Infected by DNS Changer? You Have Until July Before the FBI Shuts You Down

If you happen to have a virus called the DNS Changer, you, or at least your computer, has been involved in a huge FBI crime sting operation involving Estonian and Russian cybercriminals.   What intrigue and thrills!   Here you thought your computer was behaving itself quietly at home when really it was off consorting with dastardly foreign types and now has even involved you with the FBI.  Aren’t you excited?  Isn’t the adrenalin flowing?  In fact, if infected, you are now getting your internet through the FBI.

Do you know where your computer has been?

But not for long.  The virus has rerouted your computer’s DNS  to go through the Estonian servers, and originally there were 4 million of you rerouted that way.   The FBI has now taken over these servers from the Estonians and so you now are getting the Internet courtesy of the FBI.  The Estonians have been arrested, by the way, the one Russian remains at large.

Now the FBI is worried that if they turn off the servers, all people whose computers have the virus will lose their internet connection.  So they are giving people until July to remove the virus.  At that point they will shut down the servers.  It is very considerate of the  FBI to do this, considering many if not most viruses turn off or prevent people’s internet browsers from working.

Everyone should check to see if they have the DNS Changer virus.  Here is a site that tells you how.  It has a utility to check your computer for the DNS Changer infection.  The site is an FBI security partner.

If you want Ducktoes to check to see if you have the virus we can do in our shop or remotely.   We are Calgary virus removal experts.  We can even check out your computer remotely with our remote services.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

When Spyware gets Bad: What to do when you can’t do anything

Sometimes spyware gets so bad, it’s hard to do anything. You can’t go online and download Malwarebytes or Spybot or any anti-spyware (see this post), because your browser–that is, your Internet Explorer or Firefox–is hijacked and redirected and won’t let you go anywhere of use and certainly won’t let you download anything. So you take the next step, and reboot your computer into Safe Mode with Networking by tapping F8 as the computer restarts. But sometimes even in Safe Mode, the malware keeps you from downloading anti-spyware or, if you manage to download it, running it. So now you face reformatting your hard drive and losing all your data and the programs, at least the programs you’ve lost your disks to, or never had disks for in the first place.

What do you do now? You take the computer to a tech who nine times out of ten will recommend reformatting. Or you find a tech like Ms. Ducktoes who will fight the malware without reformatting. Ask your tech if he or she will do this. Ask if he will use Malwarebytes or SuperAntispyware.

Or…you can do this.
1. Go to the computer store and buy a device that lets your hard drive to another computer by USB. It’s called a USB to IDE/Sata Adapter and costs from $25 to $35 dollars.

This is what you need an IDE to USB converter. There are also ones that work with Sata and laptop drives.

2. Find another Windows computer either your own or a friend’s or relative’s. Download and update Malwarebytes and AVG and SuperAntispyware and Spybot to that second computer. (You have many choices, just make sure you use Malwarebytes and AVG among them.)

3. Turn off the power to badly infected computer and unattach the cables. Open up the case of the and remove the hard drive. Some cases will have large buttons to push–like Dell– others will have screws. Remove the case.

Open the case by unscrewing the screws or pushing a button or lever.

Open the case by unscrewing the screws or pushing a button or lever.

Make sure your computer is turned off and unplugged before you do this.

4. The hard drive will have a wide-band white/gray cable attached to it and a four-prong power cable.

Here is the power cable.  You can see a bit of the ribbon cable in back of it.

5. Remove the cables. (Take a digital photo with your camera or cell phone if you think you may forget how they are attached.

What a ribbon cable looks like

What a ribbon cable looks like

5. You’ll probably have to unscrew the hard drive from the where it is attached to the case.

Use a screwdriver to unscrew hard drive screws.
Use a screwdriver to unscrew hard drive screws.

6. After removed, attach the hard drive to the right (same size) IDE/SATA adapter and plug in the power.

Here the hard drive is attached to the adapter.

Here the hard drive is attached to the adapter.

7. Connect USB cable to the USB port of the second computer.

Plug the USB cable into the USB port of the second computer.

Plug the USB cable into the USB port of the second computer.

The computer should recognize that new hardware has been attached. If you go into My Computer, you’ll see it as a USB mass storage device and listed as a letter such as E, F, G, or H, depending on how many cd/dvd and hard drives are on that computer.

You'll see this in the right-hand corner of your monitor screen.

You’ll see this alert “Found New Hardware” in the right-hand corner of your computer screen.

This window will appear on your desktop.  Choose the

This window will appear on your desktop. Choose the “Open folder to view files” option.

Your hard drive is attached!

7. Now run the anti-spyware and anti-virus programs one at a time. If you can, do a custom scan and single out the attached hard drive. Let each anti-spyware run and then remove or quarantine the viruses.

This is the AVG interface.  It allows you to pick the hard drive you want to scan.  Here E and F are selected.

This is the AVG interface. It allows you to pick the hard drive you want to scan. Here E and F are selected.

8. If you have enough skill, go into the desktop of that drive (the one that is connected by USB) and copy and paste the Malwarebytes installer to the desktop of your user. Find the All Users desktop folder and drag the MBAM installer icon into the window.

Drag Mbam icon into the

Drag Mbam icon into the “All Users” desktop folder.

Then you can run it later when you reattach the hard drive in its own computer.

9. Unattach the hard drive from the USB and put it back into its own case. Reattach the cables all the way so they fit snuggly. Start up the computer. You should now be able to go into Safe Mode with Networking and download the anti-spyware and run it. You still will have a lot of spyware to contend with but now you have more of an edge. If you put the Malwarebytes icon (Mbam) on the desktop you can click on it and run it. Make sure that you update it.

Good luck and let Ms. Ducktoes know how it goes. Please feel free to comment and make suggestions.

See this post for more detailed information on how to download and run the anti-spyware.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather