yes to reboot your system(2). (If there is a piece of malware running MWB needs to reboot to remove it at start up. )
  27. If MWB found and removed any infections and you had to reboot to remove those infections go back to step 20 and repeat this process until MWB reports that your system is clear like in step 24.


2 thoughts on “DNS Changer: Fix it Before it Strikes

    • I don't know. Like I said to a friend that prompted this post yesterday. I haven't followed the trends in Virus infections, with good troubleshooting skills and tools they end up being the same. Like a Captain watching the walls of the fort- with the right defenses and soldiers most every attack is thwarted before it takes hold.

Say it