Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
2 replies to this topic

#1 ctechnologies


  • Members
  • 1 posts
  • Local time:01:02 PM

Posted 02 July 2010 - 11:34 AM

I have a computer that has AVG Free and it looks like the Windows was up to date with the latest patches, but the computer contracted a dns changer (AVG calls is Trojan.DNSChanger).

Normally I tell friends that their are several factors to contracting the malware including: windows updates, users actually installing the malware without realizing it, antivirus not being up to date, etc.

It just seems to me that AVG should have caught something as simple as a DNS changer.... am I wrong?

Edited by Blade Zephon, 02 July 2010 - 06:18 PM.
Move from Logs forum to a more appropriate location. ~BZ

BC AdBot (Login to Remove)


#2 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,704 posts
  • Gender:Male
  • Location:US
  • Local time:02:02 PM

Posted 02 July 2010 - 06:17 PM


You've hinted at this, but this is what I'd tell them.

No program can completely protect you against malware. Malware writers are continually developing new and more complex methods to get around security software, and some of those attempts will succeed for at least a short while. The most effective means to protect yourself from malware is by installing one well regarded Antivirus program, keeping all programs (including Windows) up to date, and (MOST IMPORTANTLY) practicing safe surfing habits.

Do you require assistance in removing this infection?


Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,762 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:02 PM

Posted 02 July 2010 - 09:36 PM

It just seems to me that AVG should have caught something as simple as a DNS changer.... am I wrong?

A DNSChanger is not a simple infection.

...rogue DNS servers are part of click fraud and leakage of personal information...we discovered that this network is now targeting four of the most popular search engines. In a large scale click fraud scheme, the ZLOB gang appears to hijack search results and to replace sponsored links with DNS “tricks”.

ZLOB Enters The Search Engine Market

A new Trojan horse masquerading as a video "codec" required to view content on certain Web sites tries to change key settings on the victim's Internet router so that all of the victim's Web traffic is routed through servers controlled by the attackers.

...recent versions of the ubiquitous "Zlob" Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim's domain name system (DNS) records so that all future traffic passes through the attacker's network first. DNS can be thought of as the Internet's phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking equipment to handle.

Malware Silently Alters Wireless Router Settings
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users