As we all know that in July 2012, the Internet Systems Consortium will permanently shut down the DNS servers that were deployed to serve as a stopgap arrangement for the victims of malicious DNS servers during the Operation Ghost Click. This operation was launched by FBI to apprehend Estonian hackers group in 2011. Around one million users were affected by this hacking conspiracy. The victims were immediately shifted to the temporary servers arranged and maintained by the FBI. In July 2012 FBI is going to withdraw the servers pushed into service that time so if you have not arranged an alternative you are certainly going to be left without an active internet connection as there won’t be any server to host your connection.

It is important for you to establish if your internet connection is working on the servers provided by FBI. If yes, then you need to arrange the alternatives as FBI will be pulling out its servers in July 2012. To establish the authenticity of the DNS servers you may refer to DNSChanger Check-Up websites. These websites will automatically check the DNS server you are using for the internet and will let you know by flashing a green light toindicate that your PC is clean.

To know whether you are infected with DNSChanger malware, you are required to visit DNSChanger Check-up websites maintained by Internet security organizations across the world. If you are located beyond the United States, you may refer to the list released by FBI that contains the URLs of DNSChanger Check-Up websites.

How to know about the DNS server for your Windows 7-based PC?

If you have a Windows 7-based PC and want to know about which DNS server is running the internet then follow the instructions given below:

•Open the ‘Start’ menu

•Now either run the Command Prompt application or type ‘cmd’ in the search field

•After the command prompt is open type “ipconfig / allcompartments / all” at the command line and then press ‘Enter’

•Scroll down the entries to find out the string labeled as ’DNS servers’

•If there are more than two strings then it means that your PC is accessing two or more DNS servers.

It is a bit easier for Mac OS X users to know about the IP addresses of the DNS servers used by their computers:

•First of all open the Apple menu that is usually located in the left corner of the screen

•Select ‘System Preferences’

•Now click the ‘Network’ icon to open your ‘Network Settings’ menu

•Navigate to ‘Advance Settings’ and track the strings of numbers listed below in the DNS Server box.

Once you get to know about the IP address of the DNS server used by your PC, you can easily cross- check it for the infection from DNSChanger rootkit. For that you need to enter the IP address into the search box provided on the FBI DNSChanger website. The software will tell you if your computer is using the rogue DNS server to access the web.

What to do if your PC is DNSChanger infected?

If it is established that your PC is infected with the DNSChanger rootkit then it is a serious concern that needs to be dealt with carefully. DNSChanger is a potentially harmful rootkit that can alter the DNS settings and make your computer vulnerable and cause serious security problems. Moreover, it tends to access devices on the small office/home office (SOHO) network of the victim specially those who run a dynamic host configuration protocol (DHCP) server like a router or home gateway.

In case your PC gets infected with the DNSChanger there are serious threats for the data stored on your PC. To mitigate its repercussions you should take back up of your important data, reformat your drives and reinstall the operating system.

Use specialized tools to uproot the rootkit

If you don’t want to reformat your PC then you can try rootkit removal utility tools to remove the infection. One such tool is TDSSKiller offered by Kaspersky Labs. This utility was released by the security firm to get rid of TDSS rootkit malware. However, it also detects and uproots the DNSChanger and many other forms of rootkits.

Using the abovementioned tips you can prepare your computer for facing the server outages proposed in July. Moreover, you can also remove the rootkits if at all they are present within your system. Using rootkit removal tool is an ideal option if you don’t want to reformat your system to prevent the risk of data loss.

Author's Bio: 

Brooke M. Perry is an ardent technician associated with Qresolve online tech support, with wide experience of fixing issues with PCs, laptops, tablets and smartphones. With a strong track record of devising effective ways of remote Pc support and system security, she has so far helped thousands of users across the globe. Her writings on tech issues are the reflection of her in-depth interest and command she carries as a online computer support technician. Her blogs and articles have been rated high for their lucid style and easy to understand language.