by      
DNS Changer changed when the FBI shut down DNS used to change your web surfing landing pages. Sounds confusing and why did those boys and girls leave this botnet redirect online so long? Could they have needed to collect a victim count? If there is a payout involved I think I can come up with 20,000,000 internet users in the USA. But they wouldn't be anyone I know because my people know about things like redirects. Lost Internet Connection July 9, 2012?

Lost Internet Connection July 9, 2012?

It's not very widespread but if you are using a friends computer or your second computer follow the steps below to get back online with your DNS Changer infected computer. No, it's not OK to tell your boss you couldn't connect to the Internet because the FBI shut down your favorite DNS server.

Here's a quick list of what to do if your computer has the DNS Changer IP address in your network DNS settings.

PC's:

  1. Click Start then RUN or from the SEARCH line type ncpa.cpl
  2. You might have more than one network connection. LAN andWireless.
  3. Select one at a time and right mouse click it.
  4. Left mouse click on Properties.
  5. From the General Tab look for the text box "This connection uses the following items".
  6. Scroll down to the Internet Protocol TCP/IPv4 line click it
  7. Then click Properties.
  8. From the General Tab look at the line Use the following DNS server addresses.
  9. If you have something here you need to make sure the DNS isn't something your IT department or your cable network setup for you. Write down the IP address!
  10. Write down the numbers if you have something in the DNS Server Address before you do anything.
  11. Go to http://38.68.193.96 or in other words http://www.DNS-OK.US . If you have the malware the only way you'll reach the site is with the IP address. DNS is Domain Name Server which takes a name and converts it to the IP address. In this case that will no longer work so you'll need to use the IP address instead. You still have internet just nothing is going to take a named address.
  12. From 38.68.193.96 or www.dns-ok.us if you see DNS Resolution = GREEN you are good to go.
  13. Close everything and go back to your normal day.
  14. If you see anything else then suspect your DNS servers and remove the IP addresses you found in step 9.

Install a good Antivirus program (www.avg.com) and run your scan!

Or, submit a ticket here and I'll send you more information. If it's related to the DNS Changer it's free but expect a good lecture. If it's anything else it's a fee based service.

MAC's > Preferences > Network > Advanced > DNS > follow the steps above as a general guide from step 9.

Short history: Virus designed in 2007 for click marketing (advertisement click sites). It was not designed to steal information. But, because you are re-routed to a DNS controlled by untrusting souls anything could have been recorded. Google the DCWG Vladimir Tsastsin US Justice case to learn about this version and who it infected.

 

DNS Changer changed when the FBI shut down DNS used to change your web surfing landing pages. Sounds confusing and why did those boys and girls leave this botnet redirect online so long? Could they have needed to collect a victim count? If there is a payout involved I think I can come up with 20,000,000 internet users in the USA. But they wouldn't be anyone I know because my people know about things like redirects. Lost Internet Connection July 9, 2012?