SOLVED Check if rogue DNSChanger has changed your DNS settings


Quick Scotty, beam me up!
Oct 27, 2009
Reaction score
From: The Windows Club 1-16-2012

I came across this thought this may be some handy info for anyone who's interested.

Domain Name System or the DNS system is an Internet service that converts domain names into numerical Internet protocol (IP) addresses. These numerical IP addresses are used by computers to connect with each other.
When you type a domain name in the address bar of your browser, your computer contacts DNS servers. It then finds out the IP address for that website. Once this is done, your computer then uses this IP address to connect to the website.


The German Federal Office for Information Security has recently advised computer user to check in the DNS server settings on their computers or home networks had been hijacked. This comes as a follow-up to the successful botnet takedown led by the FBI. The Ghost-Klick DNSChanger botnet had infested around 4 million computers in more than 100 countries. This Trojan redirected requests of infected computers to malicious websites by altering the address of the DNS server, reports the Eset Blog.

For example in such a case you may type and want to visit this site, but you might suddenly find yourself landing on some other site instead!
While all the malicious DNS servers were replaced with correctly operating systems during the takedown, it might be a good time as any, to see if your PC has indeed been compromised.

To do so you can visit On this website, you can check whether the DNS Settings of your home network or your computer have ben changed or manipulated. You can check here if your computer is compromised by this malware that changes DNS settings on your computer or your home network. If you believe that you have been victimized you can also check and report your IP here to FBI.

How to find out if your computer is infected.

If you want to find out if your DNS settings have been compromised, you can do so as follows:
Open CMD and in the prompt windows type ipconfig /all and hit Enter.

Now look for entries starting “DNS Servers…” This shows the IP addresses for your DNS servers in the format ddd.ddd.ddd.ddd, where ddd is a digit between 0 and 225. Make a note of the IP addresses for the DNS servers. Check them against the numbers mentioned in the following table containing known rogue IP addresses. If it is present, then your computer is using rogue DNS.

If your computer is configured to use one or more of the rogue DNS servers, it may be infected with DNSChanger malware. It might then be a good idea to back up your files and run a full scan on your Windows computer with your antivirus software. If you need more help, you can always visit our Windows Security Forums.

Incidentally, if your computer is still infected with the rogue DNS, you will not be able to surf the Internet after 8th March 2012. This is because these replacement DNS servers will be shut down on that day.

These links may also interest you:

  1. How to Flush or Reset the Windows 7 DNS Cache
  2. How to change DNS settings in Windows 7 & Vista.
If you have liked this post, you might want to check out some more, on topics like DNS, Rogue.



Microsoft MVP
Jul 20, 2009
Reaction score
Nice one, Nibs.
I havn't noticed any problems, but I checked anyway. No probs here!
Thanks for the heads up

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question