DNS Malware – Fixing A DNS Virus Infection for Windows 7

The web is full of great things, but there are dangers as well, and they are often hard to see until catastrophe strikes. A common problem we are seeing now is DNS malware. This DNS virus is an infection that changes your DNS settings. Let’s look at how you can diagnose and fix it on Windows 7.

Why It Matters

Your DNS is the equivalent of the CPU in your car. You might not know what it does or how it works, but it has to be functioning properly for the car to run. The same goes for the DNS if you want to get on the web.

DNS stands for “Domain Name System.” It ties into your IP address and refers to how information is delivered to a computer when you search the web. He who controls the DNS on a computer controls what is going to be seen and the use of any information provided by the user.

The most common nasty DNS trick these days is to show fraudulent sites when a search is done. Let’s assume you search for BestBuy.com so you can buy a video camera. The malware might return a site that appears to be Best Buy, but isn’t. You provide your credit card information for the purchase, and the information is then sold to third parties interested in identity theft. Before you know it, credit card companies are calling to find out why you ordered 400 cartons of cigarettes in Amsterdam!

DNS malware can be used for a variety of other purposes as well, and none of them good. The key is to snuff out the problem before it gets out of control. The first step is to discover if you have a problem.

Easy Diagnosis

If you are in the U.S., you can try this site. Unfortunately, the site has been taken down so you will need to take the following steps.

Technical Diagnosis

If the easy diagnosis fails, you will need to carry out a more technical review. Don’t worry. It is relatively straightforward for Windows 7:

1. Click the start button in the bottom left corner of your task bar.
2. Type “cmd” in the “search programs and files” box.
3. This should produce a black text box.
4. Type in the following where the prompt is flashing: ipconfig /allcompartments /all
5. At this point, a bunch of information should appear.
6. Scroll UP till you see an entry titled “DNS Servers”.
7. Copy the numbers. They should read xxx.xxx.x.x
8. Go to this page and enter the numbers in the box. Click “check dns” and you should get an answer.


The FBI believes you can fix the problem by using normal tools available to anyone. You can read about them here.

I don’t believe these tools work. Anyone sophisticated enough to write DNS malware software infecting millions of computers is also going to take into account these security programs. The malware might include a hibernating file that only activates 30 days after the initial program is removed or something of this sort.

If your computer is infected, I suggest taking it to a professional and letting them have at it. You probably will need to save all your files and then reload the entire operating system to start fresh. This may seem a bit much, but it isn’t too bad compared to the threat of someone watching and recording all your interactions on the web.

Systems Updates

You can prevent most computer hacks by keeping all your programs updated. Make sure to also use effective security programs like Eset to shield your system. Personally, I wouldn’t use Norton or McAfee if you paid me, but I leave the decision to you. Just make sure you take steps to protect your computer.

Good luck with your computer. Hopefully, you are not infected with the DNS malware virus.