Updated – July 6th at 1pm pacific
McAfee releases a free tool to help consumers identify the risk of DNS Trojan and modify their Internet settings by ‘DNSChanger’ Trojan
On July 9, 2012, the FBI will be shutting down Internet servers that had previously allowed millions of Internet users, who were infected by the DNSChanger Trojan, access to the Internet. Internet users who were affected by the Trojan will lose access to websites, email, chat, or social networking sites on July 9.
Note: Internet servers are also known as Domain Name System (DNS) servers. DNSChanger Trojan is a nasty piece of malware that has been around for some time.
What consumers should be aware of:
- Before July 9, it is recommended that all consumer Internet users check their computers for the Trojan and update their Internet settings.
- If the computer has the Trojan or does not have the correct Internet settings then they will not have access to the Internet beginning July 9th.
- To do quick check on a computer, McAfee has just introduced a free tool that helps users easily identify whether they have been affected by the Trojan and offers a free solution if they have been infected.
- Customers using McAfee AntiVirus products are currently protected from DNS Changer, providing the computer was not already infected before McAfee was installed. If you installed McAfee software after being infected, the malware is removed, but the changes the malware made to your network configuration require a manual correction.
Here are the recommended actions that consumers should take before July 9th:
Consumers can follow these steps to find out if their computer is infected with the DNSChanger Trojan and if their Internet settings need to be updated.
- Go to: www.mcafee.com/dnscheck
- Click the “Check Now” button to see if the computer has been infected.
- If the computer is infected, the website take the consumer through a process that will offer a free solution to get rid of the Trojan and update the Internet settings.
- If it is not infected, you will receive a “Congratulations, you are OK” screen and no further actions are needed. The computer’s Internet settings are up to date.
Here are the recommended actions that consumers should take beginning July 9th:
On July 9, if you are unable to access the Internet here is how you can access the DNSChanger Stinger tool:
1. Click on this link to download the DNSChanger Stinger tool: http://188.8.131.52/images/dnschanger-stinger.zip Click “Open” then Click “Allow.”
2. Follow the instructions in the “Readme.txt” file to run the tool or you can also follow the instructions below:
Double click “stinger.exe”
Click “Scan now”
3. If the tool does not detect any malicious DNS server settings or malware then no further action is required. However, if you are unable to still access the Internet then you’ll want to contact your Internet service provider.
4. If the tool does detect that your computer is using a malicious DNS server, the stinger tool will fix the DNS setting.
The stinger tool will create the registry backup “TCIP_Registry_Backup.reg”. You can restore network settings with this file. Then restart your computer.
Additional information about DNS servers and the DNSChanger Trojan:
What is a Domain Name System (or DNS)?
Domain Name System, also known as DNS, changes user-friendly website names into the Internet protocol (IP) addresses that computers use to talk to each other. When computer users enter a website name (ex. www.name.com) into their web browsers, their computer will contact a DNS server.
What is the ‘DNSChanger’ Trojan?
‘DNSChanger’ is a trojan created by cybercriminals to redirect the Internet traffic of millions of unsuspecting consumers to websites where the thieves have profited from advertisements. If your DNS server has been infected by this virus, you will not be able to go anywhere online. All computers still infected with DNSChanger malware will no longer be able to access websites, email, chat, or social networking sites like Facebook after July 9th.
Follow McAfee Consumer News: @mcafeeconsumer