Sunday, 8 July 2012

Tagged under: ,

Checking if your Computer has been violated and infected with DNS Changer

Domain name system (DNS) is the part of the internet that links a website name (say to its numerical internet protocol equivalent (say 123.456.789.098). As the cyber world awaits Monday, when the FBI will shut down servers affected by the DNS changer malware, there is still a day to check if your system has been affected.
Various cyber security firms are offering free solutions. You can visit to check if your computer is infected.
You can also manually check if your DNS server has been changed.

Step I: Open Command Prompt.
           Navigate to Start-> Run.  Type cmd and hit enter.

StepII: (For Windows XP)Type ipconfig/all and hit enter.
           (For Windows 7) Type ipconfig/allcompartments/all and hit enter.

Step III: (For Windows XP) The command you entered displays information about your computer’s network settings. Read the line starting with "DNS Servers". There might be two or more IP addresses listed there. These are the DNS servers your computer uses. Write down these numbers.

(For Windows 7) The output will be very long, since Windows7 by default has support for IPv6. Most likely, you want to look for the IPv4 information under the section entitled “Ethernet adapter…”. Look for the “DNS Servers” line, and write down these numbers. There may be two IP addresses listed there.

Step IV: Check if your DNS settings are OK

Compare your DNS settings with the known malicious Rove DNS settings listed below:
Starting IP Ending IP CIDR

 What if you are infected?
If you computer is infected, please refer the page that list tools to clean DNS Changer and other self help guides to clean your computer –

Kindly Bookmark and Share it:


Post a Comment