The domain name system or DNS system is an internet service that converts domain names into numeric Internet Protocol (IP) addresses. These numeric IP addresses are used by computers to connect to each other.
When you enter a domain name in the browser’s address bar, the computer contacts the DNS servers. Then find out the IP address of that website. Once you have done this, your computer uses this IP address to connect to the website.
The German Federal Office for Information Security recently advised computer users to check the DNS server settings of hijacked computers or home networks. This comes as a continuation of the FBI’s successful campaign to eliminate botnets. The Ghost-KlickDNSChanger botnet had infected about 4 million computers in over 100 countries. This Trojan redirected requests from infected computers to malicious websites by changing the DNS server address, blog.eset.com reports.
For example, in such a case, you might type www.pchardwarepro.com and want to visit this site, but you may suddenly find yourself landing elsewhere. This is due to poisoning and falsification of the DNS cache.
Although all malicious DNS servers have been replaced with the correct operating systems during disassembly, it may be a good time, like any other, to see if your PC has really been compromised.
For this you can visit grc.com. On this website, you can check whether the DNS settings of your home network or computer have been changed or changed. You can check here if your computer is affected by this malware that changes the DNS settings of your computer or home network. If you think you were a victim, you can check and report your IP here to the FBI.
The botnet changed the DNS settings of computer users and pointed them to malicious sites. Malicious DNS servers would provide false and malicious responses, disrupting user searches and promoting fake and dangerous products. Because all web searches start with DNS, the malware has shown users a modified version of the Internet. The scam cost hackers more than $ 14 million, according to the FBI.
Internet users were warned of a major outage in July 2012. More details can be found at DCWG.org.
How to find out if your computer is infected with DNSChanger
If you want to know if the DNS configuration has been compromised, you can do it as follows:
Open CMD and at the prompt type ipconfig / all and press Enter.
Now look for entries that start “DNS Servers …” This displays the IP addresses of your DNS servers in the format ddd.ddd.ddd.ddd.ddd, where ddd is a number between 0 and 225. Make a note of the IP addresses of DNS servers. Check them with the numbers listed in the table below that contain known fake IP addresses. If present, the computer is using unauthorized DNS.
If your computer is configured to use one or more of the malicious DNS servers, it may be infected with DNSChanger malware. Then it may be a good idea to back up your files and perform a full scan on your Windows computer with antivirus software.
DNSChanger Changer Removal Tool
You can use the DNSChanger removal tool to fix this problem, if you need more help, you can visit our Windows security forums at any time.
By the way, if your computer is still infected with fake DNS, you will not be able to browse the Internet after July 9, 2012. This is because these replacement DNS servers will be shut down that day.
Take a look at F-Secure Router Checker. Check if DNS is hijacked.
You may also be interested in these links:
How to clear or reset the Windows DNS cache
How to change DNS settings in Windows.