# Has everyone taken precautions for the DNS changer malware?



## forluvofsmoke (Jul 6, 2012)

If you haven't yet, you should visit this site: http://www.dcwg.org/

...and run the quick and free check (click language button down below, then, the detect button on the top of the page). I went ahead and downloaded a couple of the free scanning tools available by clicking the "FIX" button to view them (TDSS Killer and Norton Stinger), and found nothing with the 2 separate scans, so I should still be here after the 9th of this month, when the temporary "safe" severs are shut-down.

Just a heads-up if you haven't been watching the news lately. I want you all to still be around so we can share our smokes, tips, methods and get your questions answered...cool?

Eric


----------



## s2k9k (Jul 6, 2012)

I don't watch the news and don't read much of it on the internet so this is news to me. I have no idea what you are talking about, what is supposed to happen on the 9th?

Sorry for being so ignorant but SMF has consumed my life,

Dave


----------



## raymo76 (Jul 6, 2012)

S2K9K said:


> I don't watch the news and don't read much of it on the internet so this is news to me. I have no idea what you are talking about, what is supposed to happen on the 9th?
> 
> Sorry for being so ignorant but SMF has consumed my life,
> 
> Dave


x2


----------



## s2k9k (Jul 6, 2012)

Well I read about it and still don't really understand it but I ran the scan and it said GREEN


----------



## forluvofsmoke (Jul 6, 2012)

Dave, it's described briefly on the site link I posted and there are links to further info on the responsible persons who are in custody as well as how it all came about. Clark Howard's (the money and tech watch-dog dude) appearance on HLN yesterday was a discussion about it...he did a brief tutorial on what's what and how to do the scan, etc...serious crap with internet service. It's on the news again today, as well.

The way I understand it, infected computers will not be able to access internet, or at least, not the web sites they intended to access. The "safe" servers are now operating to allow everyone to do checks. The DNS malware redirects infected computers to malicious servers, if I recall, by changing your computer's DNS settings while hiding in the background, undetected.

This appears to be a serious threat against hundreds of thousands of computer users on a global scale. I would love to hear that this was a made-up scare, but  they're saying they have individuals in custody, and they can't undo what they did because they don't know how to find the computers which are infected, so you have to check it yourself. I'm thinking it's a real threat.

I hear ya about SMF...I don't watch the tube much myself or read the news, either, but if I hear something on the tube when the wife or kids are watching it, I eve's-drop while I'm on the forums and if it's an attention grabber like this was, I try to get the details.

Eric


----------



## diggingdogfarm (Jul 6, 2012)

Linux here, so it's not a potential problem, thank God!



~Martin


----------



## forluvofsmoke (Jul 6, 2012)

This link is from the original page I posted the link to in the OP, which is a blog, and describes in detail how to find out if your DNS settings on your computer have been changed. If it is not set to detect automatically, but instead has been selected to "Preferred DNS server" and "Alternate DNS server" and lists any of these DNS servers:

_*EDIT:*_ forgot to post link----  http://blog.eset.com/2012/05/31/dns...rs-going-dark-soon-how-to-check-your-computer

77.67.83.1 – 77.67.83.254
85.255.112.1 – 85.255.127.254
67.210.0.1 – 67.210.15.254
93.188.160.1 – 93.188.167.254
213.109.64.1 – 213.109.79.254
64.28.176.1 – 64.28.191.254
...then, you got the bug. You can switch it back to automatic detection, but the bug is still there if you don't remove it with a tool.

I may be a bit confused about the "safe" temporary servers. I think they (culprits) are routing Internet traffic through these, and then they will shut down. Maybe it's part of their scheme to let everyone think all is well until the servers shut-down automatically and then all the effected computers will go off-line, with no outside support from Internet resources, or, they will be redirected to other fictitious or malicious sites.

Eric


----------



## jp61 (Jul 6, 2012)

What a bunch of A-holes..... some people make me sick!


----------



## diggingdogfarm (Jul 6, 2012)

The FBI is running the safe temporary servers that'll be shut down on the 9th.

There are several news articles with more detail.


~Martin


----------



## s2k9k (Jul 6, 2012)

Yea Eric I read a couple of those articles and kind of understand but the whole internet thing confuses me so I try not to think about it. I can take a car completely apart and put it back together but trying to understand how a computer or the internet work just boggles my mind. I'm a hands on, I gotta see it in action kind of guy!

One thing though, if your computer was infected wouldn't running your recovery disk fix it? I've gotten viruses before and that always did the trick. I don't keep much on here and anything I really want to save I put on an external hard drive.

I will never understand why people put out viruses, do they not have anything better to do with their lives? Maybe they should buy a smoker!


----------



## forluvofsmoke (Jul 6, 2012)

S2K9K said:


> Yea Eric I read a couple of those articles and kind of understand but the whole internet thing confuses me so I try not to think about it. I can take a car completely apart and put it back together but trying to understand how a computer or the internet work just boggles my mind. I'm a hands on, I gotta see it in action kind of guy!
> 
> One thing though, if your computer was infected wouldn't running your recovery disk fix it? I've gotten viruses before and that always did the trick. I don't keep much on here and anything I really want to save I put on an external hard drive.
> 
> I will never understand why people put out viruses, do they not have anything better to do with their lives? Maybe they should buy a smoker!


Yeah, you can wipe your hard disc as a last resort and reload the operating system software and applications if you have them on CD-Rom (purchased separately). Any files you had will be gone forever if you don't back them up. You have to go through all the hoops on-line to download tons of other applications and updates for them as well. Been there, done that, on more than one machine...what a PITA!


DiggingDogFarm said:


> The FBI is running the safe temporary servers that'll be shut down on the 9th.
> 
> There are several news articles with more detail.
> 
> ...


Hey, there ya go! I was researching and checking computer DNS settings on our desktops and lap tops here, and through the whole mess got confused about what the intentions of the individuals who responsible for the malware really are/were, and what protective measures were in place for the Internet. Something about a fictitious string of advertisements or advertising sites...can't remember.

Anyway, confusing as hell, but hopefully, since they got caught, any others might think twice about attempting the same or similar things in the future. I hope they get strung-up by the short and curlys over this mess...no prison sentence would match this crime, IMO.

Eric


----------



## scarbelly (Jul 6, 2012)

Thanks Eric - I had used a couple of other sites from a Google search and got the green light from them and this one too - I agree with you on the jail sentence not being good enough for them


----------



## daveomak (Jul 6, 2012)

DiggingDogFarm said:


> Linux here, so it's not a potential problem, thank God!
> 
> 
> 
> ~Martin


Martin,  Linux really.... what the hey are you doing with Linux as your software..... I ran a multitasking 'puter in my lab that used Linux  years ago.... some powerful stuff there.... 


S2K9K said:


> I don't watch the news and don't read much of it on the internet so this is news to me. I have no idea what you are talking about, what is supposed to happen on the 9th?
> 
> Sorry for being so ignorant but* SMF has consumed my life,*
> 
> Dave


Where else would you rather be ????  Thailand with Phil maybe ???


----------



## s2k9k (Jul 6, 2012)

DaveOmak said:


> Where else would you rather be ????  Thailand with Phil maybe ???


Thailand?.....Hmmm......You got his number?


----------



## jp61 (Jul 6, 2012)

"Had your computer been infected with DNS changer malware you would have seen a red background.  Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected."

hmmm.... now I need to find out if I was redirected by my ISP? How can one find that out?


----------



## s2k9k (Jul 6, 2012)

JP, Did you read this? http://blog.eset.com/2012/05/31/dns...rs-going-dark-soon-how-to-check-your-computer

I think that will let you know.


----------



## jp61 (Jul 6, 2012)

No I did not but, I will now....thanks.


----------



## forluvofsmoke (Jul 6, 2012)

JP61 said:


> "Had your computer been infected with DNS changer malware you would have seen a red background.  Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected."
> 
> hmmm.... now I need to find out if I was redirected by my ISP? How can one find that out?


Go to the link on post #7...OK, here: http://blog.eset.com/2012/05/31/dns...rs-going-dark-soon-how-to-check-your-computer

...and follow the instructions on how to check your DNS settings (it's for Windows O/S). I did on all of ours just as a precaution.

Your ISP should already have gone through the motions to take corrective measures on their end by now. If they have not, then they don't give spit about customers and they're not an ISP I would want to continue using...that would be time for me to find another place to spend my Internet dollars. This particular malware isn't a new threat, from what I gathered. It's probably been kept fairly quite until yesterday, but authorities seem to have had knowledge for quite some time, otherwise the FBI wouldn't have had the safe servers running this long. That said, ISPs should have done something by now...if not, dump 'em.

Eric


----------



## jp61 (Jul 6, 2012)

Thanks Eric!.... and for the heads-up too!


----------



## s2k9k (Jul 6, 2012)

In this article http://blog.eset.com/2012/05/31/dns...rs-going-dark-soon-how-to-check-your-computer  it says that routers can be compromised as well. That has me thinking because our wireless network at work has been doing weird things lately. Everyone's company laptop used to work fine but lately will connect to the network but not to the internet at work but works fine on any other network, there is a lot of security software on these laptops. Also some peoples personal computers have been being redirected to a website (and now I can't think what it is) that I have never seen and is just basically a white page with the name at the top. This has happened to mine and only at work never at home. This got me thinking that our router might have been compromised, guess I'll find out Monday.


----------



## forluvofsmoke (Jul 6, 2012)

Yeah, Dave, if you have routers, you need to check them out, especially if you've recently been experiencing weird page results on the net. The DNS changer malware may not be the cause, but at least you'd have piece of mind in knowing you've checked for it.The instructions can also be found for numerous router models on that link. I just did ours a couple hours back as well...it appears to be normal.

Eric


----------



## s2k9k (Jul 6, 2012)

Thanks Eric, I will check out my router but the ones at work don't belong to me so if there is a problem it will be interesting (funny) how my idiot manager handles this! Wow I'm actually looking forward to Monday for once!


----------



## forluvofsmoke (Jul 6, 2012)

S2K9K said:


> Thanks Eric, I will check out my router but the ones at work don't belong to me so if there is a problem it will be interesting (funny) how my idiot manager handles this! Wow I'm actually looking forward to Monday for once!


Damn, Dave, you make it too easy to get a good laugh on such a serious subject! I can see it clearly already...been there...alot! Like the saying goes: it's hard to soar with the eagles when you're around a bunch of turkeys...LOL!!!

Eric


----------

