Trojan.DNSChanger is very dangerous Trojan that changes the settings of the DNS requests. Whenever a request of domain name server is given for browsing a web site this rogue software translates this message with false information and directs the browser to irrelevant and fake sites for different commercial or other purposes. It is dangerous part is that it has many versions and types that are corrupting and capturing the sites and systems on the internet. This makes very difficult to devise proper solution to this rogue malware.

This software normally installs on your software through visiting of infected sites, downloading of infected files, multimedia, and updates. This software behaves very dangerously once it controls your system and its communication with other elements on the internet. It will change the settings of your computer communication and browser thus you are almost helpless to work as you do in routine. Your computer may be completely hacked by through back door created by this Trojan. It can allow other malicious software to download and install on the computer. It will show many fake alerts and other security suggestions that are naturally fake ones. You are popped up very frequently to different fake threats and thus you get completely disturbed. It also stops your security software and other security utilities making the scenario very critical for you. You can resolve through two different approaches either by some antivirus software or manually. I am describing the manual procedure in following section.

Manual removal of Trojan.DNSChanger Virus

This is stepwise process to remove this Trojan; you can follow it step by step to remove it successfully from your computer.

  • You need to stop the process at first step so that you can remove its related files easily.
  • You need to hit ALT+CTR+DEL → click on process
  • Choose suspected processes; normally they are different names like [many names related to dns].exe; select → right click → and click delete/remove
  • Once the processes related to this rogue software are stopped now you need to remove its registry keys.
  • Click Start → Run → Type ‘regedit’ → Hit Return
  • Locate following registry keys:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServer”
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “DhcpNameServer”
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServer”
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “NameServer”
    • Select above mentioned registry key, right click and select ‘Delete/ Remove’
    • Now you need to remove all files and folders that relate to this software; these files vary version to version.
      • Latest version is Trojan.flush.m.exe
      • Also Trojan.dnschanger.exe
      • Search and remove all these types of files and folders from your computer.
      • Now you need to change the settings of DNS server in your protocol settings.
      • Click Start → Control panel → Network Connections → Local area connections → Properties → Internet protocol TCP/IP → Properties
      • Change the DNS settings and put your original DNS IP
      • You are done.
      • Verify the Processes, registry keys and files that were removed from your computer.

This is an advance level of activity and needs to be done by technically expert technician.

Manual Procedure to Remove Trojan.DNSChanger Virus

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>