This malware infects a computer with malicious software (DNS Changer) to change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS servers operated by the criminal.
I used MacScan which found the DNS Changer malware. I isolated it and dumped it in the trash and emptied the trash as instructed. It has definitely gone but I am still getting the Google alert telling me my computer is infected – this time a different colour! The websites set up to tell you if you are infected are also telling me that I am still infected. I’ve read some other stuff on the internet so I know my router has been affected. Through a command in Terminal in Utilities, it shows it has 2 DNS servers that have been identified as one of the many rogue DNS servers set up by the criminals.
I’ve got an iMac PowerPC G4. It’s just my home computer about 7 years old and I’m using the Built -in- Ethernet. So I need to replace the rogue DNS servers with good ones. I did speak to my ISP provider and was told that as my Mac is using DHCP it means that my router cannot be infected - which goes to show how much they know. I’ve done some research on line but I can’t find instructions specific enough to enable me to change my DNS settings especially as my machine is an older one. This is what I have:
I click on Network.
Built-in-Ethernet is green because that’s what I’m using. But there is no ‘Advanced’ button to press. Just Configure.
I press Configure.
Location: is ‘Automatic’
Show: is Built-in-Ethernet
My button options are TCP/IP, PPPoE, AppleTalk, Proxies, and Ethernet. There is no DNS button across the top of the box with these others.
Under TCP/IP it says Configure IPv4 in front of a drop down menu that is showing ‘Using DHCP”
Under this there is my IP address.
There is a Subnet Mask number as well.
And under that is the Router number. These are printed, they cannot be altered and they are not the same as the rogue IPs that showed up when I used Terminal which were 126.96.36.199 and 188.8.131.52. This also came up but I don't know what it means: cpc10-dals18-2-0-cust331:~
Under this is the DNS Servers box which is empty.
Under this the Search Domains box is also empty
Under this is IPv6 Address which is a long line of letters and numbers, lots of 0s. Plus the option to Configure IPv6.
There are no DNS servers for me to remove and replace in the boxes. So how do I change them?
Any help would be much appreciated as the FBI, who have caught the criminals behind it and who are now maintaining those “rogue” (actually no longer rogue) DNS servers will be turning them off on July 9th and if I haven’t fixed this problem by then I will be cut off from the internet. Thanks
This post has been edited by Jaycee411: 28 June 2012 - 07:20 AM