BleepingComputer.com: Trojan.DNSChanger

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Trojan.DNSChanger How to explain to client why AVG free didn't protect them.

#1 User is offline   ctechnologies 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 02-July 10

Posted 02 July 2010 - 11:34 AM

I have a computer that has AVG Free and it looks like the Windows was up to date with the latest patches, but the computer contracted a dns changer (AVG calls is Trojan.DNSChanger).

Normally I tell friends that their are several factors to contracting the malware including: windows updates, users actually installing the malware without realizing it, antivirus not being up to date, etc.

It just seems to me that AVG should have caught something as simple as a DNS changer.... am I wrong?

This post has been edited by Blade Zephon: 02 July 2010 - 06:18 PM
Reason for edit: Move from Logs forum to a more appropriate location. ~BZ

#2 User is offline   Blade 

  • Strong in the Bleepforce
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Site Admin
  • Posts: 10,236
  • Joined: 20-January 09
  • Gender:Male
  • Location:US

Posted 02 July 2010 - 06:17 PM

Hello.

You've hinted at this, but this is what I'd tell them.

No program can completely protect you against malware. Malware writers are continually developing new and more complex methods to get around security software, and some of those attempts will succeed for at least a short while. The most effective means to protect yourself from malware is by installing one well regarded Antivirus program, keeping all programs (including Windows) up to date, and (MOST IMPORTANTLY) practicing safe surfing habits.

Do you require assistance in removing this infection?

~Blade
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+

#3 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,514
  • Joined: 09-July 05
  • Gender:Male
  • Location:Virginia, USA

Posted 02 July 2010 - 09:36 PM

Quote

It just seems to me that AVG should have caught something as simple as a DNS changer.... am I wrong?
A DNSChanger is not a simple infection.

Quote

...rogue DNS servers are part of click fraud and leakage of personal information...we discovered that this network is now targeting four of the most popular search engines. In a large scale click fraud scheme, the ZLOB gang appears to hijack search results and to replace sponsored links with DNS “tricks”.
ZLOB Enters The Search Engine Market

Quote

A new Trojan horse masquerading as a video "codec" required to view content on certain Web sites tries to change key settings on the victim's Internet router so that all of the victim's Web traffic is routed through servers controlled by the attackers.

...recent versions of the ubiquitous "Zlob" Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim's domain name system (DNS) records so that all future traffic passes through the attacker's network first. DNS can be thought of as the Internet's phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking equipment to handle.
Malware Silently Alters Wireless Router Settings
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users