A particularly nasty virus has made its way into millions of computers that could result in you not being able to access the internet at all after July 9th, 2012.

A little History

Named “DNSChanger,” this malware was first discovered back in 2007.  Designed to redirect your web traffic to sites that the authors controlled, the successful virus infected millions of computers.

Targeting Windows and Mac users, (yes, Mac users, this affects you too,) the malware takes a web site address you enter into your browser and redirects it to a site controlled by the authors and their cohorts.  For example, if you were to try to browse to Google.com on an infected computer, the screen in your browser would redirect to a site that looked similar to Google.com , but is filled with internet ads, popups and other content.

After investigating this criminal activity and tracking the culprits to a group of thieves in Estonia, the FBI decided to leave the operation running but without the malware in order to not disrupt internet traffic for millions of computers.

The servers have been running since then, but the FBI plans on shutting down the servers on July 9th, 2012.  If your computer is infected with the virus, it will try to find the address of the server in Estonia, but will find nothing.  Therefore, your computer will not be able to access the internet after July 9th unless you clean your computer of the virus.

How Do I know If I have the DNSChanger Virus?

In order to detect if users have the virus installed on their computers, the FBI maintains a web page that inspects your computer settings to see if you are infected.  Browse to http://www.dns-ok.us/ to see if you are infected.  If you see a picture with a green background, you are not infected with this particular virus.  If, however, you see an image with a red background, your computer is probably infected with the DNSChanger virus.

Your Computer Passed!

Your Computer Failed the Test and is Probably Infected!

What to do If I’m Infected

Luckily, the virus has been around awhile and therefore most modern and updated anti-virus programs can identify and remove the infection.  There are several free tools that you can use to scan your PC and remove viruses.  Even if you are not infected with DNSChanger, it’s a good idea to run one of these tools.

I’ve run into this virus a couple times on client’s and friend’s computers and I’ve had luck with the Microsoft Safety Scanner software.  Microsoft provides this software free of charge and is available for download at http://www.microsoft.com/security/scanner/en-us/default.aspx.  The interesting thing about the Microsoft Security Scanner is that once downloaded, the software is only good for 10 days before it expires and will not install again.  This ensures that you are installing the most recent version with updated virus definitions.

Other free software that should remove the DNSChanger virus:

• Kaspersky Labs TDSSKiller – http://support.kaspersky.com/faq/?qid=208283363
• MacScan (for Mac) – http://macscan.securemac.com/
• Trend Micro Housecall  – http://housecall.trendmicro.com
• Avira DNS Repair Tool – http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199

DNSChanger Resources

Below are some articles and more information about the DNSChanger virus for your reading pleasure:

• Tool for checking your DNS settings – www.dns-ok.us
• The DNS CHanger Working Group (DCWG) – http://www.dcwg.org
• The FBI page with information about the DNSChanger virus – http://www.fbi.gov/news/stories/2011/november/malware_110911