Published On: Sun, Jul 8th, 2012

DNSChanger Malware on July 9: How to Check Up for Internet Virus

An internet virus called DNSChanger Malware is expected to knock off tens and thousands of internet users on Monday, July 9, 2012.

Back in November 8, 2011, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click” for distributing DNS changing viruses or more commonly known as DNSChanger Malware. They are variously known as TDSS, Alureon, TidServ and TDL4 viruses.

DNSChanger Malware changes user DNS settings, pointing victims to malicious DNS in data centers. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Since every web search starts with DNS, the malware showed users an altered version of the Internet.

The FBI shut down the scheme. However, the agency realized that turning off the malicious servers would cause infected computers to lose access to the Internet. To stay connected, the FBI set up two other servers, which have been connecting infected users to the Internet.

This solution is temporary, providing additional time for DNSChanger Malware victims to clean affected computers and restore their normal DNS settings. However, the two clean DNS servers will be turned off on July 9, 2012 at 12:01 a.m. EDT Monday and computers still impacted by DNSChanger may lose Internet connectivity at that time.

DNSChanger Malware Check (Green indicates free from infection)
Image Credit:

To check if your computers are infected with the DNSChanger Malware, FBI launched the website where Internet users can check whether or not their computers are infected by DNSChanger malware.

A “green” background like in the photo above means that the computer is safe while a “red” background means that it is infected and should be fixed immediately. Please note that this applies only to Windows users, so if you have an Apple computer, you’re fine.

The FBI has also set up a web address for virus check up if your computer is using a rogue DNS server. Simply determine your IP address and enter it on the space above ‘check your DNS’ to determine if your PC is infected or not.

PC World noted that the DNSChanger Malware not only infects computers but also routers. Any Internet user may visit a malware detection site from any computer in his home and all will register as being infected even though his router is only the infected.

For more information on how to detect your computer and fix a DNSChanger Malware infected PCs, check out DNS Changer Working Group at

About the Author

- is an Interaction Designer with over 12 years experience building and designing websites, games and applications for clients ranging from small startups to multi-billion dollar companies. He's now a co-founder of several start-ups yet to be known in the world of social media.

This article is filed under:


Displaying 1 Comments
Have Your Say

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>