Internet would come to halt for millions of users around the world starting coming March 8th if proper DNS server is not maintained. This is because virus and DNS changer corrupt billions of computers around the world.
So, what is DNS?
DNS is Domain Name System it’s an internet service that converts user friendly domain names, such www.google.com, into numerical address that allows computers to speak to each other. Without DNS and DNS servers operated by internet service providers, computes users would not be able to browse, sent email and connect to internet.
According to US Federal Bureau of Investigation, six Estonian nationals have been arrested and charged with running a convoluted Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to fake the multi-billion-dollar Internet advertising industry. Users of infected machines were not aware that their computers had been compromised—or that the fraud software rendered their machines vulnerable to a host of other viruses.
Okay, now what is DNS changer?
DNS changer is a Trojan that changes the infected system’s DNS settings. The Trojan identified by some antivirus as Trojan.Zlob these Trojan, like so-called DNS changer (The Zlob Trojan, identified by some antivirus as Trojan.Zlob, is a Trojan horse which masks as a needed video codec in the form of ActiveX).
This DNS changer add rogue DNS name servers to the registry of Windows-based computer and attempt to hack into any detected router to change the DNS settings and therefore could potentially re-route traffic from legitimate web sites to other suspicious web sites. The Trojan has also been linked to downloading atnvrsinstall.exe which uses the Windows Security shield icon to look as if it is an Anti Virus installation file from Microsoft, having this file initiated can cause mayhem on computers and networks.
As part of a US federal court order, the rogue DNS servers have been replaced with legitimate servers in the hopes that users who were infected will not have their Internet access disrupted. It is important to note that the replacement servers will not remove the DNS changer malware or other viruses it may have facilitated from infected computers. Also the US federal court was told to educate the public and Internet Service Providers about the DNS changer malware.
If your ISP (Internet Service Provider) DNS server is infected, same will be applicable to you. How do you know if your computer is infected? If you are Windows user you can check by going to the
Typing Run and then cmd
At the command prompt,
Type: ipconfig /all
Look for the entry that reads “DNS Servers……….”
The DNS numbers are in the format of xxx.xxx.xxx.xxx, where xxx is a number from 0 to 255 (Eg. 192.168.1.1). Make note of the IP addresses for the DNS servers and compare them to the table of known rogue DNS servers.
There is a special website to check if you’re ISP (Internet Service Provider) DNS requests are made to the right places www.dns-ok.de. This site will tell you if you are affected by the DNS Changer malware or not, like the one in below,
What will happen after March 8? According to the Federal Bureau of Investigation, it will shut down the surrogate DNS servers, affecting millions of users who are still using rogue DNS addresses.
To over come the PC’s which are infested by infected by rouge DNS, you can use DNS Repair tool. Download it from: avira.com