It’s not just consumer PCs and Macs — DNSChanger was equal-opportunity malware — that remain infected, but also corporate computers and systems at government agencies, said Tacoma, Wash.-based Internet Identity (IID), which has been monitoring cleanup efforts.
Last week, IID said that its scans showed 12% of Fortune 500 firms, or about one out of every eight, harbored DNSChanger-compromised computers or routers. And two out of 55 scanned U.S. government departments or agencies — or 3.6% — also had failed to scrub all their PCs and Macs.
According to the article, the numbers are down though, back in January, the numbers were still 50%!
Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.
Yesterday, U.S. District Court Judge Denis Cote extended the deadline for shutting down the replacement servers by four months, from March 8 — this Thursday — to July 9, 2012.
Well, now the deadline is coming up again. Monday, July 9, 2012 they will be turning off the safe substitute go-between servers and anyone who still has DNS Changer-infected systems at that time, will be severed from the Internet on Monday.
Checking is pretty easy and generally will determine if you have a DNSChanger infected system. The DNSChanger Working Group (DCWG), a volunteer organization of security professionals and companies has provided a great way to do just that.
You can go directly to their site Detect Help Guide page with the DNSChanger Detect Tool pages:
You will find lists of servers in various languages there and some information about their checker and what it does. One of the English servers available to provide the DNS Changer Check-Up are:
You should get the following response if your computer does NOT have DNSChanger or other malware that changes your DNS Servers on your computer:
In case it is too small to read, at the bottom of the DNS Resolution – GREEN image, it says the following:
Had your computer been infected with DNS changer malware you would have seen a red background. Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI’s website at:
BOLD emphasis mine.
The WPTV.com article goes a step further and also lists some additional help locations for malware removers, etc.
If your computer is infected, click here to learn how to get rid of the infection: http://www.dcwg.org/fix
The following sites can also help you with free or low-cost products to check and fix your computer if it’s infected:
· Microsoft Safety Scanner – http://www.microsoft.com/security/scanner/en-us/default.aspx
· Kaspersky Labs TDSSKiller – http://support.kaspersky.com/faq/?qid=208283363
· McAfee Stinger – http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
· Hitman Pro (32bit & 64bit versions) – http://www.surfright.nl/en/products/
· Norton Power Eraser – http://security.symantec.com/nbrt/npe.aspx
· Trend Micro Housecall – http://housecall.trendmicro.com
· MacScan – http://macscan.securemac.com/
If you are still concerned that you might lose Internet come Monday, you can use one of the above products to determine if you are infected with the DNSChanger or other malware.
Or just wait till Monday and see, and if you lose Internet, you can use one or more of the products, at that time, or call your computer specialist to help you remove it. With only a few hundred thousand computers still being infected, you could be infected, but chances are, you are not.
Also, without actually running one or more of the programs listed to determine if you are infected, and because the government’s substitute DNS Changer servers are currently in place until Monday, you may not be able to even tell if you are infected from the detect tool alone.
EDIT NOTE: It couldn’t hurt to have a copy of the downloadable antimalware programs and update/run them before Monday: such as McAfee Stinger or Kaspersky’s TDDSKiller just in case — BEFORE they turn off the substitute safe DNS servers. What’s the logic in that? If it turns out you are infected (albeit unlikely), you may not be able to get to the sites to get these antimalware tools later. Of course come Monday, any online tools listed, like Trend Micro’s Housecall and any other online tools would not be available if your computer turns out to be infected and loses Internet.