DNS changer virus --help

You’re looking for information on how to clean up or fix malicious software (“malware”) associated with DNS Changer.  It’s possible that either your computer or your home router has been modified to use resources once controlled by criminals to redirect your traffic.  You can find more information about this malware on our main page:

• http://www.dcwg.org

or visiting the FBI page about DNS Changer:

• http://www.fbi.gov/news/stories/2011/november/malware_110911

If you think you have been affected by this malware, you do need to fix your computer.  The malware tool kits used that change your computer’s DNS settings are very pervasive.  Initially, the only way researchers could ensure that a machine was fixed was to reformat the hard drive and reinstall the operating system from scratch.  The malware affected the boot blocks on the hard disk of the computer, so even if people just reverted their operating system to a prior backup, the malware could reclaim the PC.  Later on, several anti-malware software companies came up with fixes that removed software correctly. Some of them are listed below.
In addition to modifying your computer’s DNS settings, the malware also looked for home routers to which the computer was attached and modified their DNS settings as well.  Not only were the infected computers using rogue DNS services, but other devices in the household or office as well, including wifi-enabled mobile phones, tablets, smart HDTVs, digital video recorders, and game consoles.  The criminals would change the web content that users downloaded to suit their needs and make money.
Below are some steps to follow:

1. The first thing you want to do is make a backup of all of your important files.  You might go to a computer store or shop online for a portable hard drive and copy all of your files onto that drive.
2. Either you or a computer professional that you rely upon and trust should follow the “self help” malware clean up guides listed below.  The goal is to remove the malware and recover your PC from the control of the criminals that distributed it.  If you were already thinking of upgrading to a new computer, now may be a good time to make the switch.
3. Once you have a clean PC, follow instructions for ensuring that your DNS settings are correct.  If you’re not using a new PC, you’ll want to check that your computer’s DNS settings are not still using the DNS Changer DNS servers.  We hope to have some of our own instructions soon.  Until then, the instructions and screen shots found in step 2 at http://opendns.com/dns-changer are quite good if you want to manually set your DNS settings.  You also have the option to return to using your ISP-provided automatic settings by choosing the “automatically” option (Windows) or deleting any DNS servers listed (MacOS).
4. After you have fixed your computer, you will want to look at any home router you’re using and make sure they automatically use DNS settings provided by the ISP.  We’ll have a document for this soon.
5. Changing DNS is only one of the functions of the malware kits.  The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media.  It would be a good idea to check your bank statements and credit reports as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.

 

How can you fix, remove, and recover from a DNS Changer Violation?

Please take immediate steps to safe guard your computer and data  if any of the test indicate that you might be violated with DNS Changer. If the Check-Up Site indicates that you are affected then either follow the instructions on that site or run one of the following free tools listed below to remove DNSChanger and related threats:

Name of the Tool	URL
Hitman Pro (32bit and 64bit versions)	http://www.surfright.nl/en/products/
Kaspersky Labs TDSSKiller	http://support.kaspersky.com/faq/?qid=208283363
McAfee Stinger	http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
Microsoft Windows Defender Offline	http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Microsoft Safety Scanner	http://www.microsoft.com/security/scanner/en-us/default.aspx
Norton Power Eraser	http://security.symantec.com/nbrt/npe.aspx
Trend Micro Housecall	http://housecall.trendmicro.com
MacScan	http://macscan.securemac.com/
Avira	http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199 Avira’s DNS Repair-Tool

source:http://www.dcwg.org/fix/

How can I use these tools to clean my computer?

Each of these tools has instructions for their use. BUT, the best recommendation is to use one of the proven “self help” malware clean up guides – using several tools to insure you clean all the infections from your computer. Most malware will disable your software and anti-virus updates. The procedures below address that problem, using several tools to remove the blocks, remove the malware, and then update your computer.

Guide	How to Use	Language
Microsoft's Safety and Security Center	Microsoft's authoritative portal for all their security guidance, tools, and capabilities.	English
Apple's Security Page with pointers to keep your MAC safe	Scroll down to the section on "Checking Security in your System." This has the pointers to insure your MAC is as secure as possible.	English
DSL Report’s Security Cleanup FAQ	A community driven self help guide to fix malware problems on your systems.	English
Andrew K’s Malware Removal Guide	Andrew K is an individual who share's his experience on-line. This guide is an often referenced guide to remediate malware problems on a computer.	English
Public Safety Canada’a Malware Infection Recovery Guide	The Canadian Public Safety office (publicsafety.gc.ca) has a malware removal guide updated and focused to help the general population.	English
Australia’s Stay Smart Online Factsheet to help Remove Malware	Stay Smart Online Factsheet 11, Part 1 - You suspect your computer is infected with malicious software - what should I do?