Exterminate It! Antimalware

blog

Known threats:700,086 Last Update:March 16, 12:51

Testimonials

After days of searching on the net for a solution to my probelm and reading how much of a problem it was to fix and trying a number of other programs. I got now where. I found a link to Exterminate It somewhere buried deep in a google search. That was my lucky day. The update you done seems to have solved all the problems and all this in under 24 hours. Thank you, i was considering reformatting and you save me the trouble of doing so.

I will reccommend your service to anyone i know and you can be assured of my support in the future. i know where to go first if in trouble again. Job well done and thanks again.

M. B.
Jan 31, 02:36 pm

How Do DNS Trojans Work?

How DNS Server Works

As you enter an URL, for example, www.yahoo.com through your browser, the URL asks the DNS server which IP address will be resolved by using this name. In the above example, the IP address is 206.190.60.37: if this IP address is directly entered into the browser, the DNS name will not be necessary.

If you can find the way of changing the DNS server address (the service, used for the name-to-IP address translation) to a MALWARE ONE, you will be able to do whatever you please. For instance, you’ll be able to resolve the DNS name microsoft.com to Google’s PI address Google. Sounds quite odd, isn’t it? And how to keep this behaviour between the windows restarting / reinstalling ???

Actually, it’s quite simple.

To pull the trick off, the Trojan sets the values of the Connection Network Settings DNS Servers to its own ones and/or changes the settings on your modem or router.

How Router Settings Are Changed by Trojans:

As far as the routers and modems are concerned, 90% of the market was occupied by 4-5 major brands. All those brands provide an html access panel for the management of the router. Default passwords are universally known and they depend on the router vendor.

For example, D-Link has the admin-admin default login-password pair. A trojan contains the functionality for log in automatically to the console of your router and setting up the MALWARE DNS SERVERS addresses instead of the providers’ ones (I REPEAT THOSE SETTINGS ARE MODIFIED ON ROUTER).

After this simple procedure is performed, every time you start your PC (even after the Windows is reinstalled), your adapter will automatically retrieve the internet settings with the address of a malware dns server and save these settings to your PC’s Network Connection Settings.

This will result in the “incorrect resolution” of the dns name and when you enter google.com in the address bar of your browser, microsoft.com website will be displayed. This may also lead to the situation when antivirus / antimalware web sites will be unavailable.

No Problem for Exterminate It!

Exterminate It! detects the Malware DNS settings in your Network Configuration Properties and shows this as Zlob Dns Changer entries. That’s why, sometimes, the whole thing looks like your PC is clean even after Windows is re-installed, but Exterminate It! will still signal the presence of the Zlob DNS Changer.

To purge your PC clean of the DNS Changer, you need to make one single final step yourself:

RESET YOUR MODEM OR ROUTER TO THE PROVIDER’S DEFAULT SETTINGS.

ALWAYS CHANGE YOUR DEFAULT PASSWORD FOR THE MODEM/ROUTER CONTROL PANEL