regarding this week's malware of teh century, namelydnschanger....

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Anyone know if the "microsoft malicious software removal tool"
(more or less its name) that m-soft keeps updating every
few intervals and pushing out to Windows computers...

.... anyone know if it handles dnschanger?

thanks

--
_____________________________________________________
Knowledge may be power, but communications is the key
             dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]

Re: regarding this week's malware of teh century, namelydnschanger....


Quoted text here. Click to load it

By now every AV/AM vedor will recognize the DNSChanger trojan.  However some
may not detgect if the DNS Table of a previously infected computer or
modified SOHO Router is still using the DNSChanger related DNS servers.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: regarding this week's malware of teh century, namelydnschanger....

danny burstein wrote:
Quoted text here. Click to load it

There is a common misconception about this *new* problem. It's not some
new malware, it's old malware that had changed settings to use "bad" DNS
servers. When the malware related servers were taken over by the good
guys and the malware cleared up on local machines they became dependent
upon those good guy owned "bad" servers for the normal operation of DNS
which is almost critical for resolving URLs.

The good guys are now ready to wean the affected (previously infected)
local machines off from the "bad" servers, and thus all of the hoopla.


Re: regarding this week's malware of teh century, namelydnschanger....

writes:

Quoted text here. Click to load it



In the words of Commodore Decker from Star Trek (the one
and only, no "pre" or "post" or "second" or "rebooted"),
"don't you think we know that?"

My question, as expanded a bit, is whether the m-soft
download, which anyone doing updates has gotten, gets
rid of teh malware _and_ also resets the DNS back
to the pre-infection default.

--
_____________________________________________________
Knowledge may be power, but communications is the key
             dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]

Re: regarding this week's malware of teh century, namelydnschanger....


Quoted text here. Click to load it

My understanding is the monthly downloaded MRT will not alter the Windows PC
DNS Table.  It will only remove the DNSChanger trojan.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: regarding this week's malware of teh century, namelydnschanger....


Quoted text here. Click to load it


Thanks for the pointer. If you're correct, then one (I'll volunteer)
should scream out loudly:

  Dear Redmond:
  Add the fixxer upper. Please.
  Thank you.


--
_____________________________________________________
Knowledge may be power, but communications is the key
             dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]

Re: regarding this week's malware of teh century, namelydnschanger....

[snip]
Quoted text here. Click to load it

yeah, about that. how exactly is a program supposed to know what your
DNS settings were before you got infected?

this isn't a setting that has a default value that you can set it back
to and have things work.

the DNS setting in question, specifically, is the address of the DNS
server your computer connects to when it wants to look up the
numerical IP address associated with a domain name (necessary for
reaching any website unless you're entering the IP address yourself).
for most people that DNS server is the one their ISP provides. even if
a program were to detect which ISP you used, and had a listing of
every DNS server provided by every ISP (a pretty monumental
undertaking), not everyone uses their ISP's DNS so a recovery program
still wouldn't be able to restore the right one.

restoring altered DNS settings is outside the scope of what a clean up
tool (like the one microsoft provides) can do.

Re: regarding this week's malware of the century, namely dnschanger....

kurt wismer wrote:
 
Quoted text here. Click to load it

The cleanup tool can (or should) perform a test to see *if* your system
is using a known-malicious DNS server (just as these tests are possible
as some third-party websites perform this service).  Even if the tool
can't change the system's DNS-server setting (* because it doesn't know
what it should change it to) telling the user that the system has a bad
DNS setting is a necessary first step at fixing the problem.

 ---
 *  Even that is debatable, since the system's DNS server setting
    could be changed to point to a known-good public DNS server.
    Even if the user's router or modem has been comprimized to
    provide a malicious DNS server via DHCP, that can be by-passed
    by hard-coding a known-good public DNS server setting on a
    system's TCP/IP properties.
 ---

Re: regarding this week's malware of the century, namely dnschanger....

Quoted text here. Click to load it

agreed, a cleanup tool should be able to do that. i'm not sure
microsoft's tool (or the design philosophy) incorporate user feedback,
however. my guess is that such notifications would generate support
requests that they don't have the capability to deal with.

Site Timeline