DNSChanger – New tool to clean up the infection

(Last Updated On: March 3, 2012)

DNS Changer (see http://www.dcwg.org/) has been a “thick” piece of malware to remediate. At the start of the take down we have ~600K violated computers. Today we’re at ~400K computers. Not an impressive clean-up record. Why? The operational security community has no effective tools that an average user can use to start cleaning up their system. The typical advice has been to back up your data, do a complete re-format of the the hard drive, and rebuild the system. I could see many see this advice as a shock. They would ask for other options. the problem is that we’ve not had any other options. Until now.

Anti-malware vendor’s work is starting to pay off. McAfee’s Stinger has just added DNS Changer to it’s detection list:

Stinger Release Notes

Build Number:
Build Date: 02-Mar-2012

MD5:    275AD47EAB8B1919753846D1D7BBFF98
SHA1:   753070FBA328E598FE87DE059A8E6280A51EEC21

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
•	BackDoor-EXI.gen.aj
•	DNSChanger.dj
•	FakeAlert-Rena.cj
•	FakeAlert-Rena.ck
•	Generic FakeAlert.jn

Stinger is one of those tools in our tool kit that we use to clean a violated computer (see the Malware Removal Guide as an example). The approach is use a series of tools clear as much of malware off the system to get it to a point to run an effective backup and not have the back up reinfect the repaired system. Stinger is one of the key tools used in this approach.  We hope to see a few more of the tools with “DNS Changer” updates.

Are you worried about DNS Changer? If yes, please go to www.dcwg.org and read through how you can check to see if you computer has been violated.