Blarg…My PC has been plagued by something over the last 4-5 days. I’ve been scanning, sweeping, etc. nearly constantly. It will improve slightly then go right back in the crapper. This afternoon, McAfee is popping up every 20-30 seconds saying it has blocked and removed the DNSchanger trojan.
Is there something on my PC generating copies of this?
Is there anyway to get rid of this?
Thanks, because I’m getting real sick of this.
-rainy
I’m not sure exactly what it is but doesn’t McAfee have forums?
If it keeps coming back, I would first unplug my computer from the router, if any. Then I would boot into safe mode and perform the McAfee scan
Then rebuild (reset) your router settings with a new password
Agreed. If you have a router, your DNS settings are probably stored in the router itself. If this malware is able to change them in there, then you need to reset them in the router before you try to reconnect to the internet.* Otherwise, even if you get the malware off your computer, the bad DNS settings in the router could be connecting you to a compromised DNS server that will cause you to get infected again. That may be why you seem to clearing it off the computer only to have it come back again. (Of course, I am just guessing, and I am sure that malware writers have lots of other ways to make their creations had to get rid of. However, the fact that it is called DNSChanger suggests to me that it will try to change router settings. If there is a router being used, and lots of people do use one these days, then I do not think think they could change your DNS without getting into the router.)
*For most people the router’s default DNS setting is fine, and uses the DNS provided by your IP.
**njtt,
** Your PC, changing the settings on your router seems highly unlikely to me. On any home router I’ve worked on, you’d have to connect via a browser to the device, enter some sort of password (even if it’s the default), navigate a menu, then change the settings… several of them, all different depending on the brand/revision of the router. Possible, but unlikely.
Far more likely is that it’s changing only on the PC, which is fairly straight forward.
I’ll second the safe mode, disconnected scan, then connect in safe mode with networking, and hit a few of the online cleaners, along with a nice fresh update of malwarebytes, or the like.
This seems like as good a place as any to ask this… if one disables one’s Local Area Connection in order to effect malware removal, is that equivalent to physically unplugging from the router? Normally, I always unplug, but my cable is hard to reach.
The DNS changer crittter really DOES try to attack the router. It doesn’t have to navigate menues, just send the URLs associated with that navigation. IME about 80% of routers have the default password in place. Guessing “password” or the SSID will probably net another 5%.
for OP and any who have redirected search virus/trojan (among others) this link will provide great help
ive had to clean 3 or 4 computers lately, and the method works without format etc.
after you clean your system, make sure to (re)install an anti-virus, some good free ones include Avira and AVG.
Yes, it’s effectively the same. Make sure WiFi is off as well.
I stand corrected then. It’s been a while since I’ve had to do real virus removal from a PC (thank god), and I must be out of date… somehow, now that I think of it, it had to just be a matter of time before they attempted this sort of thing… if they can get through my password structures, they’re doing pretty good, so I’m probably OK on that front.
Virus authors should be tortured… then only allowed to use infected PCs, not hooked to a network… playing barney games.
Thanks for the info. I’m at my office now and able to get Internet access, which became impossible from home as things degraded to the point that I can’t log into windows. I guess I get to start fresh with a new system now - sigh.
I’ll second the torture option. I’m not a power user by any means, and have spent the lion’s share of the last four days screwing with this problem only to have it all be for naught. If my router is infected, and I’m kind of an idiot on this topic, should I give my DSL provider a call and have them send a tech out to reset/fix/clean things when the new system arrives before I start using it?
Wow, I just compiled all the instructions from the major geek website into one document so I could print it out and go through it at home. That is a comprehensive proceedure – you guys may not hear from me for a while.
yea it works well, just time consuming. make sure to download the programs and put them on a cd or flashdrive, i have had trouble getting them to DL on infected systems