Sunday, March 1, 2009

Trojan.DNSChanger changed your DNS Settings

The DNSChanger trojan horse is a small trojan horse application that installed itself in your workstation thru an embedded video codec. It wouldn’t be having ‘big’ harmful to you and the system but it may once in a while affect your Internet online activities.

This trojan is mainly to change your DNS ( Domain Name Server ) in your registry “NameServer” value to a custom IP address e.g. localhost 127.0.0.1 or redirect you to another malicious website. Normally the IP address is encrypted itself in the trojan file, and intend to redirect you to fake website that is looks “alike/same” to the legitimate websites, so that they can steal your private information e.g. banking account access pin/password etc.

Let’s see the search result by MalwareBytes Antimalware in my station :

DNSchanger01

I found this problem when I am trying update my Live Messenger thru MSN Live updater, it keeps failed.  Then I found that the trojan is redirect the msn.com to my localhost 127.0.0.1. The worst part is actually it redirect all the antivirus, antimalwares, anti-trojan or whatever cleaning tool application websites to other IP addresses that causing me unable to download any application! Turnout I have to use another station to download them…

Here are some application that you can download and scan thru your station :

No comments: