DNSChanger Questions Answered

Yes… The warnings about the DNSChanger Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

BWS Business & Residential Clients:
If you have the IndigoGuard service you are protected.
If you have any questions please call us at 334-358-6305 or email us at support@bwsit.com

Why is July 9th important?
To assist victims affected by the DNSChanger, the FBI setup temporary clean DNS servers in 2011. This solution was a temporary, provided additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on Monday July 9, 2012, and computers still imfected by DNSChanger will likely lose Internet connectivity.

Am I infected?

If you’re in the United States, go to dns-ok.us

If you see an image with a green background (see image below) if you’re more than likely clean. A red background means you’re definitely infected. Please note in rare cases depending on your ISP you may see the green box and be still be infected. So make sure you scan for viruses and adware.

Help! I’m not sure or my computer’s infected with DNSChanger. 

You can bring your computer to:

BWS Technologies
1797 East Main Street – Prattville

-or- For those DIY folks follow the steps at the bottom of this post.

What is DNSChanger?
DNSChanger is a Trojan horse malware with many versions. It changes an infected computer’s DNS settings to point to bad guy-controlled servers. These then show you ads that look real, but aren’t. Basically, it redirects your good Web surfing to bad Web sites that then attempt to steal personal information and generate ad revenue.

What does DNSChanger do?
DNSChanger changes your Domain Name System (DNS) settings without your permission. This is bad because DNS is basically the Internet’s phone book crossed with a map. DNS links a URL, such as CNET.com, to an IP address. (An IPv4 address would be something like, while an IPv6 address would look like 1050:0:0:0:5:600:300c:326b.) DNSChanger changes that and redirects search results and URLs to malicious sites that are designed to either serve you ads to malicious sites, or intend to illegitimately collect your login information.

How can I avoid malware like DNSChanger in the future?
Security suites aren’t perfect, but they will protect you from the vast majority of threats out there including DNSChanger. Whether you’re on Windows or Mac, Android or iOS, you really ought to have some kind of security program installed. And always double-check the URL before entering personal information into any kind of online text field or form, no matter what operating system or device you’re using.

Get protection and support with IndigoGUARD from BWS Technologies >>

If you’re concerned about your own PC, or family members please call or bring your computer in.

Below are some steps to follow:

  1. The first thing you want to do is make a backup of all of your important files.
  2. Scan for and remove the malware.  The goal is to remove the malware and recover your PC from the control of the criminals that distributed it.
  3. Once you have a clean PC, ensure that your DNS settings are correct by checking again at dns-ok.us.
  4. After you have fixed your computer, you will want to look at your router you’re using and make sure they automatically use DNS settings provided by the ISP.
  5. Changing DNS is only one of the functions of the malware kits.  The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media.  It would be a good idea to check your bank statements and credit reports as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.


For Questions:
Call 334-358-6305 or email us at support@bwsit.com 

Sources: FBI, DCWG, CNET