This blog describes what DNS Changer is and how it can be removed from a computer. The methods provided here are reliable and correct to date. However, we advise users to follow them cautiously to avoid running into common virus removal problems.
DNS Changer is a malicious Trojan virus that changes the DNS (Domain Name Server) configuration of your computer. The virus hijacks your Internet Service Provider’s (ISP) DNS servers and modifies them to use its own to direct your web browser to illegal, unsolicited, and porn websites etc. Besides, it changes your computer settings, steals your personal information, installs unwanted software, and invites other viruses and malware to attack your computer. When infected with this virus, you will essentially not log into your own computer or email account but into the hijacker’s niche. Do not worry as there is solution to this problem. Here is your comprehensive free virus removal support guide to help you delete the virus from your computer.
Instructions:
You should first determine whether your computer or router is plagued by DNS Changer or not. If the computer or router is using a fake DNS server, then it has been plagued and needs be cured immediately. Open Command Prompt from the Start menu> All Programs> Accessories. You can alternatively type ‘cmd’ in the Run window and hit Enter to open Command Prompt. Once the window is opened, type ‘ipconfig/all’ (without quotes) and hit Enter. Locate the DNS server entries. These should be anything between the span of 0 and 255.
Make a note of the DNS server entries and compare them with the given list of fake DNS server ones. The fake ones include 85.255.112.0, 85.255.112.0/20, 85.255.127.255; 64.28.176.0, 64.28.176.0/20, to 64.28.191.255; 67.210.0.0, 67.210.0.0/20, to 67.210.15.255; 77.67.83.0, 77.67.83.0/24, to 77.67.83.255; 93.188.160.0, 93.188.160.0/21, to 93.188.167.255; 213.109.64.0, 213.109.64.0/20, to 213.109.79.255; and 193.227.227.218 among others. You must perform the same procedure for your wireless router also. If your DNS entries match with any of the given entries here, your computer or router has certainly been taken down by DNS Changer. Follow the instructions below to remove it completely.
First create a backup of your entire computer data. You can either choose to store your computer on cloud storage or on an external backup media like flash drive. When done backing up your data, go to the Windows Directory. Open the Run program (from the Start menu) and type ‘%Windir%\system32\drivers’ (without quotes) and hit Enter. The command will take you to the list of driver software. Look for the ‘ndisprot.sys’ file, right click on it and choose Rename. Change the name of the file to something else. When done, select this file and hit the Delete key on the keyboard. When prompted for a confirmation, hit the Yes button. You should delete this file from the Recycle Bin also.
When the file has been deleted, open the Run program again and type ‘regedit’ (without quotes) and hit Enter. This will open up the Windows Registry Editor. Before you proceed from here, make sure that you have backed up all your files. When done, scan for these registry threads and remove the last entry from the entire thread. Remember, you should not delete the entire thread, it is only the last entry.
· HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces] "NameServer"
· HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random} DhcpNameServer = 85.255.xx.xxx,85.255.xxx.xxx
· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random} NameServer = 85.255.xxx.133,85.255.xxx.xxx
· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
DhcpNameServer = 85.255.xxx.xxx,85.255.xxx.xxx
DhcpNameServer = 85.255.xxx.xxx,85.255.xxx.xxx
· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
NameServer = 85.255.xxx.xxx,85.255.xxx.xxx
NameServer = 85.255.xxx.xxx,85.255.xxx.xxx
· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%RandomCLSID%"DhcpNameServer"
· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%RandomCLSID%"NameServer"
· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% "DhcpNameServer"
When done, exit the Registry Editor window. Open your antivirus program and run a full virus scan of your computer. Wait for the scan to finish. When done, prompt your antivirus to remove the malicious items found during the scanning. Thereafter, connect to the internet and download the latest version of DNSChanger removal tool either from McAfee or Malwarebytes. Save the downloaded file to your computer.
When done, locate and run the setup file. Follow the instructions to install and/or run the tool. When the tool has been installed, open it and then update it with latest virus and malware definitions. Wait until updating finishes. When finished, run a full virus scan of your computer. Afterwards, prompt the tool to delete all the infected files. Close all the windows. Empty the Recycle Bin and then restart your computer. Your computer is now free of the DNS Changer Trojan virus.
Additional Tips:
You should be logged in as an administrator to modify the Registry Editor. Since registry modification is a sensitive procedure, you must take help of a professional online virus removal support to avoid facing system crash or other severe problems in your computer.
Feel free to get online technical support to fix your computer problems. Just Call on Toll-Free number(1-866-541-1792) & get 24*7 expert help for online diagnostic and troubleshooting.
See also: How to remove a virus through MS-DOS >>
Feel free to get online technical support to fix your computer problems. Just Call on Toll-Free number(1-866-541-1792) & get 24*7 expert help for online diagnostic and troubleshooting.
See also: How to remove a virus through MS-DOS >>
How i thanks you , I have no words to admire your post. really nice .
ReplyDelete