DNSChanger Trojan: Help Is Available If You Got Hit
Pretty much everyone has heard of the DNS Changer Trojan that was installed on some computers as much as five years ago. By now, most people have eliminated the problem, perhaps without knowing it, when they installed new antivirus software. But even if the Trojan itself is gone, the effects may linger in the form of revised Domain Name System entries. This means that, as of today, you cant get to the Web.
But that doesnt mean you cant get the problem solved. There are several ways to go about this. But if youre one of the affected people, you cant browse to the Web for help, so you will either need to get the software for clearing up the problem by some other means, or youll need to call for help.
If you are one of those affected, youre probably reading this on your phone or your tablet. If thats the case, the best move you can make is to immediately go to the support page of your ISP and call the support number. The ISPs Ive heard from say they have teams standing by to help walk you through the solution.
But the fact is, most of you wont be affected. We have not seen anything significant thus far, Verizon spokesman Bob Elek said in an email. Keep in mind that we had a very small number of customers impacted relative to the overall number, and we are extending our efforts through July to serve those affected customers.
Elek said that Verizons support people are standing by. Throughout the month of July, we will provide customers two optionsstep-by-step procedures they can follow to do it themselves or help via a third-party contractor, he said. We expect to see that effort complete our impacted customers during the month.
Other ISPs are taking similar steps. Cox Communications is handling redirection of affected customers itself, and helping them fix the problem. Less than 1 percent of Cox customers are infected with the virus, Cox spokesman Todd Smith said in an email to eWEEK. Cox worked closely with the FBI on this case in the fall and immediately established a redirect for infected customers to Cox DNS servers. Therefore, no Cox customers are impacted by the FBI transition and we plan to keep the redirect up until we have contacted every customer individually. As with other malicious attacks, Coxs Safety Team will contact each infected customer in the coming months via phone, email and in-browser notification to notify them of the infection and help ensure an optimal user experience long term.
Comcast is offering a fix on its Website for customers who can reach itperhaps using another computerbut its also offering phone support.
Since midnight, we are seeing a minuscule number of calls, but our customer care and security assurance teams are standing by and are ready to help, Comcast spokesman Charlie Douglas said in an email. Were pointing customers to a dedicated Website www.xfinity.com/dnsbot where customers can either download a free security patch on their own or, if theyre not comfortable doing that on their own (maybe theyre not technically proficient), then they can call Xfinity Signature Support and for a fee have a professional help them.
You can also solve the problem yourself if you have some comfort in working with your computer. There are basically two things you need to do. First, get a USB flash drive, go to an unaffected computer and download the free software that fixes the DNSChanger Trojan. Here are the places you can go: Symantec, McAfee, Kaspersky. MacScan, Microsoft and TrendMicro, and there are others listed on the DCWG site.
After youve downloaded the clean-up utility of your choice, take the USB flash drive to the computer thats been affected and run the software. Make sure that you run the full system scan rather than the quick scan if offered the choice. This will take a while, so be patient.
Once youve removed the Trojan from your system, or confirmed that its not there, the next step is to get your DNS set so you can resolve names. Again, using another computer or your phone or tablet, go to the OpenDNS site and find the instructions in Paragraph 2. The instructions differ according to your computers operating system, but the site includes detailed instructions for both PC and Macintosh machines. Follow the steps, and if necessary, restart your computer.
The OpenDNS site provides DNS addresses for OpenDNS, Google DNS and DNS Advantage. If you want to use the DNS address for your ISP, you may be able to get the addresses from the support pages of their Website or from their phone support lines. But perhaps the easiest way is to simply select the choice where you tell your computer to get the DNS address automatically. To get there, follow the instructions given by OpenDNS, but instead of typing in the IP addresses, just choose the automatic option.
Note that the OpenDNS site provides a number of other resources for dealing with this and other problems involving your computer and Internet addresses. But for most people, the first choice should probably be your ISP or the IT department.