You sitting in front of your computer and all of a sudden, you cannot connect to the Internet.
You know your Internet connection is good, but none of the URLs you place in your browser go anywhere. What’s happened?
There is a good chance that you have been infected with the Trojan.DNSChanger trojan. What is this?
Trojan.DNSChanger is a trojan that makes your web browser open slowly and either redirects you to malicious or adverstisment links, or you cannot connect to any website.
This trojan actually modifies your network DNS setting. It does this in the Control Panel and in your computer registry.
If you attempt to go in and manually change it (in the Control Panel or registry), it will re-insert itself.
What is a DNS?
DNS stands for Domain Name System (or Service or Server), an Internet service that translates domain names) such as digitaldrake.com) into IP addresses (such as 64.49.61.187). Why?
Because we (people) understand and, more importantly, remember digitaldrake.com; but computers, which are machines, understand numbers such as 64.49.61.187. Either way, if you typed in 64.49.61.187 in your web browser, you will see that it will take you to digitaldrake.com.
I am sure you have many favorite websites that you visit and bookmark. Imagine, though, if you had to memorize all of the IP Addresses for them! DNS translates the domain names (URLs) you type into your web browser into IP addresses. OK, back to the Trojan.DNSChanger virus and removing it.
The DNS setting in your computer (if there is one) is the address of a computer on the Internet (or on your network) that translates (resolves) a domain name into an IP address. Now, suppose somehow the DNS IP Address in your PC setting gets changed by the Trojan.DNSChanger virus. Well, what happens is that the bogus IP Address that it inserts might point to a computer that does not exist. In other words, it does not point to a real DNS server; and since it doesn’t, your PC will not be able to translate that domain name you typed into your browser into an IP Address. Thus, you go no where.
Note: If there is no DNS IP Address setting in your PC, this is OK. Your ISP is handling this for you. In other words, they will handle the domain name to IP Address translation.
So, how do you get rid of it?
The easist and fastest way is to use a freeware tool called Malwarebytes Anti-Malware which may be downloaded here, for free.
In a previous article and accompanying video, I showed PC users how to remove the XP Anti-Virus Rogue with this same tool.
Check out the video below to learn how to get rid of the Trojan.DNSChanger trojan.
Removing The Trojan.DNSChanger Virus
{ 11 comments… read them below or add one }
I think this Malwarebites anti malware is not a free ware as I am not able to download the link
Can you give a new link where I can download it freely as I am using windows xp and i am getting bogus IP and DNS
Kindly help
Having been hit with this DNS Changer problem, I have tried Malwarebytes Anti Malware program along with Spyware Doctor, Pest Control, Spybot Search & Destroy, Reg Cure and some others. They all find the infection, up to 18 on one run, and remove them, but on rebooting the computor, they’re back with a vegence. I realy don’t know what else I can do. Please can you help or advise me.
12/18/08: used updated malwarebytes, ran it in safe mode, finds the trojan dnschanger stuff; i choose remove
it comes back
HELP!!!
This virus has completely hijacked my PC (not this PC obviously) by taking away my internet access, my ability to open up the Device Manager, and even the ability to open up and run Malwarebytes' Anti-Malware.
When I first ran MAM, it detected 10 infections and was able to remove all but 1 saying the PC had to be rebooted for it to be finished. I then rebooted, but the 'fake' little red 'X' was still in the system tray and the fake warning messages reappeared. I ran MAM again and it detected 9 more infections but this time the pop-ups came and wouldn't allow me to complete the removal process on MAM. The pop-ups just remained in front not allowing me to switch back to the MAM (which was still open) at all. So I rebooted one more time and this time the virus completely blocked access to MAM not allowing it to be opened.
The only thing I can do is boot in safe mode. Is there any way to remove this virus in safe mode? I'm pissed off to say the least, not only because of the virus, but because the infected PC also has McAfee which detected the virus when it hit, but did not stop it from infecting the PC. Can I reset the router to regain internet access before the virus is removed, or would that not be wise? And is it possible to download a free antivirus program (such as Avenger) on this PC and transfer it to the infected PC with an external hard drive without the virus detecting the program?
I have Malware bytes and every time I run it and remove and restart and run again to check and see if the dns changer has been removed, then it is still there. I cannot get rid of dns changer even with Malware Bytes
I have Malware bytes and every time I run it and remove and restart and run again to check and see if the dns changer has been removed, then it is still there. I cannot get rid of dns changer even with Malware Bytes
That does not work inwindows 7 The dns changer is not removed by malwarebytes
Nice template , what is the name of tamplate you used in your blog
it keep coming back i did all this dont work
Ok I just got in a fight with this virus and won so i'm here to tell you about it. I went to Start>Control Panel>Administrative Tools>Services. The list should be be alphabetically ordered, it it's not you can press on the "Name" tab to sort alphabetically. Look down the list and find the service "Web Client". Stop the "Web Client" service and go up the list and find the service "DNS Client". Restart the "DNS Client" service and you should be able to access the internet and download malwarebytes
http://www.filehippo.com/download_ [...] c3de8dfea/
Scan your computer, restart it when malwarebytes asks you to, and the computer should start up to settings and restart the "Web Client" service on its own. After you scan make sure you lock your computer down with firewalls and a virus program that does realtime scanning of incoming files, because this Trojan is part of a "fraud pack" and you may have just dodged a bullet.
please give reply