Full
Name: |
DnsChanger Trojan |
| Type: |
Trojan |
| Also Known As: |
WIN32.DNSCHANGER.S TROJAN, Trojan.Flush.G (Symantec) |
| Danger Level: |
7 |
| Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
| Comment: |
This trojan modifies the DNS server settings and redirect the browser to unwanted sites. May download an adware payload. |
| |
|
| Properties: |
|
| Manual Removal: |
1. Navigate to the following paths in the registry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "DhcpNameServer"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% "DhcpNameServer"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% "NameServer"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% "DhcpNameServer"
2. Look for unknown IP Addresses in the Data part. Change them into IP addresses for your DNS Servers.
For more information contact your system administrator.
|
