How to know if your computer is hit by a dnschanger virus?

What are DNS Changer viruses?

DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. For example, google.com is actually an IP address (173.194.38.164). DNS makes it easier for us to remember the site names. DNS servers convert the domain names into IP addresses.

Now the malware, changes the domain name servers used by your computer and uses a different malicious DNS server. This malicious DNS server, swaps IP's and takes the user to a fake site.

Now if you log in to any of your accounts in the fake site, then your log in information is compromised. That's how the malware steals Credit Card details from the user.

The State of affairs now

The FBI have taken control of the bad DNS servers and have been running it as an legitimate server. Now they want to bring it down. If they shutdown the server, then you will not be able to browse the web. That's why you have to check your DNS servers and make sure that you do not have an infected one.

Checking to see if you are using a BAD DNS server

This site will show you if you are using a bad DNS server.

• http://www.dns-ok.us/ Edit : Looks like the site is down, you will have to manually check.

If you are using a bad DNS server

Please change your passwords and other private stuff as it might have been compromised. There are several ways to fix your computer, see the page below.

• http://www.dcwg.org/fix/

Fortunately the rougue servers have been taken down, but now make @HackToHell's links no longer working. Here's an alternative to checking to see if you're computer is infected:

For Windows:

1. Open command prompt (Win+R then type in CMD and then Enter ↵)

2. Run the following command and examine the results:

   ipconfig /all | find /i "dns server"
   

   

3. If it reads something other than your router or ISP's DNS Server, then you might be affected. For sure you should compare to the following IP Addresses and if it matches then you're affected.:

   

For Mac

1. Open Terminal and run the following command to see your DNS Settings: networksetup -getdnsservers Wi-Fi or Ethernet or any other connection device depending on the type of connection you're using
2. Check for the same values as above.

Note: that this the the same as looking in your Network preferences pane (thanks @DanielBeck):

For Linux

1. Open Terminal and run the following command to see your DNS Settings: ifconfig /all
2. Check for the same values as above.

Make sure to check ALL your networking devices including routers.

There are many sites that will help you to perform a test. Here a list published by the FBI: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS