HT1222 DNS changer

Similar Messages

• Dns change not saved

  When i try to change the DNS to 8.8.8.8 the change is nog saved.
  The next time i check the DNS it has it,s old value.
  How come ?

  Hi Fred,
  Tnx for responding.
  But the strange thing is that on my other Ipad the DNS-change is saved correcty.
  I don't have to change it anymore.
  I can't find the difference between the 2 ipads
  Grtz
  Marcel

• DNS Changer-like trojan?

  I've stumbled upon some sort of virus/trojan/malware, and nothing seems capable of getting rid of it. I've tried MacScan, ProtectMac, and iAntiVirus, emptying the cache/history/cookies/etc. of all my browsers, as well as resetting my router, and none of these attempts have fixed it. (iAntiVirus is running a full scan right now, but I'm not hopeful; a quick scan found nothing and the software's update feature wouldn't work.)
  The malware appears to operate like the DNS Changer trojan, but it only goes into effect occasionally. It happens in Safari and Firefox, for sure, and Chrome, iirc. Maybe once or twice an hour, a window will pop up, usually directed to "google-analytics.com" Sometimes it will start at "search.gugle.com" and then redirect to search. and results.google-analytics.com. Most often it gets stuck here, at the analytics.com address, but it will occasionally continue redirecting until the page ends up at something obviously scammish. The pop-up seems to be triggered by a random click; I cannot discern any specific websites or links that trigger it, except bit.ly, which loads, and then immediately redirects (without a pop-up) and hangs.
  A name-server grep pulls 10.0.2.1, so nothing seems to be odd there, and this is why I assume it's not actually the DNS Changer trojan.
  I'm currently running a daisy-chain of computers all sharing one internet connection, which tells me that it's my computer, because only it and the computer after me suffer from the problem. The modem is attached via ethernet to an iMac, which is wirelessly forwarding internet to my MacBook, which is forwarding internet via ethernet to a MacMini used as a mediacenter. The problem has only occurred, that I have seen, on the MacBook and MacMini. Curiously, the bit.ly redirect only occurs on the MacBook, not the mini.
  That's all the information I can think of that's relevant. If anybody can help me, it would be much appreciated.
  Message was edited by: senseabove

  Thanks, Thomas. I'm jumping through hoops to get to the internet because I'm subleasing an apartment right now and the owner specifically requested I leave the internet routed through his iMac so he has remote access to it. The Mini I really only plug in when I want to watch Netflix on the main TV (and the only reason I'm forwarding to it via ethernet is that it's having an unrelated wifi problem). I just figured it would be of interest that the pop-up occurs on the laptop and subsequently connected mini, but not the originating iMac, implying it's a problem with my computer, but more than a nasty cookie of some sort.
  Nevertheless, I've connected the modem directly to the Mac to see if that'll help get to the root of this. The DNS servers now appearing when I run "/usr/sbin/scutil --dns | grep nameserve" in the terminal (which I got from another thread on DNS Changers in the 10.5 forum) are all my ISP's, according to a google search of the IP address, so I would assume that means I'm not suffering from a DNS Changer. And I'm using Camino now, since the attack seems to only work in Safari and Firefox, while trying to trigger it again in Firefox.
  And I'm running little snitch, which I'd just remembered to turn back on before you replied, but I'm not sure what I should be looking for. That said, it doesn't seem to be popping up since I've turned Little Snitch back on.

• HT201184 My computer is infected with the DNS changer virus. I installed the Macscan DNS Changer Removal Tool but after restarting the virus is still there!

  My computer is infected with the DNS changer Virus. I installed the Macscan DNS Changer Removal tool but after running it and restarting the laptop, the virus is still there .

  "Hinweis: Für die korrekte Durchführung dieses Tests dürfen keine Proxy-Server in den Einstellungen Ihres Webbrowsers aktiviert sein. Diese werden häufig bei Firmenrechnern verwendet. Sie sollten daher im Zweifel Ihren IT-Support kontaktieren, der Ihnen mitteilen kann, ob dieser Test in ihrer Umgebung genutzt werden kann."
  Google Translate:
  Note: For proper implementation of this test may not be a proxy server enabled in your browser settings. These are often used in corporate machines. You should contact your IT support in doubt, you can tell whether this test can be used in their environment.
  and
  fane_j wrote:
  Does the US site use a different script, which works even when proxies are used?
  No idea.

• Not able to acess app store .. Tried every thing with ... Dns change .. Time chage.... Reset... Location services .suggest me how to resolve this issue

  Not able to acess app store .. Tried every thing with ... Dns change .. Time chage.... Reset... Location services .suggest me how to resolve this issue

  Hi aditya123,
  If you are having difficulty connecting to the App store from your iPhone, you may want to try the steps in this article -
  Can't connect to the iTunes Store
  http://support.apple.com/kb/TS1368
  Specifically -
  Troubleshoot issues on an iPhone, iPad, or iPod touch
  If you haven't been able to connect to the iTunes Store:
  Make sure your date, time, and time zone are correct in Settings > General > Date & Time.
  Note: Time Zone may list another city in your time zone.
  Make sure that your iOS software is up to date by tapping Settings > General > Software Update (iOS 5 or later) or connecting your iOS device to iTunes and clicking Check for Update on your device's Summary page.
  Check and verify that you're in range of a Wi-Fi router or base station. If you're on a device with cellular service, make sure that cellular data is turned on from Settings > General > Cellular.
  Note: If connected to cellular data, larger items may not download. You may need to connect to Wi-Fi to download apps, videos, and podcasts.
  Make sure that you have an active Internet connection. You can check the user guide for your device for help with connecting to the Internet.
  Make sure that other devices (portable computers, for example) are able to connect to the Wi-Fi network and access the Internet.
  Try resetting (turning off and then on again) your Wi-Fi router.
  If the issue persists, try troubleshooting your Wi-Fi networks and connections.
  It looks like you have already done many of these, but there are a few more to check out.
  Thanks for using Apple Support Communities.
  Best,
  Brett L

• I have a DNS changer that MacScan can't find

  I have discovered that I have a DNS changer hidden away somewhere on my Powerbook G4
  I've run MacScan several times and it can't find it. Some of the other virus checkers only work on system 10.5 and up.
  I've been trying to learn how to eradicate this manually through various on line advice, but most of it is for newer machines and systems. I'm on 10.4.11.
  I followed some instructions to list my router in the Terminal App and see that my router keeps being changed to a server 85.255.116.83 in the Ukraine...rats) When I renew my DHCP lease in my Network preferences my server returns to 192.168.1.254 but within 5 seconds its been changed back.
  I don't have a script named plugins.settings in my /Library/Internet Plug-ins (something that was suggested to look for)
  Given that this seems to be running constantly, there must be something to look for, something to delete (like a preference file maybe), or something to re-install to eliminate this trojan.
  Any of you brilliant Mac minds have a suggestion for me

  Significant Rogue DNS Activity To 85.255.112.0/22 (thanks to the "FreeVideo Player" Trojan)
  http://lists.sans.org/pipermail/unisog/2006-November/026937.html
  DNSHijacker-85.255
  http://www.spynomore.com/dnshijacker-85-255.htm

• Zlob DNS Changer problem

  Hi there,
  Every time I google somthing in any internet browser, and I click on the link, I get redirected to other search engines via a site called copy-book.com. I've heard that the problem (virus) is called Zlob DNS Changer. I've looked on other Zlob removal pages, but they are all for Windows operating systems and I don't know how to remove it with my Mac! It's driving me insane and my internet is so slow now. Can anyone help please?!
  Will
  P.S.
  If this help, here is some solution someone posted in another forum but It didn't really help me.
  "Alright so I had this and I think I have managed to fixed it. What I had was a DNS changer Trojan that was able to hack into my router and change my DNS so that when I used google it redirected me. I was redirected by wierd IP addresses and copybook as well. What you need to do is check your DNS and if it starts with 85. you could have the same problem. Also check out these sites to find out more:
  www.youtube.com/watch?v=bzNQ0OxNX8E
  http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
  Info on how to remove it:
  http://www.exterminate-it.com/malpedia/remove-zlob-dns-changer"

  Might check here and here nd here.
  If your router has been compromised, I don't know what to tell you about that, except maybe try a factory default reset.
  Your profile suggests that your are still at 10.5.1. If that's true, find an uninfected Mac and download and burn to CD the 10.5.4 combo update and 2008-005 security update then install them on your computer. I think that security update is supposed to protect against that DNS changer thing but you may need to remove it first if you've already got it.

• DNS Changer Question?

  I just got my macbook pro from my college lastweek and found out today about the dns changer malware. How can I protect my laptop from this?

  UnicornFluffBall wrote:
  I just got my macbook pro from my college lastweek and found out today about the dns changer malware. How can I protect my laptop from this?
  The DNSChanger malware has not infected Macs for several years now, so if yours is new there is no reason to worry about it.
  To check and see if it was somehow previously infected go to http://www.dcwg.org/detect/ and click on the country / language of your choice.

• I have Mac OS X 10.4.11 and evidently have the DNS changer virus.  Will MacScan fix this or is there something else?

  Will MacScan fix this or is there anything else?

  MacScan no, see > Thomas' Tech Corner » How to remove the DNS Changer malware

• Any talk about the DNS changer trojan and how it could effect the iMac

  any talk about the DNS changer trojan and how it could effect the iMac and what are the solutions

  http://www.reedcorner.net/will-your-internet-service-cut-off-on-july-9/
  And recommendations in:  https://discussions.apple.com/message/18851415

• My iPod has the DNS changer bot.

  I've read discussions saying that it is impossible for an iPod/iPad to be infected with the DNS changer bot, but three computers in my house check fine on the governments check site, and on m iPod, it says that I'm infected. The little pop up occurs on my computers and my iPod saying that I'm infected, but only the iPod actually is "infected." Any ideas?

  I've read discussions saying that it is impossible for an iPod/iPad to be infected with the DNS changer bot
  That is correct.  There was never an iOS version of this malware.  In fact, there is no iOS malware at all, unless you have jailbroken your iPod.
  three computers in my house check fine on the governments check site, and on m iPod, it says that I'm infected.
  That site works by detecting whether your device looks up IP addresses using one of the formerly-malicious DNS servers that were seized by the FBI in November of last year.  The iPod generally gets its DNS server settings from the router.  The same is also generally true of computers, though you are more likely to have manually changed the DNS server settings on a laptop than on an iPod, so it's possible your router's settings have been changed to use a malicious DNS server.  If you know how to access your router's settings, you should examine them and see what DNS server addresses are being used.  Are they in one of the ranges listed at the bottom of the following page?
  http://www.dcwg.org/detect/checking-osx-for-infections/
  If so, you need to change your DNS settings in the router.  I would probably just reset the router to factory defaults if it were me, but you could also just change the DNS server settings to the OpenDNS servers (208.67.222.222 and 208.67.220.220).
  If not, you need to change the iPod's network settings.  Go to Settings -> General -> Network -> Wifi and tap the blue circle with a '>' in it that is next to the network you're using.  (Also, be sure that it's using the network you expect it to be using, and that it hasn't somehow jumped onto a neighboring wifi network.)  Then delete whatever is in the DNS field and change it to the OpenDNS servers.

• My Ipad (Ipad 3) has the DNS changer bot.  What do I do to remove it?

  I have the DNS changer bot on my Ipad (the New Ipad).  I have tried to download MacScan, but safari does not allow it.  How do I get rid of it?
  I went to the FBI check website with my Ipad and the page was red.  I know "they" say that this can't happen, but it has!
  Help!

  Your Ipad isn't infected -- it is very likely the router that you are going through to get internet service, has had its DNS servers changed.
  The message you got is legit.  Google announced they would notify people here:  http://googleonlinesecurity.blogspot.com/2012/05/notifying-users-affected-by-dns changer.html   Go search news.google.com for DNS changer.  Your ISP may also have been trying to notify you over the last few months as well.  
  Check the DNS server settings on your router.  The malware sometimes changes the DNS server settings on your router.  If you find the DNS servers on your router have been changed to the bad ones, change them to something you trust (your ISP's, Google's etc) and then change the password on your router.  If there are other computers in your house, check those as well - you might have a pc that is the source of the infection.  Make sure your router is secured so only you can get on it, not your neighbors.
  Here is a list of the bad DNS Servers:
  85.255.112.0 through 85.255.127.255
  67.210.0.0 through 67.210.15.255
  93.188.160.0 through 93.188.167.255
  77.67.83.0 through 77.67.83.255
  213.109.64.0 through 213.109.79.255
  64.28.176.0 through 64.28.191.255
  To make the comparison between the computer’s DNS servers and this table easier, start by comparing the first number before the first dot. For example, if your DNS servers do not start with 85, 67, 93, 77, 213, or 64, you can move on to the next step. If your servers start with any of those numbers, continue the comparison.

• Mac using OS X 10.7 infected with dns changer?

  Hi. I was recently alerted by my internet company that my computer was infected with a virus called “dns changer.” Upon further inspection I found that one of my DNS servers matched up with a list of known rogue DNS servers.
  I have downloaded several virus scanning programs, such as macscan and virusbarrier x6 which were recommended to me. They didn’t turn up anything.
  I’ve been through the OS X 10.7 topics on the mac community as well as other websites (couldn’t find the “plugins.settings” in my Internet Plug-Ins folder and tried to pry it out using terminal). The same bad DNS server has mysteriously appeared on other computers that use the same internet connection out of my home and have not have any untrustworthy downloads.
  This is a real head scratcher. If anybody could help it would be much appreciated!

  I've recently had the same thing! I did the instructions above and got this
  Last login: Sun Apr 22 15:11:46 on ttys000
  dhcp-149-144-209-103:~ megansmart$ /usr/sbin/scutil --dns | grep nameserver
    nameserver[0] : 131.172.2.2
    nameserver[1] : 131.172.4.1
  dhcp-149-144-209-103:~ megansmart$
  help!

• DNS changed and Mail, MSN, Jabber don't connect :S (but Internet runs well)

  First of all, sorry for my english, i'm spanish .
  My connection to internet was like this (now i've changed)
  iMac ->(wifi)-> router1 ->(ethernet)-> router2 -> Internet.
  I always used the OpenDNS (208.67.220.220/208.67.222.222) and all my applications connect to internet well.
  Two days ago I read about the GoogleDNS (the new service), that they are 8.8.8.8 and 8.8.4.4, so i changed my DNS in the router1 and in the iMac.
  It goes really well for two hours. Then, when I rebooted my iMac many services like Mail (IMAP and POP), MSN, Jabber... didn't connect saying that "there is no connection" or "connection refused", but I had internet (and nslookup went well) so safari, skype, spotify... went well and at full speed.
  When it was driving me mad I returned to OpenDNS... but they didn't connect yet.
  Now, i am connected to the primary router via ethernet, and my iMac has the OpenDNS... and I don't know why, but it still doesn't connect.
  Do you have any suggestion? Do you want any log?.
  Thanks!
  Message was edited by: d4rkb1t

  Up!

• DNS changes to .local

  Hu Guys,
  I have a Standard server that is playing up. It keeps changing from its proper DNS name to .local
  It is running all latest SW updates.
  I have run sudo hostname
  But every restart it keeps defaulting back to the .local
  Any ideas?
  Cheers.

  Using the ISP DNS, when I dig the DNS hostname it shows up the router.
  I'm not entirely certain how to interpret that; I'm going to make several assumptions here.
  If a dig of the host name for the intended host gets the address of the router, then that's an indication that DNS isn't configured correctly, or that there's something funky about the network.
  I'm going to guess there's ISP DNS here, and potentially NAT. I'd ask that a few more details of the configuration be included, both around the current network configuration and NAT and addressing and DNS, and around what dig showed for the results.