DNSChanger Trojan: Help Is Available If You Got Hit

It looks like most people fixed their DNS problems before the July 9 end of the FBI safety net, but if that didn’t happen, there’s help out there or you can do it yourself.

Pretty much everyone has heard of the DNS Changer Trojan that was installed on some computers as much as five years ago. By now, most people have eliminated the problem, perhaps without knowing it, when they installed new antivirus software. But even if the Trojan itself is gone, the effects may linger in the form of revised Domain Name System entries. This means that, as of today, you can€™t get to the Web.

But that doesn€™t mean you can€™t get the problem solved. There are several ways to go about this. But if you€™re one of the affected people, you can€™t browse to the Web for help, so you will either need to get the software for clearing up the problem by some other means, or you€™ll need to call for help.

If you are one of those affected, you€™re probably reading this on your phone or your tablet. If that€™s the case, the best move you can make is to immediately go to the support page of your ISP and call the support number. The ISPs I€™ve heard from say they have teams standing by to help walk you through the solution.

But the fact is, most of you won€™t be affected. €œWe have not seen anything significant thus far,€ Verizon spokesman Bob Elek said in an email. €œKeep in mind that we had a very small number of customers impacted relative to the overall number, and we are extending our efforts through July to serve those affected customers.€

Elek said that Verizon€™s support people are standing by. €œThroughout the month of July, we will provide customers two options€”step-by-step procedures they can follow to €˜do it themselves€™ or help via a third-party contractor,€ he said. €œWe expect to see that effort complete our impacted customers during the month.€

Other ISPs are taking similar steps. Cox Communications is handling redirection of affected customers itself, and helping them fix the problem. €œLess than 1 percent of Cox customers are infected with the virus,€ Cox spokesman Todd Smith said in an email to eWEEK. €œCox worked closely with the FBI on this case in the fall and immediately established a redirect for infected customers to Cox DNS servers. Therefore, no Cox customers are impacted by the FBI transition and we plan to keep the redirect up until we have contacted every customer individually. As with other malicious attacks, Cox€™s Safety Team will contact each infected customer in the coming months via phone, email and in-browser notification to notify them of the infection and help ensure an optimal user experience long term.€

Comcast is offering a fix on its Website for customers who can reach it€”perhaps using another computer€”but it€™s also offering phone support.

€œSince midnight, we are seeing a minuscule number of calls, but our customer care and security assurance teams are standing by and are ready to help,€ Comcast spokesman Charlie Douglas said in an email. €œWe€™re pointing customers to a dedicated Website www.xfinity.com/dnsbot where customers can either download a free security patch on their own or, if they€™re not comfortable doing that on their own (maybe they€™re not technically proficient), then they can call Xfinity Signature Support and for a fee have a professional help them.€

You can also solve the problem yourself if you have some comfort in working with your computer. There are basically two things you need to do. First, get a USB flash drive, go to an unaffected computer and download the free software that fixes the DNSChanger Trojan. Here are the places you can go: Symantec, McAfee, Kaspersky. MacScan, Microsoft and TrendMicro, and there are others listed on the DCWG site.

After you€™ve downloaded the clean-up utility of your choice, take the USB flash drive to the computer that€™s been affected and run the software. Make sure that you run the full system scan rather than the quick scan if offered the choice. This will take a while, so be patient.

Once you€™ve removed the Trojan from your system, or confirmed that it€™s not there, the next step is to get your DNS set so you can resolve names. Again, using another computer or your phone or tablet, go to the OpenDNS site and find the instructions in Paragraph 2. The instructions differ according to your computer€™s operating system, but the site includes detailed instructions for both PC and Macintosh machines. Follow the steps, and if necessary, restart your computer.

The OpenDNS site provides DNS addresses for OpenDNS, Google DNS and DNS Advantage. If you want to use the DNS address for your ISP, you may be able to get the addresses from the support pages of their Website or from their phone support lines. But perhaps the easiest way is to simply select the choice where you tell your computer to get the DNS address automatically. To get there, follow the instructions given by OpenDNS, but instead of typing in the IP addresses, just choose the automatic option.

Note that the OpenDNS site provides a number of other resources for dealing with this and other problems involving your computer and Internet addresses. But for most people, the first choice should probably be your ISP or the IT department.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...