How can you fix, remove, and recover from a DNS Changer Violation?

You’re looking for information on how to clean up or fix malicious software (“malware”) associated with DNS Changer. It’s possible that either your computer or your home router has been modified to use resources once controlled by criminals to redirect your traffic. You can find more information about this malware on our main page:

http://www.dcwg.org

or visiting the FBI page about DNS Changer:

http://www.fbi.gov/news/stories/2011/november/malware_110911

If you think you have been affected by this malware, you do need to fix your computer. The malware tool kits used that change your computer’s DNS settings are very pervasive. Initially, the only way researchers could ensure that a machine was fixed was to reformat the hard drive and reinstall the operating system from scratch. The malware affected the boot blocks on the hard disk of the computer, so even if people just reverted their operating system to a prior backup, the malware could reclaim the PC. Later on, several anti-malware software companies came up with fixes that removed software correctly. Some of them are listed below.
In addition to modifying your computer’s DNS settings, the malware also looked for home routers to which the computer was attached and modified their DNS settings as well. Not only were the infected computers using rogue DNS services, but other devices in the household or office as well, including wifi-enabled mobile phones, tablets, smart HDTVs, digital video recorders, and game consoles. The criminals would change the web content that users downloaded to suit their needs and make money.
Below are some steps to follow:

The first thing you want to do is make a backup of all of your important files. You might go to a computer store or shop online for a portable hard drive and copy all of your files onto that drive.
Either you or a computer professional that you rely upon and trust should follow the “self help” malware clean up guides listed below. The goal is to remove the malware and recover your PC from the control of the criminals that distributed it. If you were already thinking of upgrading to a new computer, now may be a good time to make the switch.
Once you have a clean PC, follow instructions for ensuring that your DNS settings are correct. If you’re not using a new PC, you’ll want to check that your computer’s DNS settings are not still using the DNS Changer DNS servers. We hope to have some of our own instructions soon. Until then, the instructions and screen shots found in step 2 at http://opendns.com/dns-changer are quite good if you want to manually set your DNS settings. You also have the option to return to using your ISP-provided automatic settings by choosing the “automatically” option (Windows) or deleting any DNS servers listed (MacOS).
After you have fixed your computer, you will want to look at any home router you’re using and make sure they automatically use DNS settings provided by the ISP. We’ll have a document for this soon.
Changing DNS is only one of the functions of the malware kits. The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media. It would be a good idea to check your bank statements and credit reports as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.