What does it do?
Changes your Internet settings so cybercriminals can serve you ads, steal your login information, and monitor everything you do online.
Gruesome technical details (optional)
DNSChanger alters your computer’s DNS settings. DNS servers translate ugly network numbers like 127.0.0.1 into nice human-friendly addresses like www.sophos.com. Normally your computer looks to your Internet provider’s DNS servers for these translations. DNSChanger redirects your computer to cybercriminal DNS servers, so everything you do on the Internet silently passes through their servers en route to its actual destination.
What could happen on July 9, 2012?
If your computer is infected with the DNSChanger virus, as of Monday, July 9, 2012, you may not be able to access the Internet. Because of the severity of DNSChanger, Internet providers worldwide decreed that July 9, 2012 was the last day the hacker servers would be allowed to stay online. After that, they pull the plug. If you’re infected and can’t get online, it’s probably because your Internet provider is blocking your computer as a public safety measure.
What do I need to do?
1. Check to see if you are infected.
Visit the DNSChanger Working Group (DCWG) website to see if you are infected. If you are, continue below.
2. Remove the virus from your computer
Most popular antivirus programs will remove DNSChanger. Be sure you are using legitimate antivirus and not lookalike scamware. DCWG has tips on what to do if you are infected.
These Tech Tips articles may also help:
- What To Do If You Get A Computer Virus
- Social Engineering: How Viruses Trick You Into Letting Them In
- What You Need To Know About Mac Viruses
- Sophos Naked Security: DNS Changer – how not to lose your Internet connection on July 9, 2012
- PCMag: Are You Infected With DNSChanger Malware?
- PCMag: How to Find, Remove DNSChanger From Your Router
- eWeek: DNS Changer Malware Could Lock Unwary Users Out of the Internet on July 9