How DNS Server Works
As you enter an URL, for example, www.yahoo.com through your browser, the URL asks the DNS server which IP address will be resolved by using this name. In the above example, the IP address is 206.190.60.37: if this IP address is directly entered into the browser, the DNS name will not be necessary.
If you can find the way of changing the DNS server address (the service, used for the name-to-IP address translation) to a MALWARE ONE, you will be able to do whatever you please. For instance, you’ll be able to resolve the DNS name microsoft.com to Google’s PI address Google. Sounds quite odd, isn’t it? And how to keep this behaviour between the windows restarting / reinstalling ???
Actually, it’s quite simple.
To pull the trick off, the Trojan sets the values of the Connection Network Settings DNS Servers to its own ones and/or changes the settings on your modem or router.
How Router Settings Are Changed by Trojans:
As far as the routers and modems are concerned, 90% of the market was occupied by 4-5 major brands. All those brands provide an html access panel for the management of the router. Default passwords are universally known and they depend on the router vendor.
For example, D-Link has the admin-admin default login-password pair. A trojan contains the functionality for log in automatically to the console of your router and setting up the MALWARE DNS SERVERS addresses instead of the providers’ ones (I REPEAT THOSE SETTINGS ARE MODIFIED ON ROUTER).
After this simple procedure is performed, every time you start your PC (even after the Windows is reinstalled), your adapter will automatically retrieve the internet settings with the address of a malware dns server and save these settings to your PC’s Network Connection Settings.
This will result in the “incorrect resolution” of the dns name and when you enter google.com in the address bar of your browser, microsoft.com website will be displayed. This may also lead to the situation when antivirus / antimalware web sites will be unavailable.
No Problem for Exterminate It!
Exterminate It! detects the Malware DNS settings in your Network Configuration Properties and shows this as Zlob Dns Changer entries. That’s why, sometimes, the whole thing looks like your PC is clean even after Windows is re-installed, but Exterminate It! will still signal the presence of the Zlob DNS Changer.
To purge your PC clean of the DNS Changer, you need to make one single final step yourself:
RESET YOUR MODEM OR ROUTER TO THE PROVIDER’S DEFAULT SETTINGS.
ALWAYS CHANGE YOUR DEFAULT PASSWORD FOR THE MODEM/ROUTER CONTROL PANEL
Hi there! When I start my computer it takes a very long time! Anti-spy application catches Trojan Pripi Virus in my computer. Your program did not find it. So, I decided to remove your program!!!
— val · Oct 14, 09:41 AM · #
2 val:
In case when you have recurring or non-detected infection on your PC please use Submit State feature and briefly describe your problem there.
Then your infection will be available in next database update.
— Exterminate It! Support · Oct 15, 04:40 PM · #
i cant find anything to please my interest ;so can you help me please
— john--statham · Nov 29, 01:53 AM · #
exterminate it did not find vundo that windows malware removal tool found but could not remove. Also did not identify sevral related cookies and exes that trend micro found. I cannot afford to buy a program “in hopes” that it can fix my problem. If you cannot identify it, how can you cure it.
— j wacaster · Dec 16, 11:38 AM · #