Computers with DNSChanger malware offline after July 9th,How do I fix it?

A U.S. judge has approved on Monday to FBI to wait 120 days before disabling the DNS servers. The new date of the DNS servers can now be switched off July 9.

You maynot be able after July 9, 2012  longer to use the Internet, if you become infected with the DNSChanger malware.

DNSChanger malware is that the DNS settings to customize your PC and / or your router to connect to the Internet. In the DNS servers specified settings are used to resolve Internet names (such ) to convert to a for a computer-understandable IP address(eq.

Because the DNS settings can be adjusted to a malicious server, you'll no longer on the real website of your bank, webmail service, or other site, but on a malicious page. Late last year, a large part of the rogue DNS servers by the U.S. FBI replaced by temporary servers or to refer you to the right websites.

On July 9, 2012, these temporary servers off. If your DNS settings still refer to these servers, you maynot from that moment no longer use the Internet.


DNSChanger Variants

  •  BAT.DnsChange.2 (Dr.Web)
  • BAT / DNSChanger.A (ESET)
  • BDS / Aacl.A (Avira)
  • DNSChanger! Dr (McAfee)
  • Dnschanger.HKVP (Norman)
  • Trojan.BAT.DNSChanger.a (Kaspersky)
  • Trojan.Batnari (Sybari)
  • Troj / DNSChan-MX (Sophos)
  • TROJ_DNSCHNG.J (Trend Micro)
  • Win-Trojan/Dnschanger.861696 (AhnLab)

How do I fix it?

Check the DNS settings of your computer or router. You can verify this by checking the site of the Computer Emergency Response Team of the Belgian government ( to visit on .

If you know what the DNS settings of your computer and router should be, can also make your own DNS settings and make any changes. If you are on the website the message that your computer is infected or if you've found that you DNS settings are incorrect, take the following actions:

Contact your ISP to the correct DNS settings to set.
It may be that the malware is still active on your computer, install or update your virus scanner and scan your PC for viruses.
Since this malware personal information is captured, we advise you to the passwords of websites you visit frequently change.

What can happen?

If your computer and / or your router is infected with this malware, then the DNS settings adjusted to a rogue server.

It will help you not on the real website of your bank, webmail service, or other site, but on a malicious page. On this page are then personal information, such as credentials, are captured and displayed ads to earn money. The captured personal information can be abused for sending spam, logging into your bank or other websites.

How can I prevent it?

For this and other malware removal and prevention you can take the following measures:

  • Install or update your virus scanner and scan your PC for viruses.
  • Update the virus regularly.
  • Make sure you always have the latest Microsoft, Apple or Linux security updates installed.
  • Be careful with the websites you visit and files you open. Open only sites or files from a trusted sender.
  • Set your router so that the settings from the Internet can not be changed and change the default password of your router.


Published by:

siavash's picture