DNS Changer is a Trojan horse, which is commonly disguised as a video codec and is distributed in many other various forms. When it’s downloaded and installed, it starts changing the computers DNS addresses to Rove Digital domain name server and redirects all user traffic to malicious websites, alters user searches, replaces ads. Nonetheless, it’s very important for users to check their PC’s if they’re not infected by this DNS Changer malware. Although FBI took over those name servers and the traffic from infected computers is redirected to the real sites, you still shouldn’t be infected by a virus. FBI won’t be providing this service forever. Most likely, it will discontinue it on the 8th of March 2012. Then the infected computers will not be able to reach or find anything on the web, because all their traffic will be redirected to dead servers, or won’t be redirected at all. And the DNS Changer doesn’t come alone – it installs other Trojans, like Trojan.Fakealert or Trojan.Generic. It even blocks your anti-virus software and hides the security updates, which leaves you open for new infections in the internet.
So, how do we check if it’s on our computer?
The easiest way is to follow to one of three websites, which checks your name servers and tells you, if it’s on the rogue name servers list. You can find them here:
dns-ok.us (United States)
dns-ok.de (Germany)
dns-ok.fi (Finland)
If you get a Red sign – your computer is probably infected with the DNS Changer Trojan.
Green means you’re computer is looking up IP addresses correctly.
Another way is to visit FBI’s website, and enter your DNS name servers there – https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
if you get a notification saying “Your IP corresponds to a known rogue DNS server” You’re probably infected by DNS Changer.
The third way is to manually check your DNS name servers and compare them to the table below:
Infected IP
from | To |
77.67.83.1 | 77.67.83.254 |
85.255.112.1 | 85.255.127.254 |
67.210.0.1 | 67.210.15.254 |
93.188.160.1 | 93.188.167.254 |
213.109.64.1 | 213.109.79.254 |
64.28.176.1 | 64.28.191.254 |
Also you can check this document, it has useful information on how to check your DNS settings and see if you’re using the bad ones. http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
Finally, you can check your router. Compare your routers DNS servers to the servers on the table above. If you find one or several from infected range – DNS Changer most likely has infected your PC.
User Guides on restoring DNS settings to default:
How to disable DNS Changers servers on Windows XP?
You should go to Start > Control Panel > Network Connections and select your local network.
Then right-click Properties, then select Internet Protocol (TCP/IP).
Right-click again and select Properties.
Click Properties and select Obtain DNS server address automatically.
Then click OK to save the changes. That’s it! DNS Changer servers are disabled.
How to disable DNS Changers servers on Windows 7?
Go to Control Panel.
Click Network and Internet, then Network and Sharing Center, and click Change adapter settings.
Right-click Local Area Connection, and click Properties.
Select the Networking tab. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and then click Properties.
Click Advanced and select the DNS tab. Select Obtain DNS server address automatically and click OK to save the changes. That’s it! DNS Changer servers are disabled.
How to defend your computer and remove the DNS Changer Trojan?
Check this page:
https://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
When you finish these guides, you can be sure that your computer is using the right DNS servers and is free from DNS Changer malware.