The internet is about to become inaccessible for nearly half a million people around the world because of malware called DNSChanger. If your computer is infected with DNSChanger, it won't be able to get on the internet. Here's how to get rid of it and make sure the internet still works for you.
It's important to note that even though half a million blocked internet users sounds like a lot, that number is a pretty small subset of the entire world's internet-connected population. Chances are you're not affected by this at all. Seriously, you're probably not. Really, you should be safe. But like any annoying virus, real or digital, it's a good idea to check yourself and your computer out anyway. Safe computing is underrated, you know. And using your computer without the internet is a sad existence: no more Facebook-crawling, no more Gchatting, no more meme-spotting. You don't want that to happen to you.
Check Your Computer
Checking if your computer has been affected with DNSChanger is easy, all you have to do is go to the website DNS-ok.gov.au run by the Australian government right here. If the site is green and says you're good to go, you have nothing more to worry about. It's that easy. DNSChanger only affects PC and Mac OS X computers. Linux machines and mobile devices are in the clear.
If you're among the unlucky that are affected though, then you've got some fixing to do. According to FBI estimates, hundreds of thousands of computers around the world will get screwed out of the internet because of DNSChanger. You're not alone.
What Is DNS Changer?
The way the malware works is by redirecting computers to rogue DNS servers instead of the normal servers specified by ISPs. DNS servers are like the translators of the internet. It converts website names to IP addresses, and it takes the website names you put in, finds that website's server and then connects you with that website. The DNS Changer malware was sending people to different, malicious servers without you even knowing.
The FBI saw what was happening and stepped in, arresting the team behind DNSChanger and replacing the malicious servers DNSChanger was redirecting computers to with new, clean and temporary servers. It was a Band-Aid solution that worked but will stop working on July 9 because those temporary FBI-run servers will be shut down by the courts.
How Do I Get DNS Changer Off My Computer?
The wonderful problem fixers at Naked Security have a good video explainer on what you should be looking for, how it got there, and how to get it off your computer and your router. It's a good place to start for visual instructions on a fix.
Additionally, according to the DNSChanger Working Group (DCWG), you can use these tools to fix your computer too:
- Hitman Pro (32bit and 64bit versions)
- Kaspersky Labs TDSSKiller
- McAfee Stinger
- Microsoft Windows Defender Offline
- Microsoft Safety Scanner
- Norton Power Eraser
- Trend Micro Housecall
There is a possibility that you may have to reformat your hard drive and reinstall your operating system, but let's hope one of those tools above can fix the problem. DCWG's general instructions on cleaning your computer are important to follow in this situation too:
- The first thing you want to do is make a backup of all of your important files. You might go to a computer store or shop online for a portable hard drive and copy all of your files onto that drive.
- Either you or a computer professional that you rely upon and trust should follow the "self help" malware clean up guides listed below. The goal is to remove the malware and recover your computer from the control of the criminals that distributed it. If you were already thinking of upgrading to a new computer, now may be a good time to make the switch.
- Once you have a clean computer, follow instructions for ensuring that your DNS settings are correct. If you're not using a new computer, you'll want to check that your computer's DNS settings are not still using the DNSChanger DNS servers. We hope to have some of our own instructions soon. Until then, the instructions and screenshots found in step 2 at http://opendns.com/dns-changer are quite good if you want to manually set your DNS settings. You also have the option to return to using your ISP-provided automatic settings by choosing the "automatically" option (Windows) or deleting any DNS servers listed (Mac).
- After you have fixed your computer, you will want to look at any home router you're using and make sure they automatically use DNS settings provided by the ISP. We'll have a document for this soon.
- Changing DNS is only one of the functions of the malware kits. The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media. It would be a good idea to check your bank statements and credit card statements, as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.
After your computer is clean, you can go back to enjoying all the internets you know and love. Again, the DNSChanger malware only affects a fraction of the internet population, but if it affects you, make sure you fix it now. [DCWG, Naked Security, PCMag]