The FBI has uncovered and dismantled a major internet fraud scheme using DNSChanger malware. For more information: http://www.fbi.gov/news/stores/2011/november/malware_110911
Infected computers are to be blocked from the internet soon. To check if your computer is infected, go to: http://www.dns-ok.us/
This link is for a test page (in English) hosted by the DNS Changer Working Group (DCWG). If you prefer, you can also find this test page link along with additional sites for other countries and other languages by following the link for "Check Your Computer's DNS settings" at the FBI address given above.
The test page is easy to use. It will display a green background if your computer is ok and red if infected. The FBI site includes information on removing the malware.
DNSChanger Malware - Check Your Computer
The FBI has uncovered and dismantled a major internet fraud scheme using DNSChanger malware. For more information: http://www.fbi.gov/news/stores/2011/november/malware_110911
All computers with the DNSChanger malware will be BLOCKED from the internet starting Monday, July 9, 2012.
This is because, if you have the DNSChanger malware on your computer, you were [unknowingly] being redirected to the servers run by the folks responsible for the associated internet fraud scheme. Instead of going to the proper internet servers when you went online, the malware had redirected your computer to their servers - so they could send you where they wanted you to go and show you whatever they wanted you to see.
While they were 'handling' the case, the FBI had set up temporary servers that would, essentially, redirect you back to the internet, where you wanted to go in the 1st place. Because of this, you might not realize that anything was even going on. The 'bad guys' were sending you on a wild goose chase & the FBI was putting you back on coarse all w/o you knowing.
The FBI has gotten rid of the servers run by the 'bad guys', the servers to which your computer is being routed (if you have the DNSChanger malware, that is). On Monday, the FBI plans to dismantle that temporary server they had been using to get you back on track. Starting Monday, if you have the DNSChanger malware, when you try to go anywhere on the internet, your computer will just be lost in cyberspace and will go nowhere. The 'bad guy' servers your computer is set to go to are no longer there, and Monday the FBI servers will not be there either, so your computer will be trying to go to a non-existant address. You will not be able to reach the internet - and we all know how painful THAT can be - you will just get an error message instead.
Now is the time to go to the link given above to find out if your computer is running the DNSChanger malware, so you can get the malware removed if necessary before Monday.
That all sounds pretty suspicious to me- I don't think I will click on your link- there are and have been so many of those false scares going around- I will just continue trusting my anti-virus and malware protection to take care of me- I am confident I will be online on July 9- That almost sounds like the terrible Millenium scare!
I can understand your concerns. You don't know me, and it is getting very difficult to know who to trust these days. I appreciate your honesty. Just a few things to consider:
(1) If you have been running good anti-virus and malware protection, and (very important) have been faithfully installing all security updates to your computer's OS (Windows, Linux, Mac OsX, etc), then you are probably safe; however, it wouldn't hurt to check to be sure.
(2) As for me and who I am, if you click on my user name, you will be taken to my DG homepage where you can see that I have been a very long standing member here at DG. I realize that may not reassure you entirely about my motives, but it will at least let you know that I am not just someone who made a quick account recently in order to scam you. I'm a gardener, as I assume you are. I'm also a wildlife and animal lover. I'm an electrical & software engineer. I created this thread and posted the information here in an effort to help others. When I became aware of the DNSChanger malware issue, I created this thread in order to pass the information along to all of you. (I'm on DG daily. If you haven't 'seen' me around at DG, it's probably because I spend most of my time in the Wildlife and Pets Forums where I have been running serial threads for many years.)
(3) About DG (Dave's Garden). Dave's Garden is a very special place. The Admin here do a very good job of monitoring things, and if they believed this thread or the links I've provided were a scam or harmful to you, they would have pulled this thread (i.e., made it disappear). In addition to DG Admins, all DG members are empowered to help keep DG safe and keep threads/posts within the rules. If a member sees anything on DG which they believe is a scam, they can click the "Contact Us" link at the bottom of the page to report it to Admin, who will check things out and take the appropriate action. In fact, if you believe that I am trying to scam you (rather than help you), you are always welcome to click the "Contact Us" link to report this to DG Admin.
(4) About my last post indicating that computers which are infected with the DNSChanger malware will be blocked from the internet as of Monday, July 9. This information, the fact that DNSChanger exists and that effected computers will be blocked starting Monday, is being broadcast via the cable news channels (such as FoxNews).
(5) About the links I provided. I provided the links to make it easiest for people to learn more about the DNSChanger malware issue and determine if their computer is infected. I did this in part because I know there are many people here at DG who are not extremely comfortable with computers - so a link is the easiest way for them. I do, however, realize that links are scary these days.
If you are concerned about clicking on a link, you can type the url (address) into your browser yourself - to be sure I'm not tricking you. The 1st link I provided above is for the FBI's webpage. FBI.gov is a legitimate and safe site run by the FBI. If you type "http://www.fbi.gov" into your browser, you will be taken directly to that page, and in doing so will have bypassed my link and any attempt on my part to trick you.
If you type in "http://www.fbi.gov" to go directly to the FBI's homepage, the most prominent thing on the screen (center left) will be a box showing what they consider the most important events at the moment. The box has the numbers 1-4 under it, representing the individual items. Item #1 will say "DNS malware: Is your computer infected?". Like I said before, this is a big issue right now with the FBI. If you click on that item, it will take you directly to the exact same page as my 1st link. (But by going there directly w/o using my link, you will be bypassing any attempt on my part to trick you.)
That page will explain about the DNSChanger malware problem. It also includes a link titled "Check your computer's DNS settings" that will get you to the page to test your computer and determine if it is infected. It also includes information on what to do if your computer is infected.
Because this is an important issue, there are numerous places on the web that will take you to one of the DNSChanger test pages where you can check to see if your computer is infected. FoxNews webpage has a link to it, for instance. The test page for which I gave the link above (2nd link) is hosted by the DNS Changer Working Group (DCWG), the internet working group responsible for dealing with the DNSChanger malware problem. To find them w/o using my link, you can google "DNS Working Group" and follow the google link for DCWG (dcwg.org). They are a legitimate organization. Right there at the top of their homepage you will see a link labelled "Detect" which will take you to the DNSChanger test page.
I hope this information will help to reassure everyone that I am not trying to scam you and provide you with information on safe ways that you can get to the DNSChanger test page to determine if your computer is infected.
I have been hearing about this for about a week now on the news. It was warning people that their time was up. That the FBI had 'covered' us for a year, and the year expires Monday. I believe the web site they were giving to go to was the dcwg.org listed above.
If you have been updating your software all along...your good. I know I never click to update, I click the remind me later button, now Ive got to have my husband take care of this ;-o.
This message was edited Jul 6, 2012 3:21 PM
Thanks for helping me convince others that this is a legitimate problem and for giving credence to the dcwg.org url (BTW, you transposed 2 of the letters in your post above). Like anything, the internet requires ongoing work to keep it up to date and working well. The US government pays scientists and engineers to maintain and update the internet. These scientists and engineers come under the supervision of the Internet Working Group (IWG). Individual groups under the IWG handle various aspects of the internet. The DCWG (stands for DNSChanger Working Group) is one of these groups of scientists and engineers paid by the US gov to handle a specific issue on the internet, in this case the problem created by the DNSChanger malware. The site dcwg.org is their webpage, so it is safe, and it contains a prominent link (top of page, labelled "Detect") to take you to the DNSChanger test page.
You really should start allowing your computer to install the updates as they become available. I realize it can be a pain sometimes, especially since you often have to reboot your computer during the installation process, but it's necessary. Most of those updates are done to plug holes and stop scammers. Hackers and scammers are constantly trying to find new ways to get 'inside' your computer, and software mfg (Windows, etc) are constantly trying to block them. If you don't keep your computer updated by saying, "yes" to all of those security updates, you leave yourself vulnerable to attacks which may, among other things, slow your computer to a crawl, make your computer stop working completely requiring a complete reinstall of Windows, steal your money, take over your online accounts, and even steal your identity. There are a lot of bad players out there, and those updates are part of your protection from them.
There was a time, in years back, when I was also guilty of not installing Windows updates. In the early years installing Windows updates would often crash your computer. A time or two in the old days I even had to reinstall Windows to recover from one of those 'updates'. As a result, I became fearful of updates. Thankfully, those days are long gone. Windows updates install themselves quickly and efficiently these days. I've been installing all updates on all of my computers at home and at work (and as a software engineer I have many computers) for years now w/o any problems.
To get your computer back up to date, your DH just needs to run the process that checks for updates and choose, "yes" to install them. Windows should find all of the updates you need and install them in the proper order. It may take a while.
One last thing for anyone who still thinks I may be trying to scam you:
Internet scams are illegal (hence the FBI involvement in the DNSChanger scam). As a subscriber here at DG, I had to give Admin my name, address, and credit card. It would be very foolish for me to try to run an internet scam here by providing bogus information and/or nefarious links. DG Admin knows my name and where I live. I would be in jail by the end of the day, if I were trying to run a scam here (under my real name!). That's why the real criminals send you links via email using names and email addresses that don't really exist or embed links in 'popup' windows that conceal their true identities.
Ok. This will have to be my last post for now. I have a lot of work to do today, but I do want to help others find out if they have this malware. Some people out there may not be installing security updates. Others may be running older versions of Windows that are no longer supported (no updates available).
Here are some other places where you can find links to get info and determine if your computer is infected. Hopefully, you will feel safe using one of these sites. For each site you don't have to use my link. You can type the address in directly or use google to search for it :
- FoxNews - At the foxnews website (www.foxnews.com), links to the story are currently available (near bottom of page) under "Features and Faces" click on "Thousands May Loose Internet" or under "Technology" click on "Malware may knock thousands off internet on Monday". These pages include the link to the test page.
- CNN - The CNN (www.cnn.com) website ran the story back in April 2012 in Tech titled "FBI: More Than 300,000 Could Loose Web Access By July". Unfortunately, to find the story I had to do a search for "DNS Changer malware" on the CNN site. I would put the link here, but that would just take us back to the 'link' issue discussed above.
- FBI - The FBI website (www.fbi.gov) has link to info and test on its homepage.
- Your ISP (Internet Service Provider). Your ISP should have a website and should have posted info on the DNSChanger malware problem on its site. For instance, on the AT&T site (www.att.com) a search of "DNS Changer malware" will take you to the "DNSChanger Malware" page where you will find info & the link to test your computer.
The reason I am spending so much time looking this info up for you, typing it in, etc is it only takes seconds to go to the test page now and find out if your computer is infected. If it is infected and you find out now, you can use the internet to access tools and find out what you need to do to get it fixed before Monday. If your computer is infected and you wait until Monday to find out, you will be blocked from the internet. This will make it MUCH more difficult to fix the problem. You won't be able to access the internet to read about the DNSChanger problem and find out the steps you need to take to get rid of it. You won't be able to access the internet to download tools designed to remove the malware from your computer.
If your computer is infected and you wait until Monday to find out, you will have to call your ISP for help. Potentially thousands of other people will also be calling the ISP on Monday for the same reason, so you will likely end up on hold for a while. When you do get hold of someone, they may charge you (by the minute) to help with the problem, or they may tell you to call a computer professional ($$). If you are really lucky and they are willing to take the time to walk you through the steps to find out what is wrong with your computer, they may have to send you software by snail mail to get your computer 'fixed', or they may advise you to purchase a removal tool. The latter will require a trip to the store, since you won't be able to download anything from the internet.
All this considered it's a good idea to check your computer now when you can still use the internet to aid in removing the malware.
I really don't think anyone thought that you were trying to scam them or had less than good intentions...the problem is that perfectly good, honest, well-meaning people run across things on the internet that are scams, etc but they are fooled into thinking it's something legit. So they share links, etc and their friends end up with virus-infected computers. I have seen enough on this particular DNS changer subject that I know that's not the case here, but I suspect that's why people might be reluctant to click on the links. While this particular thing is legit, it sounds an awful lot like many of those things out there that aren't legit so it's always a good idea to be cautious about clicking links even if they're posted by someone who you know & trust.
So glad I noticed this post. I was prepared to spend time this weekend making sure I was in good shape, but I used the provided link and the background was green. My ISP is not redirecting DNS traffic, so I should be good.
Thanks for saving me some time!
DreamOfSpring, thank you for bringing all this to my attention.
Being weary of clicking on links impulsively, I checked what Snopes had to say on the subject. I tracked the DNSChanger thing on the FBI's site and checked both my computers, which passed the DNS test with flying colors.
DreamOfSpring, as ecrane said, I wasn't implying that you were doing anything wrong- we all are just suspicious- I did go check- I am OK- thanks-
Heard in a sitcom a few days ago: If it weren't true, it wouldn't be on the internet. LOL.
I wasn't upset. I really did understand that most of you don't know me, and that it really is dangerous to follow links unless you know the source. I hadn't really thought about the possibility that someone might innocently post a nefarious link. As mentioned above, I'm an Electrical Engineer and a Software Engineer, so this is my area of expertise. I would never have posted the information and links unless I knew they were from a source that was beyond reproach (the FBI). I thought that by posting the FBI.gov link folks would be able to go there (directly if not by link) and see that it was legit. If we can't trust the FBI, we've got way bigger problems than malware. ;-)
Like I said, I wasn't upset at all. I was just trying to find the way to let everyone, including all those who read and don't post, know that this is a real problem, so they could get checked out before it's too late.
Big thanks to those who did go to the test page. Thanks for letting others know that it was easy and painless. Thanks also for bringing up snopes. When trying to find ways to reassure everyone that this is real, I had forgotten about that site. Glad the thread, links, and test page were helpful to some!
Back later when time allows.
DreamOfSpring -- I never just rush out and click an unknown link but had already heard of this
problem as had my techie husband. The link is safe and our computers checked out fine.
I appreciated the heads up.
LOL -- the FBI doesn't apparently have as much credibility with us as Snopes!
LOL -- the FBI doesn't apparently have as much credibility with us as Snopes!
OMG! I know. I noticed that. I think it's so hilarious. I used the FBI site thinking surely folks would know it was safe and trustworthy, but people had to go to Snopes to verify the integrity of the information before they could trust the FBI. ROTFL. Whatever works.
The link is safe and our computers checked out fine.
I appreciated the heads up.
You are welcome. Thanks for letting other know that it's legitimate.
I am trying to see if I am ok but it ask for my isp and forgot where i go to see what mine is Can you help jog my memory in how to find out what mine is
I think you might mean you IP address. You shouldn't need to give that info. It sounds like you are probably getting hung up on the FBI website where it says "please type your DNS info into the search box." If you drop down a few lines below that, you should see a chart with these headings: URL, Language, Maintainer. The 1st item under the URL column should be http://www.dns-ok.us/ . If you click on that link (of the FBI page) it will take you directly to the test page, where you will instantly see either green (good) or red (infected) and will not need to input any information.
I hope the above is clear. If not, please let me know and I'll try again. You can also get to the test page by going to www.dcwg.org and clicking on "Detect" at the top of the page. DCWG is a legitamate internet working group and is safe. Either way, you should not need to input any information for the test.
To answer your question. Your ISP is your 'internet service provider'. That's the company from which you get your internet service, the company you pay each month for internet service (like AT&T, your cable company, etc.)
I'll explain how to get your IP address in the next post.
To get your IP address:
I'm using a Mac right now. The method I usually use to get my IP address is a bit hard to explain. I go to an Xterm (in windows I think it's called Cmd terminal or something like that. It's usually on the Start Menu, sometimes under the System Stuff at the top. You can also get the Cmd terminal from Start, Run, "Cmd")
Type 'ipconfig /all' for Windows (don't type the quotes) or 'ifconfig -a' for Linux or Mac. Return. This will give you a bunch of info. Scan down for 'en0' or 'en1'. One of those should have the word 'inet' followed by a number like 188.8.131.52, only with different numbers, of course. That is your IP address.
***IMPORTANT: in the ipconfig command for Windows shown here, there should be a forward slash in front of the word 'all'. Unfortunately, the system seems to be stripping the forward slash away, so it may not show up on your screen. Regardless, you will need to type the ipconfig command with a forward slash in front of the 'all'.
On windows your IP address may be listed as "IP Address" instead of 'inet'.
Here is where it gets complicated. If you are using a router (usually used either to use multiple computers from a single internet address or for wireless internet access), then the IP address shown by your computer is not your true IP address. It gets complicated but essentially with a router you take one IP address coming from your ISP and reassign it to a series of IP addresses for your home network. Your true IP address as seen from the perspective of the internet is the one coming into the router. The series of IP addresses going from the router to your individual computers is assigned by you (or whoever set up the router). These numbers have no meaning outside of your home (i.e. from the perspective of the internet). If you are using a router the IP address you see on your computer is part of your internet home network, not your IP address as seen from the internet. In this case, you would need to log on to your router to obtain your true IP address.
I hope this helps, but remember, you should NOT need this or any information to use the test page.
Edited to add the word 'Linux' and to add the "/" in front of 'all' in the ipconfig command.
Edited again to fix typo.
This message was edited Jul 7, 2012 12:41 PM
This message was edited Jul 7, 2012 12:47 PM
This message was edited Jul 7, 2012 12:49 PM
That's the same link I gave in my 1st post!
And, yes, it is the easiest way to check.
OMG - LOL - sorry about my oversight.
I didn't even notice the second link - and immediately reacted to the doubting Thomases!!!!
This message was edited Jul 8, 2012 5:40 PM
I monitor and scan my computer regularly. I checked google and yahoo among other sites when I first heard the information to see what they were talking about on the various news programs in my area. It came up as okay when I went to the http://www.dcwg.org/ site earlier today. I did a external back-up and then made sure that all of my ebay and bills are paid before I go to bed tonight. If it should go down for some reason, I will not worry because I will not need to go on for a few more days. I think the idea of backing up your files if you don't do it too often may help make things more secure mentally. Just in case.
DreamOfSpring, it is good that you are looking out for us.
No problem. Please forgive me. At the moment, I had spent countless hours trying every way I could think of (1) to get folks to understand that it wasn't a hoax and (2) to find a way to guide them to one of the test pages via some method about which they might feel safe. I had already given the link. I had explained the problem 6 ways from Sunday. Finding that many people were afraid of the links, I had tried every route I could find from cable news sites to ISPs to get them there w/o using a link (at least not one here on DG). So, I guess I was a bit snippy when after all that we came full circle back to the very same link I had posted to begin with.
I'm sorry. I'm not normally like that. I was just frustrated at that moment - not with any of you, just frustrated. I understood very well why people were afraid to trust my story and the links, but I was frustrated, nonetheless, from all my efforts to find a way to get the message across. I shouldn't have snapped at you. I'm very sorry, and I hope you will forgive me.
Actually, given that the point was to communicate the link to everyone, your post only helped with that by making it simple and easy to find and by letting everyone know that it was safe and easy. Thanks to you for that.
Excellent. Very glad to hear that you got the check up and all was well. Thanks for telling everyone how you got to the test page and that it was easy.
As for looking out for you guys, you are all welcome. I just hated to think that anyone might find themselves w/o internet access come Monday. I figured there might be some folks at DG who don't follow the various sites that were issuing the warnings. I wanted to pass the warning along to everyone here at DG, because that's what we all do for each other here at DG, whether it's passing along this kind of news or warnings about pet food recalls or links to great online plant sales or household and budget tips. It's just what we all do for our DG family. :-)
So, here it is Monday morning. So far, so good. I'm online still - so far. It's hard to know if/when those gov computers that were keeping infected computers online will actually be turned off. They were supposed to go down last night (Sunday night) at midnight, but, seriously, I had a hard time imagining a gov employee going in to work on Sunday night just to kill the computers. (No offense to my friends who work for the gov.)
The funny thing I didn't tell you was that I had an old desktop upstairs that I hadn't checked either. I mean, after all that effort to get all of you to check your computers, lol, I still hadn't checked all of mine. In my defense, the computer in question hasn't been on in months, and then probably only one in a couple of years. I only use it as a last resort when my laptop(s) are unavailable or wireless is down or whatever.
Anyhow, I had planned to check that upstairs computer over the weekend, but you know how that goes. I got busy, and... the next thing I knew it was 11:30PM on Sunday night - with the backup servers going down possibly as soon as midnight. Then when I got upstairs, I found that the batteries were dead in both the wireless keyboard and mouse for the desktop. Oh, and there were no spare batteries in my desk drawer. Ouch! So I had to run back downstairs, find that new box of AA batteries I had around here somewhere, then run back upstairs, install the batteries, and try to remember the sequence of steps required to get the keyboard and mouse to connect (I never use the computer and haven't changed batteries since ever).
By the time I FINALLY got that old desktop purring again and online, it was 11:45PM. 15min left to test it and, heaven forbid, download the software to fix it if it was infected. I feared the worst for that upstairs computer. My laptop is a Mac. Thankfully, so far, Macs are pretty much virus free - so far. The old desktop is running Windows, either 98 or 2000, something old like that, something that may not even be getting updates anymore. Like I said, it's an old computer that I almost never use anymore. Also, there was a brief period when I was having some problems with it, ages ago, and ran it w/o the router or even a virus checker. Having it online w/o a router for even a few weeks made if highly vulnerable to attack. The DNSChanger malware goes back as far as 2007, so it may have overlapped a time when I was using the desktop briefly. I was afraid that old computer might be infected - and I only had 15min to find out and fix it. Talk about down to the wire.
Then, at 11:45PM, while I got online w/o problems, I could not get to the test page from any direction. I'm guessing, human nature being what it is, lots of other people probably waited until the last minute to test their computers, too. By the time I finally got that old computer tested, it was 11:58PM. Whew! Right under the wire.
I never did get to use the dns-ok.us test page. It was unavailable the whole time during those last minutes, but in my determination to get tested, I used the Canadian test page and then backed it up with the French, German, and Swedish sites. I couldn't read the results, but the green bar told me all I needed to know. The old clunker upstairs passed the test.
Hi DreamOfSpring & THANKS!!!
Believe it or not, I just came across this thread this morning.
Although I had been following this malware issue on the web & news, I wasn't aware of the links to check your computer. I still plan to check my computer even though the deadline has supposedly passed and here's why:
Yesterday I read that many servers have prepared in advance so their customers won't lose the ability to go online. In the article it stated that even if you have one of those servers, your computer may still be infected with the malware. This can cause problems for you in the future.
So my recommendation would be for everyone to take the test even if you can still use the internet today, July 9th.
Thanks again. You have provided an excellent service to your fellow DG members.
Hi again, DreamOfSpring.
I tested my computer and it was green, but I still have a question.
Apparently all the test does is tell you that you reached the site correctly. The statement under the box says if your server is redirecting traffic for it's customers you can still be infected.
Although we have Norton security suite (the free version through Comcast) and get updates constantly, we have been wanting to find a program to sweep our computer. We've had other problems that we were told could be related to malware that Norton has totally missed (even if it has nothing to do with the DNSChanger malware).
Stores and websites all have their recommendations for the best software, but we'd really like the opinions of people that really know computers/software)
Soooo, do you have any recommendations for good software to sweep computers for malware and other bad stuff? If you think I'm out of line for asking, please don't hesitate to tell me.
I do trust your opinion since I've seen and read many of your posts and thread for years on DG and I think anyone reading this should consider sweeping their computers as well.
Thanks in advance!
DreamOfSpring - no problem!!!!
I understand your passion and desire to help.
Equally, I wanted to throttle a dear friend who just blew it all off.
She has fallen out of love with the Internet and everything that goes with it - including email (to me and everyone else).
I am not sure why I bother trying to "fix" her - LOL.
Thanks for all your work and all your caring.
Does anyone know how the July 9 threat came off? Did people actually lose internet and have major problems?
One of my co-workers said that is was probably big $$ corporations or companies that were most affected because they have the most to lose. Maybe 12% or less. I saw a figure that said about 41,000 people in the US and very little in Canada, but I don't really know. With the alert, many people double checked and cleaned up their computers with the help of the internet companies that were notified by the government after busting the malware scam ring. So the number would be less.
Hey , Dream . You sure put a lot of your time and heart into Helping others .
You are a real asset to Daves Garden , just saying . Thanks
Only a month and half 'till our birthday !