The DNSChanger Malware was a Trojan Virus that infected millions of computers from 2007 until 2011. Once the malware infected a computer, it changed the computer’s DNS configuration to point to some rogue DNS Servers. The rogue servers redirected certain websites to advertisers, injected advertisements on most websites, and, among other things, blocked access to antivirus software websites or sites that helped with the disinfection of the computer.
Last year, in November 2011, the FBI seized these rogue DNS servers. The FBI was concerned that millions of people would lose internet access if they just shut down these servers. So they obtained a court order allowing them to contract with the Internet Systems Consortium to install some interim servers that could handle DNS requests from infected computers.
The FBI intends to bring these temporary DNS servers offline on July 9th 2012. This means that any computers still infected with the DNS Changer Malware will not be able to reach a DNS Server to resolve names, and thus will not be able to reach any websites. More information can be found on this FBI.Gov page.
To detect if your computer has been infected with the DNS Changer Malware see the information on the following Link.
Alternatively you can visit the following site http://www.dns-ok.us/
If you think you are infected, the information on the following link will help you clean your computer http://www.dcwg.org/fix/
What’s worked for me in the past is a combination of Kaspersky’s TDSSKiller and Malwarebytes. If you are infected, you probably won’t be able to download the tools. So you may need to get those tools using a computer that isn’t infected. Once you get the tools, boot into safe mode and run TDSSKiller. Once the computer restarts run Malwarebytes.
If you encounter problems or need help removing the infection, let me know, and I may be able to help.
Until next time.