Help, how do i delete DNSchanger?

If they scanners haven't found it, then you probably don't have it.

Maybe what's infected is the DNS server your Mac calls up to do IP address resolution. Check with your ISP or network manager.

You may not still have the trojan in place, but you have the effects of that trojan. Its purpose was to change the DNS settings on your Mac to use a malicious DNS server.

All you need to do at this point is go to System Preferences -> Network, select whichever network type you are using (wifi or ethernet) and click the Advanced button. Then go to the DNS tab. Remove any DNS servers from that list and replace them with the DNS servers provided by your ISP, or use the OpenDNS servers (208.67.222.222 and 208.67.220.220).

Edit: Note that this advice may not apply to others, who may still have the trojan installed. If the trojan is still installed, it will change the DNS settings back again. It has to be removed first, if present.

If you're having these problems while connecting from home, then your ISP is your Internet Service Provider, whomever it is you pay to get on the Interweb.

If you're connecting from work, then you will probably be doing it thru the business' local area network. There you'd have to talk to whomever is in charge of maintaining that network.

Can you provide a screenshot of your DNS settings in the Network settings I referred to? Just want to make sure they got set appropriately.

If that's set properly, your wireless router may have been hacked somehow. Can you try the machine on another network? Say, at a public hotspot or a friend's house? If so, try repeating that check from there. If the problem only occurs on your network, you will probably want to reset the wireless router to factory settings and reconfigure it from scratch. What kind of wireless router are you using?

The way these checks work is to detect what DNS server your machine is trying to contact. So, if it says you're infected, what that really means is that your machine is, for whatever reason, trying to use one of the malicious DNS servers that were used by DNSChanger and have been in the custody of the FBI for some time now. It doesn't mean that you still have the trojan itself on your machine. There's no further risk to your privacy or security at this point, as the FBI has been maintaining those servers as legit DNS servers now. But the FBI plans to finally shut down those servers in July, so you've got to fix the problem by then, or you'll be unable to get online.

Let's try something else. In the Utilities folder you will find the Terminal utility. Run it and it will open a blank window expecting a command. Type the following command line exactly as written, followed by the return key:

dscacheutil -flushcache

Then quit Terminal, restart the Mac and see if the problem has been solved.

(This command flushes the DNS cache in the Mac, in case it contains erroneous data causing the error)

The Utilities folder is inside the Applications folder.

That screenshot looks right, so I'd advise doing some of the other tests I recommended (testing on another network, for example).

The message you got is legit. Google announced they would notify people here: http://googleonlinesecurity.blogspot.com/2012/05/notifying-users-affected-by-dns changer.html Go search news.google.com for DNS changer. Your ISP may also have been trying to notify you over the last few months as well.

Check the DNS server settings on both your router and your computers. The malware sometimes changes the DNS server settings on your router. Sounds like this is the case for you. If you find the DNS servers on your router have been changed to the bad ones, change them to something you trust (your ISP's, Google's etc) and then change the password on your router. If there are other computers in your house, check those as well. Make sure your router is secured so only you can get on it, not your neighbors.

Here is a list of the bad DNS Servers:

85.255.112.0 through 85.255.127.255

67.210.0.0 through 67.210.15.255

93.188.160.0 through 93.188.167.255

77.67.83.0 through 77.67.83.255

213.109.64.0 through 213.109.79.255

64.28.176.0 through 64.28.191.255

To make the comparison between the computer’s DNS servers and this table easier, start by comparing the first number before the first dot. For example, if your DNS servers do not start with 85, 67, 93, 77, 213, or 64, you can move on to the next step. If your servers start with any of those numbers, continue the comparison.

First make sure the dns-ok page isn't cached. Close all open Safari pages, then go to: Settings>Safari>Clear History>Clear Cookies and Data Then try loading the dns-ok site again. If you get Green, you are all set.. if you get Red keep going..

Goto Apple>System Preferences>Network>Advanced> Click the TCP/IP tab> Look at what IP is written next to "Router"

Now log in to your speedstream 5200 --- In your browser type http:// (followed by whatever IP your router is using) You should get a webpage with a login prompt to login to the router. In theory your ISP provided you the username and password for the router.

Once logged in, look under advanced setup. I can't find any pics of what the screens look like -- but you are looking for a place to enter the DNS servers - should be similar to what you did before. You can add either your ISP's or the same ones you added to your mac. Then change your router password to something complex.

If that fails, you can try rebooting the router, or hard resetting it. If you have any other PC's in the house, check to see if they are infected.. they might be the ones with the virus, and the virus is changing the settings on your router. If you have an infected PC, you might see all this again in a few days!