helix2301
In Runtime
- Messages
- 280
- Location
- Datacenter
DNSChanger is a trojan that will change the infected system's Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites. This Trojan is designed to change the ‘NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan.
The FBI under a court order expiring July 9 the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
July 9th is being called Internet Dooms Day. The FBI set up a safety net months ago using government computers, but that system will shut down July 9. At that point, infected users won't be able to connect to the Internet.
The Trojan can be removed
Manual Removal Instructions:
1. Navigate to the following paths in the registry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “DhcpNameServerâ€
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServerâ€
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “NameServerâ€
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServerâ€
2. Look for unknown IP Addresses in the Data part. Change them into IP addresses for your DNS Servers.
http://lipanitechnologies.com/blog/dnschanger-trojan/
The FBI under a court order expiring July 9 the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
July 9th is being called Internet Dooms Day. The FBI set up a safety net months ago using government computers, but that system will shut down July 9. At that point, infected users won't be able to connect to the Internet.
The Trojan can be removed
Manual Removal Instructions:
1. Navigate to the following paths in the registry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “DhcpNameServerâ€
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServerâ€
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “NameServerâ€
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServerâ€
2. Look for unknown IP Addresses in the Data part. Change them into IP addresses for your DNS Servers.
http://lipanitechnologies.com/blog/dnschanger-trojan/
