Is my Computer Infected? DNSChanger Woes
A member asks…
Hi Chris, I read about this computer virus called DNSChanger that can take over your PC’s web browser. Apparently, the FBI is really worried about it, and I read in some news stories that it is really bad. So my question is, I’ve got protection for my computer (AVG), should I be worried? Thanks! James and Tillie
Quick answer to your question – you need not worry, even though AVG likely didn’t protect you from this. EDIT: Please scroll down to the latest info
Y’know, it’s easy for news reporting agencies and individuals to create attention-grabbing headlines, but you need not worry too much. Yes, DNSChanger is real, it is a ‘trojan’ that could have redirected your web browser to websites other than what you typed in, but no, it is not a threat to you, at least now. Read below the fold for more detail on the history.
So why not worry? Awhile ago, law enforcement agencies took down the gang that perpetrated this trojan. In all, it infected about 4 million computers around the world (400k in the US alone), and many of these are still infected – the owners probably have no idea what happened.
What law enforcement did was take over the servers that were doing all the redirecting, and reset them to operate just like any of the other domain name servers around the world – to translate web addresses like www.PosiTek.net into the numeric address that corresponds to the web server of that website (in our case, that would be 67.222.42.55, the IP address of www.PosiTek.net).
So anyone infected would see no impact. At some point, the law enforcement agencies will likely shut down these servers (they cost money to maintain), but probably over time, and with some kind of warning to help folks get their systems back to normal.
If you want to see if your computer is infected, visit the DNSChanger Working Group’s website and follow the simple instructions. If you see the image like what’s at the top of this note (green background), then your system isn’t infected. If the background is red, then your computer is infected. The site has links to various things you can do to clean the infection off your computer (or you can use our services and we can help).Now please understand that some computer threats (like this one) can be very time-consuming to remove – this one is pretty nasty – it acts as a ‘rootkit’ that both hard to detect and hard to remove. One of the best ways we know of is to create a bootable CD/DVD or USB thumbdrive with Windows Defender Offline on it, startup your computer with that instead of Windows, then scan for and remove anything it finds. This sounds simple, but can be a bit complicated.
There are tools you can purchase which can make the job easier on you, check the DCWG website to see what’s available and what they suggest. We suggest you use a tech support person you trust to do it for you (maybe like us?) – the removal process can be tricky and potentially dangerous (meaning trashing your computer if done wrong). As always, backup your stuff first!
Below the Fold
Ok, so the FBI and many other law enforcement organizations in other countries took the gang down on the 8th of November, 2011. At that time, they grabbed a bunch of guys in Estonia who were masterminding the operation. It turned out that all the servers that were doing the work were located in the US, so the FBI took them over and reset them (or replaced them, the stories vary) to do what Domain Name Servers do everywhere else – send you on your way to the website you typed into your web browser. Before then, the servers would send you elsewhere – to websites that paid that gang real money for doing so.
Nobody made great noises about and to the 4 million PCs infected with DNSChanger – fixing the problem can get quite involved, and the solution the FBI came up with appears to be working just fine. So long as they continue to operate those servers that is. Right now they have funding to cover operations till July 9th. We are pretty sure they’ll get additional funding to extend this – how long is anyone’s guess. The 4 million computers are spread all over the world, and it would be a very expensive undertaking just to identify them – so nobody’s likely to do that.
And really, 4 million out of well over a billion computers (in the world) isn’t really a lot, unless you are one of the 4 million! So it’s hard to generate interest in government agencies around the world to do a better job resolving this issue – after all, nobody knows exactly where all these computers are, which countries are most affected and should foot most of the bill!
So run the test we noted above. If you come up green, forget about it. If you come up red, follow our advice and fix it now. You never know when the plug is going to be pulled on those servers, and the affected computers just won’t be able to go to any websites anymore.
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!