the issue was a bit bigger than that. It actually replaced the DNS servers both on the machine, and if it could, on the router with malicious ones that would redirect you to ad-sites.
The FBI seized the servers a while ago and has been offering "normal" DNS servers as a stand in since then. Now they will turn off those new DNS servers, that means that starting tomorrow anyone who is still infected or has some left-over of the infection on his machine, will no longer be able to resolve any given web-address. Only numerical IPs will work.
Add to this, that, if the router was infected, all devices on the network will be knocked offline and unreachable, this may cause quite a stirrup. However, since they likely won't be able to get online (except through their 3g phone maybe), this is not something we need to prepare for especially.
We should be aware of this, as it can save you a lot of trouble-shooting on a "broken internet connection" and we will likely get some panicky users, telling us their internet is kaputt. If the leftover are only in the routers, this will not show in the logs either. So some logical combinating may be necessary to reach the conclusion that the router is infected.
However this is not an infection that is new and we know very well how to remove and fix it, if they come to us for help.
Edited by myrti, 07 July 2012 - 04:47 PM.