11-11-2011 06:41 AM
Just received an email from our ISP explaining, "... your computer or another computer on your network may be infected by malicious software known as "DNSChanger." It goes on to say, "Currently, it is not known whether or not this industry-wide malware attack impacts anything other than web or advertisement redirection and there is no tool that is known to be
effective in detecting and eradicating this infection from infected computers." They strongly recommend updating our master boot records and reformatting our hard drives. Pretty extreme.
Does anyone have experience with this and know whether these measures are really necessary?
Thanks for any help you can offer.
Solved! Go to Solution.
11-11-2011 07:01 AM
Actually to me it sounds pretty drastic - I intend to do very little at the moment.
Here are a few articles on DNS Changer:
Just curious - who is your ISP??
11-11-2011 07:06 AM
There is some good info on the Symantec site about "DNSChanger":
If you follow the FBI link "some great information", then the link for "Check your computer's DNS settings", and then the link to "More information about DNS settings" it has a very good pdf file telling you how to check if your computer has been compromised.
If you are infected with "DNSChanger" it looks like Norton are recommending the use of Norton Power Eraser.
11-11-2011 07:10 AM
Here is some addtioanl info I got from: http://www.us-cert.gov/current/index.html#operatio
Operation Ghost Click Malware
added November 10, 2011 at 12:52 pm
On November 9, 2011 US Federal prosecutors announced Operation Ghost Click, an ongoing investigation that resulted in the arrests of a cyber ring of seven people who allegedly ran a massive online advertising fraud scheme that used malicious software to infect at least 4 million computers in more than 100 countries.
The cyber ring, comprised of individuals from Estonia and Russia, allegedly used the malicious software, or malware, to hijack web searches to generate advertising and sales revenue by diverting users from legitimate websites to websites run by the cyber ring. In some cases, the software, known as DNSChanger, would replace advertising on popular websites with other ads when viewed from an infected computer. The malware also could have prevented users' anti-virus software from functioning properly, thus exposing infected machines to unrelated malicious software.
US-CERT encourages users and administrators to use caution when surfing the web and to take the following preventative measures to protect themselves from malware campaigns:
11-11-2011 10:57 AM - edited 11-11-2011 11:08 AM
CenturyLink has posted this on their website. Have you scanned your PC to see if you are, in fact, infected? You might want to use the free version of Malwarebytes' for an on-demand scan, in addition to running a Norton scan. Have you noticed any odd redirects recently in the course of your web surfing?
11-12-2011 06:38 AM
Thanks for the comments. We have been experiencing redirects on our PC, our iMac, and iPad for several months. With the PC we even paid for one of Norton's clean and tune services. We identified the redirects as a problem with the Norton techs and they even experienced it while working on the system. It was never resolved. Because it was occuring on both the PC and the Macs we just assumed it was an issue with Qwest and did not follow-up.