How to Remove The Trojan.DNSChanger Virus?

by Digital Drake on October 29, 2008

You sitting in front of your computer and all of a sudden, you cannot connect to the Internet.

You know your Internet connection is good, but none of the URLs you place in your browser go anywhere. What’s happened?

There is a good chance that you have been infected with the Trojan.DNSChanger trojan. What is this?

Trojan.DNSChanger is a trojan that makes your web browser open slowly and either redirects you to malicious or adverstisment links, or you cannot connect to any website.

This trojan actually modifies your network DNS setting. It does this in the  Control Panel and in your computer registry.

If you attempt to go in and manually change it (in the Control Panel or registry), it will re-insert itself.

What is a DNS?

DNS stands for Domain Name System (or Service or Server), an Internet service that translates domain names) such as digitaldrake.com) into IP addresses (such as 64.49.61.187). Why?

Because we (people) understand and, more importantly, remember digitaldrake.com; but computers, which are machines, understand numbers such as 64.49.61.187. Either way, if you typed in 64.49.61.187 in your web browser, you will see that it will take you to digitaldrake.com

I am sure you have many favorite websites that you visit and bookmark. Imagine, though, if you had to memorize all of the IP Addresses for them! DNS translates the domain names (URLs) you type into your web browser into IP addresses. OK, back to the Trojan.DNSChanger virus and removing it.

The DNS setting in your computer (if there is one) is the address of a computer on the Internet (or on your network) that translates (resolves) a domain name into an IP address. Now, suppose somehow the DNS IP Address in your PC setting gets changed by the Trojan.DNSChanger virus. Well, what happens is that the bogus IP Address that it inserts might point to a computer that does not exist. In other words, it does not point to a real DNS server; and since it doesn’t, your PC will not be able to translate that domain name you typed into your browser into an IP Address. Thus, you go no where.

Note: If there is no DNS IP Address setting in your PC, this is OK. Your ISP is handling this for you. In other words, they will handle the domain name to IP Address  translation. 

So, how do you get rid of it?

The easist and fastest way is to use a freeware tool called Malwarebytes Anti-Malware which may be downloaded here, for free.

In a previous article and accompanying video, I showed PC users how to remove the XP Anti-Virus Rogue with this same tool.

Check out the video below to learn how to get rid of the Trojan.DNSChanger trojan.


Removing The Trojan.DNSChanger Virus
 

Post to Twitter Tweet This

Tagged as: spyware, trojans, Viruses & Spyware

  • Bentley
    This virus has completely hijacked my PC (not this PC obviously) by taking away my internet access, my ability to open up the Device Manager, and even the ability to open up and run Malwarebytes' Anti-Malware.

    When I first ran MAM, it detected 10 infections and was able to remove all but 1 saying the PC had to be rebooted for it to be finished. I then rebooted, but the 'fake' little red 'X' was still in the system tray and the fake warning messages reappeared. I ran MAM again and it detected 9 more infections but this time the pop-ups came and wouldn't allow me to complete the removal process on MAM. The pop-ups just remained in front not allowing me to switch back to the MAM (which was still open) at all. So I rebooted one more time and this time the virus completely blocked access to MAM not allowing it to be opened.

    The only thing I can do is boot in safe mode. Is there any way to remove this virus in safe mode? I'm pissed off to say the least, not only because of the virus, but because the infected PC also has McAfee which detected the virus when it hit, but did not stop it from infecting the PC. Can I reset the router to regain internet access before the virus is removed, or would that not be wise? And is it possible to download a free antivirus program (such as Avenger) on this PC and transfer it to the infected PC with an external hard drive without the virus detecting the program?
blog comments powered by Disqus

Previous post:

Next post: