Internet user, be aware. Your internet connection may be affected and could stop working due to a virus, DNS Changer Virus, Which has corrupted million of computers in more than 100 countries and millions of internet users. In November 2011, six cyber criminals were arrested for running a sophisticated internet fraud ring that infected millions of computers worldwide with the DNS Changer which enabled them to manipulate the multibillion dollar Internet advertising industry. The criminals told that they had stolen $14 million, but the actual amount may larger because the banks are typically reluctant to reveal how much they have lost. The US Federal Bureau of Investigation (FBI) has already started two-years special investigation which code name is Operation Ghost Click.
What is DNS?
DNS stands for Domain Name System. It is an internet service that converts user-friendly domain names into the numerical Internet Protocol (IP) address which computer system uses to talk to each other. Both DNS and DNS servers are a critical component of user computer’s operating environment. Users would not able to access websites, send emails or use any other Internet service without them. When you enter a domain name which is like www.xyz.com in your web browser’s address bar, your computer contacts DNS servers to determine the site’s IP address. Then your computer uses this IP address to access the website. Actually Internet Service Providers (ISP) operates the DNS servers and these included in your computer’s configuration.
What is DNS Changer?
DNS Changer is a Trojan virus which has a small size of about 1.5 KB. This changes the infected system’s DNS setting in order to divert the traffic to unsolicited and potentially illegal sites. This Trojan is designed to change the “Name Server”. Registry key value to a customer IP address is usually encrypted in the body of Trojan. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or interfere with the user’s online web browsing.
DNS Changer virus causes a computer to use rogue DNS servers in one of following two ways:
1) It changes the computer’s DNS server setting to replace the ISP’s good DNS setting with rogue DNS IP addresses operated by the criminals.
2) It attempts to access devices on the victims office or home network that run a Dynamic Host Configuration protocol (DHCP) server (example- Router). The malware attempts to access the user’s router using common default user names and password. These are usually ‘admin’ and ‘admin’ respectively. It converts the original DNS setting these devices use to rogue DNS setting that is operated by the criminals. This is a change that impacts all computers on the corporate network.
If your ISP’s DNS server is infected then you will be also affected. How do you know whether your computer is infected or not? It is the best idea to have it evaluated by a professional. You can also check it yourself in Windows XP/7 by going to the Start menu—Run—cmd . At the command prompt enter ipconfig/all. Now look for the result that shows “DNS Servers………..”. The DNS numbers are in the format of nnn.nnn.nnn.nnn where nnn is a number from 0 to 255. Make a note of IP address for DNS servers and compare them to the table of known DNS servers which are shown below.
Make a note of IP address for DNS servers and compare them to the table of known DNS servers which are shown below.
- 126.96.36.199 through 188.8.131.52
- 184.108.40.206 through 220.127.116.11
- 18.104.22.168 through 22.214.171.124
- 126.96.36.199 through 188.8.131.52
- 184.108.40.206 through 220.127.116.11
- 18.104.22.168 through 22.214.171.124
If you are using a MAC, then click on the Apple’s symbol in the top left corner and choose System Preferences, then Network and click on the Advanced button. Choose the DNS tab on the top to show the DNS servers you are using. There is a special website which is www.dnsok.de to check if your ISP’s DNS requests are made to the right places. This site tells you if you are affected by the DNS Changer virus or not.
How to repair if your computer is infected by DNS Changer
Well, if your pc is infected by rogue DNS, you can use Avira DNSRepair tool. This tool can be downloaded from www.avira.com/files/support/GAQ_KB_Download_Files/EN/AviraDNSRepairEN.exe .