Currently Being ModeratedMay 24, 2012 7:33 AM (in response to Alexa22)
You may not still have the trojan in place, but you have the effects of that trojan. Its purpose was to change the DNS settings on your Mac to use a malicious DNS server.
All you need to do at this point is go to System Preferences -> Network, select whichever network type you are using (wifi or ethernet) and click the Advanced button. Then go to the DNS tab. Remove any DNS servers from that list and replace them with the DNS servers provided by your ISP, or use the OpenDNS servers (220.127.116.11 and 18.104.22.168).
Edit: Note that this advice may not apply to others, who may still have the trojan installed. If the trojan is still installed, it will change the DNS settings back again. It has to be removed first, if present.
Currently Being ModeratedMay 24, 2012 7:34 AM (in response to Courcoul)
sorry, but i'm not really good with this whole computer stuff, how do i check my ISP?, and by network manager do you mean the router?
sorry if i sound too lame, it's the first time in almost 3 years since i've had this computer that i've encountered a problem.
Currently Being ModeratedMay 24, 2012 7:43 AM (in response to Alexa22)
If you're having these problems while connecting from home, then your ISP is your Internet Service Provider, whomever it is you pay to get on the Interweb.
If you're connecting from work, then you will probably be doing it thru the business' local area network. There you'd have to talk to whomever is in charge of maintaining that network.
Currently Being ModeratedMay 24, 2012 7:49 AM (in response to thomas_r.)
ok, i changed the DNS servers that thomas said, and at least the google warning went away, but, i still got the warning from the web that it's supposed to tell you if your computer is in fact infected, here it is:
once again, i ran the DNSchanger removal tool, it still tells me i don't have it, and up until now the ClamXav hasn't turned up anything.
what do i do?
Currently Being ModeratedMay 24, 2012 8:07 AM (in response to Alexa22)
Can you provide a screenshot of your DNS settings in the Network settings I referred to? Just want to make sure they got set appropriately.
If that's set properly, your wireless router may have been hacked somehow. Can you try the machine on another network? Say, at a public hotspot or a friend's house? If so, try repeating that check from there. If the problem only occurs on your network, you will probably want to reset the wireless router to factory settings and reconfigure it from scratch. What kind of wireless router are you using?
The way these checks work is to detect what DNS server your machine is trying to contact. So, if it says you're infected, what that really means is that your machine is, for whatever reason, trying to use one of the malicious DNS servers that were used by DNSChanger and have been in the custody of the FBI for some time now. It doesn't mean that you still have the trojan itself on your machine. There's no further risk to your privacy or security at this point, as the FBI has been maintaining those servers as legit DNS servers now. But the FBI plans to finally shut down those servers in July, so you've got to fix the problem by then, or you'll be unable to get online.
Currently Being ModeratedMay 24, 2012 8:08 AM (in response to Alexa22)
Let's try something else. In the Utilities folder you will find the Terminal utility. Run it and it will open a blank window expecting a command. Type the following command line exactly as written, followed by the return key:
Then quit Terminal, restart the Mac and see if the problem has been solved.
(This command flushes the DNS cache in the Mac, in case it contains erroneous data causing the error)
Currently Being ModeratedMay 24, 2012 2:41 PM (in response to Alexa22)
The message you got is legit. Google announced they would notify people here: http://googleonlinesecurity.blogspot.com/2012/05/notifying-users-affected-by-dns changer.html Go search news.google.com for DNS changer. Your ISP may also have been trying to notify you over the last few months as well.
Check the DNS server settings on both your router and your computers. The malware sometimes changes the DNS server settings on your router. Sounds like this is the case for you. If you find the DNS servers on your router have been changed to the bad ones, change them to something you trust (your ISP's, Google's etc) and then change the password on your router. If there are other computers in your house, check those as well. Make sure your router is secured so only you can get on it, not your neighbors.
Here is a list of the bad DNS Servers:
22.214.171.124 through 126.96.36.199
188.8.131.52 through 184.108.40.206
220.127.116.11 through 18.104.22.168
22.214.171.124 through 126.96.36.199
188.8.131.52 through 184.108.40.206
220.127.116.11 through 18.104.22.168
To make the comparison between the computer’s DNS servers and this table easier, start by comparing the first number before the first dot. For example, if your DNS servers do not start with 85, 67, 93, 77, 213, or 64, you can move on to the next step. If your servers start with any of those numbers, continue the comparison.
Currently Being ModeratedMay 24, 2012 4:38 PM (in response to UUGeekGrl)
i guess there's a bit of a contradiction, because i'm not getting the warning on google anymore, but on the other site:http://www.dns-ok.us/, it says that my computer is infected, i've run the DNSchanger tool removal and it says my computer is clean, so do MacScan and ClamXav.
the other thing is i don't know how to change or even see where the DNS server is on my router, i've changed the DNS servers on my computer but i don't know if that works for the ISP, i usually just go to a web page that tells me if i'm connected or not.
does anyone here know how to check or change the DNS on a speedstream 5200 router via codetel? (which is my ISP)