By now you may have heard from friends, the media or the rumor mill that the Internet will be shutting down on July 9th. It’s actually NOT a true statement BUT there is a real threat. With this post, I’d like to get right to helping determine if you are infected and if so, steps to remove it! Quick background, the internet will NOT shutdown but there are several thousand computers that have been infected by a virus that may not be able to access websites come July 9th.
Steps to identify and remove the DNSChanger virus if necessary:
1. Using your web browser (Internet Explorer, Chrome, Safari, Firefox etc..) goto: http://www.dns-ok.lu/ This will immediately let you know if your computer is infected or not. If you see green you are OK, if you see red, you’re infected.
2. If you are infected, then before doing anything else I suggest you backup of all of your important files
3. Now to remove the malware:
– For Windows computers goto: http://support.kaspersky.com/faq/?qid=208283363 On this page you want to download the TDSSKiller.exe file on the infected computer and follow the instructions to install and then reboot.
– For Apple computers goto this very detailed document: http://www.uc.edu/infosec/documents/Mac_OSX_Remediating_DNSchanger.pdf
4. Update your DNS settings using your ISP-provided automatic settings by choosing the “automatically” option (Windows) or deleting any DNS servers listed (MacOS).
– For WINDOWS: Detailed steps here: http://windows.microsoft.com/en-us/windows7/Change-TCP-IP-settings.
– For APPLE: http://www.uc.edu/infosec/documents/Mac_OSX_Remediating_DNSchanger.pdf
5. To be super safe, if you were infected you should also change passwords on any online accounts (the malware was known for doing more than just DNS re-routing, it could have captured other info)
If you want more detail, with images and steps you can also read this article: http://www.pcworld.com/article/255137/protect_yourself_from_dnschanger.html