DNSChanger malware is DNS changing virus that directs your computer to malicious Domain Name Servers, (the specialized servers that translate a web site name (jasonpalmer.com) in to a web site address (188.8.131.52) so your computer can find the web site), instead of the legitimate Domain Name Services provided by your Internet Service Provider. The DNSChanger virus was created by a group of cyber criminals known as “Rove Digital.”
These malicious DNS servers would give back fraudulent information with altered search results, or directing users to sites with fake and dangerous products. Because every search starts with a DNS query, DNSChanger provided a completely different, and usually bad, Internet experience to infected users.
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. In an effort not to disrupt the hundreds of thousands of users affected, under a court order which expires Monday, July 9, the Internet Systems Consortium has been operating replacement DNS servers for the Rove Digital network. This was to allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
Now that July 9th is upon us, the day that these special temporary servers are set to shut down, there are still over 277,000 machines worldwide with over 64,000 in the United States that have yet to be cleaned and disinfected of the DNSChanger virus.
The DNSChange Working Group at http://www.dcwg.org was setup specifically to address the detection of, fix for, and protection against the DNSChanger malware virus.
Visit: http://www.dns-ok.us where the site will tell you are if you are or are not infected
• No Software is Downloaded! The tools do not need to to load any software on your computer to perform the check.
• No changes are performed on your computer!
• No scanning! The “are you infected with DNS Changer” tool does not need to scan your computer.
If you think your computer is infected with DNS Changer or any other malware, please refer to the security guides from your operating system or the self -help references from our fix page (http://www.dcwg.org/fix).
Of course, if on July 10th, you can no longer access the Internet and get “Page Not Found” no matter what web site you try to visit, then there is a good chance that you ignored this post and you are probably infected with the DNSChanger malware virus.
There is a wealth of information at the http://www.dcwg.org site regarding both automated and manual tests for the DNSChanger malware virus as well as resources for disinfection and protection.
If you find that you are infected, are unable to remove the virus using the resources available at the DCWG, please feel free to contact me directly via my contact page for assistance.