Linux Mint Forums

[sunewbie]

Just heard this news:

DNS Changer virus / Trojan March 8th

Internet to be shutdown by FBI on 8th March 2012

Easily Remove DNSChanger Trojan Virus on Windows 7, Vista, XP and Mac

Internet Doomsday March 8 - The truth about DNSChanger viruses

DNSChanger, March 8th and You

Will it affect Linux?

[Aging Technogeek]

The first ,and to an extent, the second link you posted read like malware sites themselves, trying to scare people into buying their removal tools (which are more likely to add malware than remove it).

The threat is apparently real, though. And it can infect Linux systems since it attacks the web browser rather than the OS itself.

I would suggest using the link in the third site, http://www.dns-ok.de to do a free check of your system. It will be in German. The response if your system is clean will look like this

Ihr System ist nicht vom Trojaner "DNSChanger" betroffen

If you are clean, just follow all safe browsing practices to minimize the chance of infection.

[sunewbie]

oh, I did not realize this. I thought they are blogs, just giving info. It also has a link to an article by FBI. So thought would just post it.

Anyways, should I remove first 2 links?

[Aging Technogeek]

No, they are probably valid articles. They just have the sound and feel of some of the alarmist type ads posted by those who sell you malware in the guise of malware removal tools. Since the FBI activity is mentioned in one of the other topics, it tends to validate the entire story. Also, a quick Google search returned enough references to legitimate news sites and other trustworthy sites to rule out a scam.

As I said, if you are worried, go to the site I mentioned above. The site is posted by the company that distributes Avira anti-virus and malware detection systems, so it should be legitimate. It will run a check and instantly let you know if you are clean. And it will not try to sell you anything.

[sunewbie]

Ya. The third link is better one. If I remember, Avira also has a LIVE CD (exe) - which can be used as a rescue disk in both Linux and windows.

Just wanted to post this info. Many Linux users use widows, mainly in offices.

Thanks for advice. I will check it out, but march 8 is a national holiday, for Hindu festival of colours Holi

[Chrisbo]

For detection of this trojan, here's a better link to many different languages: http://www.dcwg.org/detect/

[sunewbie]

For detection of this trojan, here's a better link to many different languages: http://www.dcwg.org/detect/

Thanks for the link

[Habitual]

http://www.fbi.gov/news/stories/2011/no ... are_110911

[sunewbie]

thanks @habitual

[Habitual]

You're very welcome.

[ginosal]

Hi. I'm having problems with my internet connection. It's very unstable, but only for some pages, which sometimes show this error: Error 105 (net::ERR_NAME_NOT_RESOLVED):. I've got the same problem on my desktop and on my notebook, so I don't think it's a problem of my computers. If there's a problem, it must be in the router or it's a ISP problem. So I've tried to reset my router, but I still get this problem (sometimes, on some pages). So I asked myself: could it be a DNS-Changer problem? I've made the tests you posted, and I always get the green background. Is there anything else I can do in order to discover if my computers or my router have been attacked by malware? Thanks!

[Habitual]

http://www.dns-ok.us/ for a visual check in English.

http://www.dcwg.org/?page_id=381

krebsonsecurity says "On July 9, 2012, any systems still infected with the DNSChanger Trojan will be summarily disconnected from the rest of the Internet".
Good, more room for me.

And for the Type As out there just like me...net ranges of rogue servers

Code: Select all

85.255.112.0-85.255.127.255
67.210.0.0-67.210.15.255
93.188.160.0-93.188.167.255
77.67.83.0-77.67.83.255
213.109.64.0-213.109.79.255
64.28.176.0-64.28.191.255

NONE of the articles I perused on this topic mention any Linux hosts. All cleaning instructions are for Win and Mac

[KBD47]

Now you know why I love Linux:

DNS Changer can infect both Windows and Mac systems. Linux users are safe, as are those using iPhones, iPads, Android devices and other systems.
http://www.forbes.com/sites/adriankings ... come-july/

[tdockery97]

"On July 9, 2012, any systems still infected with the DNSChanger Trojan will be summarily disconnected from the rest of the Internet".
Good, more room for me.

[/dev/urandom]

Now you know why I love Linux:

DNS Changer can infect both Windows and Mac systems. Linux users are safe, as are those using iPhones, iPads, Android devices and other systems.
http://www.forbes.com/sites/adriankings ... come-july/

The fact that DNSChanger is not compatible with Linux does not invalidate the fact that Linux systems can be infected by malware.