1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan:W32/DNSChanger

Trojan:W32/DNSChanger

Name : Trojan:W32/DNSChanger
Category:Malware
Type:Trojan
Platform:W32

Summary

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

Details


Registry Modifications
Creates these keys:

  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random}
DhcpNameServer = 85.255.xx.xxx,85.255.xxx.xxx
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random}
NameServer = 85.255.xxx.133,85.255.xxx.xxx
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
DhcpNameServer = 85.255.xxx.xxx,85.255.xxx.xxx
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
NameServer = 85.255.xxx.xxx,85.255.xxx.xxx


Additional Details

DNSChanger is a trojan that will change the infected system's Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites.