Skip navigation

A DNS Changing virus affecting Windows XP, Windows Vista, Window 7 and Mac users can lead to losing internet service this July when authorities shut down temporary servers put in place to bypass the damage this malware was doing. Even though you may no longer experience the harm, you computer may still be infected. When the bypass is removed your DNS lookups would no longer work, effectively cutting you off from the net.

What to do now? If you’re like me you’ll want to cross check that this story itself is real and not a phishing expedition: Check out my links below and do your own research into the subject to assure yourself (a) that a real danger exists and (b) that the DCWG or DNS Changer Working Group is an authoritative and helpful resource.

Late last year the authorities under the cloak of “Operation Ghost Click” arrested several cyber criminals operating under the company name “Rove Digital”, whose criminal enterprise distributed DNS changing viruses, alternatively known as TDSS, Alureon, TidServ and TDL4 which altered user DNS settings, pointing victims to rogue data centers in Estonia, New York, and Chicago. These servers would hijack your searches and promote fake, spammy, even dangerous products. Infected users, essentially, got an altered view of the Internet.

The Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network under a court order, expiring July 9. This allows victims time to determine whether they’re infected and remediate to avoid sudden disruption of services when the replacement/bypass DNS servers are turned off.

Quick red or green* check at

*If your ISP is redirecting DNS traffic around the DNC Changer problem you might see green even though you are infected. Ugh! A more comprehensive list of detection sites, resources and help is available at

Links: DNS Changer Working Group | FBI’s DNSChanger Malware | FBI’s DNS Malware: Is your computer infected? | FBI’s United States v. Vladimir Tsastsin, et al. | eWeek’s FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections Remain | USA Today’s Infected PCs may lose Internet in July | Computerworl’s Judge extends DNS Changer deadline as malware cleanup progresses | eSecuriry Planet’s DNS Changer Malware Infects Half of Fortune 500 Firms | Symantec’s DNSChanger Fraud Ring Busted | AT&T Networking Exchange Blog Stopping DNSChanger Trojans

Answers the questions: Am I infected with the DNS Changing virus? How to detect if I’m infected with DNS Changing malware? Which sites detect for DNS Changer? Are Your DNS Settings Ok? How to manually check for DNS Changer infection? How to remove the DNS Changing virus? What if I’m infected? Which tools clean out DNS Changer?

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s