Because there has been so much interest in the DNSChanger malware, we have created a 5 step guide to fix and recover from DNSChanger based on recommendations from the DNS Changer Working Group.
What is DNSChanger?
DNSChanger is a type of malware known as a worm or trojan that altered Domain Name System (DNS) settings on infected computers. The malicious DNS servers were used to redirect users, alter searches, and display ads for fake and dangerous products.
After the cyber criminals who distributed the malware were arrested, the malicious DNS servers were replaced with temporary replacement servers allowing computers infected with DNSChanger to continue to receive service. These replacement DNS servers were set to shut down on July 9, 2012, but hundreds of thousands of computers are estimated to still be infected.
We strongly suggest following the directions at Secure DNS Services - No Hardware, Software Required | Comodo Internet Security to update your DNS settings to Comodo SecureDNS. This will not only protect you from this latest virus but also block future threats that can infect your computer simply from visiting a website.
Below are the 5 steps to recover from DNSChanger:
1. Backup
If you don’t have a recent backup of your important files, we recommend copying all your files onto a backup portable hard drive or cloud-based backup service such as Comodo Backup. Comodo provides 5 GB online storage space free for each user.
2. Clean
Next, remove the DNSChanger trojan and recover your PC by installing and running a virus cleaning tool. Comodo provides an assortment of free and low cost antivirus options for Windows and Mac OS X based computers.
3. Set DNS
Now that you have a clean PC, you need to ensure that your DNS settings are correct. You have the option of using a third party DNS service such as Comodo SecureDNS (recommended) or the DNS provided by your ISP. To set up SecureDNS follow our easy switch guide. To return to your ISP provided automatic settings, choose the “Obtain DNS server address automatically” option in Windows network connections properties or delete any DNS servers listed in your Mac OS network settings.
4. Check routers
Next, confirm that your home router is set to use the DNS settings provided by your ISP or a third party DNS service. See our directions to enable SecureDNS on your router.
5. Change passwords
Because your computer was infected, the malware may have captured your keystrokes or acted as a proxy for your browsing activity. To be safe, change any sensitive passwords on your online accounts.
Hope this helps and please tell your friends and family about Comodo SecureDNS to protect their Internet browsing experience!