As of July 9th, 2012, the Internet Systems Consortium will be shutting down the rogue DNS servers utilized by the DNSChanger malware infection. During an FBI sting, agents brought down a hacker ring from Estonia last year under Operation Ghost Click. If your computer is one of the 1 million computers that were infected by the DNSChanger virus, you will lose internet access on July 9th, 2012. The reason you will lose access, is that your computer may be using one of the temporary DNS servers setup by the FBI to retain access to infected computers during the shut down of the surrogate DNS servers used for the hacker ring.
How to Tell Whether DNSChanger Has Infected Your Computer
The FBI has setup a website that will allow you to find out if your computer has been infected with the DNSChanger rootkit. By visiting www.dns-ok.us you will be able to check and see if your computer has been inected. While the website looks very cheap and almost fake, it is the correct website that was setup by the FBI. If you live outside of the US, you will need to check for alternative websites to check for an infection.
If you computer is infected by the DNSChanger virus, you will unfortunately lose internet access until you have had the malware removed from your computer.
What Do I Do if My Computer is Infected by DNSChanger
Once you've figured out that your computer has been infected by the DNSChanger virus, it's time to start figuring out how you'll get the rootkit removed from your computer. The first thing that you'll need to do is to create a backup of all of your critical files including your personal files, pictures, music and movies. After you've completed this, your safest bet is to completely format your computer's hard drive and perform a complete clean installation of your operating system.
If you would prefer to avoid reformatting your computer, there are tools that can help you remove the rootkit malware and may be able to restore your computer to it's previous state. There are programs that have been released specifically designed to remove the DNSChanger rootkit from your computer. Simply Google DNSChanger or check out Kapersky Lab's TDSSKiller.
If the infected computer is on a network in your home or office, you will need to manually check every computer on the network to ensure that no other computers were infected. You will also want to check your router to ensure that it wasn't infected by the rootkit as well.
Once all of the above checks have been done and you feel you have removed the malware from your computer, recheck everything to ensure that your computer is no longer infected and you should be ready to go on Monday when the servers are shut down. By following the steps listed above you will be able to prevent your computer from losing internet access.
If you think your computer is infected with the DNSChanger virus, take a look at our virus and spyware removal services and give Geeks Anywhere a call, we'll be glad to help you protect your computer from DNSChanger and any other virus issues your computer might have.