How to check if you’ve been infected by DNS Changer virus.

How to know if your computer is hit by a dnschanger virus?

In case you didn’t hear, back in November, the FBI took down the company “Rove Digital” which was actually a set of cyber criminals, that created and distributed a DNS changing malware.  Here’s a little more detail straight from the FBI:

Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing. One way criminals do this is by infecting computers with a class of malicious software (malware) called DNSChanger. In this scenario, the criminal uses the malware to change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS servers operated by the criminal.

HackToHell also gave a great explanation of what a DNS Changer virus does:

DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. For example, google.com is actually an IP address (173.194.38.164). DNS makes it easier for us to remember the site names. DNS servers convert the domain names into IP addresses. Now the malware, changes the domain naming servers in your computer and uses a different malicious DNS server. This malicious DNS server, swaps IP’s and takes the user to a fake site.

Unfortuantely his answer to checking if your computer is infected, is now obsolete.  So here’s and alternative:

For Windows:

1. Open command prompt: Win+R then type in CMD and then Enter ↵
2. Run the following command: ipconfig /alland look for the entry that says “DNS SERVER”
3. If it reads something other than your router or ISP’s DNS Server, then you might be affected. For sure you should compare to the following IP Addresses and if it matches then you’re affected.:

For Mac

1. Open Terminal and run the following command to see your DNS Settings: networksetup -getdnsservers Wi-Fi or Ethernet or any other connection device depending on the type of connection you’re using
2. Check for the same values as above.

Note: that this the the same as looking in your Network preferences pane (thanks @DanielBeck):

For Linux

1. Open Terminal and run the following command to see your DNS Settings: ifconfig /all
2. Check for the same values as above.

Make sure to check ALL your networking devices including routers.