The easiest way to check if your system is violated with DNS Changer malware is to go to one of the “are you infected sites” (see below). These sites only require someone to visit. The “are you infected site” will inform you if you are infected.
Note: These sites only detect for DNS Changer. You might be infected with other malware. Please take appropriate precautions to protect your computer.
URL Language Maintainer
www.dns-ok.us English DNS Changer Working Group (DCWG)
www.dns-ok.de German Bundeskriminalamt (BKA) & Bundesamt für Sicherheit in der Informationstechnik (BSI)
www.dns-ok.fi Finnish, Swedish, English CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.
www.dns-ok.ax Swedish, Finnish, English CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.
www.dns-ok.be Dutch/French CERT-BE is the primary Belgian contact point for dealing with Internet security threats and vulnerabilities affecting Belgian interests.
www.dns-ok.fr French Le CERT-LEXSI est la division de veille et d'enquête sur Internet, dédiée à la protection du patrimoine en ligne des organisations.
www.dns-ok.ca English/French Canadian Internet Registration Authority (CIRA) and Canadian Cyber Incident Response Centre (CCIRC)
www.dns-ok.lu English CIRCL (Computer Incident Response Center Luxembourg) is the national Computer Security Incident Response Team (CSIRT - CERT) coordination center for the Grand-Duchy of Luxembourg
www.dns-ok.nl Dutch SIDN (the Foundation for Internet Domain Registration in the Netherlands)
dns-ok.gov.au English CERT Australia, Stay Smart Online, and Australian Communications and Media Authority joint page on DNSChanger Information
dns-changer.eu German, Spanish, English ECO (Association of the German Internet Industry)
dnschanger.detect.my Malaysian, English Hosted by CyberSecurity Malaysia and MYCERT
dns-ok.jpcert.or.jp Japanese JPCERT/CC - Japan Computer Emergency Response Team Coordination Center
www.dns-ok.it Italiano Telecom Italia Security Operation Center - IT.TS.SOC
Manually Checking for DNS Changer Infections
The following are the original manual checks to see if you computer is infected with any of the DNS Changer malware.
To check if your Windows XP machine is infected, first click the “Start” button.
Clicking the start button opens the Windows menu. Locate the “Run” option in the menu and
select it.
In the dialog, type in “cmd”, as the name of the program to run. (This opens a DOS shell. This is also available under other parts of the Windows Menu.)
In DOS shell, type in the command:
ipconfig /all
and hit enter.
The command you entered displays information about your computer’s network settings. Read the line starting with "DNS Servers". There might be two or more IP addresses listed there. These are the DNS servers your computer uses. Write down these numbers
Are Your DNS Settings OK?
The malicious Rove viruses changed some peoples DNS settings to use computers they operated.
Compare your DNS settings with the known malicious Rove DNS settings listed below:
Starting IP Ending IP CIDR
85.255.112.0 85.255.127.255 85.255.112.0/20
67.210.0.0 67.210.15.255 67.210.0.0/20
93.188.160.0 93.188.167.255 93.188.160.0/21
77.67.83.0 77.67.83.255 77.67.83.0/24
213.109.64.0 213.109.79.255 213.109.64.0/20
64.28.176.0 64.28.191.255 64.28.176.0/20
What if I’m infected?
If you computer is infected, please refer to our page that list tools to clean DNS Changer and other self help guides to clean your computer – http://www.dcwg.org/fix/
Note: These sites only detect for DNS Changer. You might be infected with other malware. Please take appropriate precautions to protect your computer.
URL Language Maintainer
www.dns-ok.us English DNS Changer Working Group (DCWG)
www.dns-ok.de German Bundeskriminalamt (BKA) & Bundesamt für Sicherheit in der Informationstechnik (BSI)
www.dns-ok.fi Finnish, Swedish, English CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.
www.dns-ok.ax Swedish, Finnish, English CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.
www.dns-ok.be Dutch/French CERT-BE is the primary Belgian contact point for dealing with Internet security threats and vulnerabilities affecting Belgian interests.
www.dns-ok.fr French Le CERT-LEXSI est la division de veille et d'enquête sur Internet, dédiée à la protection du patrimoine en ligne des organisations.
www.dns-ok.ca English/French Canadian Internet Registration Authority (CIRA) and Canadian Cyber Incident Response Centre (CCIRC)
www.dns-ok.lu English CIRCL (Computer Incident Response Center Luxembourg) is the national Computer Security Incident Response Team (CSIRT - CERT) coordination center for the Grand-Duchy of Luxembourg
www.dns-ok.nl Dutch SIDN (the Foundation for Internet Domain Registration in the Netherlands)
dns-ok.gov.au English CERT Australia, Stay Smart Online, and Australian Communications and Media Authority joint page on DNSChanger Information
dns-changer.eu German, Spanish, English ECO (Association of the German Internet Industry)
dnschanger.detect.my Malaysian, English Hosted by CyberSecurity Malaysia and MYCERT
dns-ok.jpcert.or.jp Japanese JPCERT/CC - Japan Computer Emergency Response Team Coordination Center
www.dns-ok.it Italiano Telecom Italia Security Operation Center - IT.TS.SOC
Manually Checking for DNS Changer Infections
The following are the original manual checks to see if you computer is infected with any of the DNS Changer malware.
To check if your Windows XP machine is infected, first click the “Start” button.
Clicking the start button opens the Windows menu. Locate the “Run” option in the menu and
select it.
In the dialog, type in “cmd”, as the name of the program to run. (This opens a DOS shell. This is also available under other parts of the Windows Menu.)
In DOS shell, type in the command:
ipconfig /all
and hit enter.
The command you entered displays information about your computer’s network settings. Read the line starting with "DNS Servers". There might be two or more IP addresses listed there. These are the DNS servers your computer uses. Write down these numbers
Are Your DNS Settings OK?
The malicious Rove viruses changed some peoples DNS settings to use computers they operated.
Compare your DNS settings with the known malicious Rove DNS settings listed below:
Starting IP Ending IP CIDR
85.255.112.0 85.255.127.255 85.255.112.0/20
67.210.0.0 67.210.15.255 67.210.0.0/20
93.188.160.0 93.188.167.255 93.188.160.0/21
77.67.83.0 77.67.83.255 77.67.83.0/24
213.109.64.0 213.109.79.255 213.109.64.0/20
64.28.176.0 64.28.191.255 64.28.176.0/20
What if I’m infected?
If you computer is infected, please refer to our page that list tools to clean DNS Changer and other self help guides to clean your computer – http://www.dcwg.org/fix/
0 comments:
Post a Comment