Examine your computer for potentially malicious DNS alterations
This script-based tool can be used to examine your computer's DNS settings for potentially malicious alterations performed by the DNSChanger malware. This tool can also be used to reset problematic DNS settings.
On 8 November 2011, The United States' Federal Bureau of Investigations (FBI) disabled a large network of rogue Domain Name System (DNS) servers being used to redirect users on DNSChanger-infected machines from legitimate websites to fraudulent or malicious sites.
As hundreds of thousands of users are affected by the rogue DNS network takedown, the FBI has been maintaining a temporary, clean network of DNS servers in order to facilitate remedial actions by individual users, ISPs and other affected parties. This temporary DNS server network is due to shut down on 9th July 2012.
For more information about the FBI operation and the malware involved, including various methods to check for infection and remedial action, please visit the DNSChanger Working Group site.
Also see the related Labs Weblog post, Tool: DNS Check #DNSChanger
DNS Check can be downloaded from our FTP server:
- DNSCheck.zip (51 Kb)
- DNSCheck.hta (SHA1: 026b19bfbeeb2e02a9d4157f6fffa82ffcb62ab9)
- README.txt (SHA1: 5ddd867dc15a3398610868f06daec541278d8b16)
- admin_console.bat (SHA1: 2adedec5ceb4009d9b705cb6d9cb4c323dddc9a1)
- .\images\fsecure-logo.png (SHA1: dcc8408c05cec84e4ac7420e6f7036c91e708ee2)
- .\images\icon.ico (SHA1: a3630f948bb4d7b6c97318a50c5ad25fa85dca14)
Note: This is an F-Secure Labs support tool. It is provided 'as is' without warranty or product support.
For certain cases, a legacy removal tool may be necessary. Legacy tools are stored on our FTP server.
Note: these tools are no longer supported or maintained; they are provided 'as is'.