• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

How to remove DNSChanger malware virus [Updated Apr. 2018]

Myantispyware team November 6, 2007    

DNSChanger Trojan is name of a group of trojans (zlob dns changer, Troj/Rustok-N, W32/Tidserv. gaopdxserv.sys trojan, UACd.sys trojan, …).Once installed, it will redirect any web-browser to malicious, misleading, spam and other unwanted websites. DNSChanger trojan has be able to gather lots of privacy information which can be later sold to third party companies. You don’t know if your home address, account names and passwords are safe. And of course you completely don’t know what will happen when you click on any link in your internet browser.

DNSChanger

Malwarebytes blocks DNSChanger trojan from running

DNSChanger Trojan Symptoms

  • Windows Update redirects you to msn.com;
  • Google, Yahoo, Bing search results getting hijacked, links redirects to non related sites;
  • Google/Yahoo/Bing has become slower when doing searches;
  • Facebook and YouTube redirects to different sites;
  • Any web page loads really slowly;
  • System restore function is blocked;
  • Adult, dating banner ads are popping up on some sites, include security sites;
  • Cannot run msconfig;
  • Cannot update antivirus and antispyware programs;

Most commonly, DNSChanger malware comes without the user’s knowledge. Therefore, many users aren’t even aware that their computer has been hijacked with malicious software. Please follow the easy rules in order to protect your computer from any malware: don’t install any suspicious apps, read the user agreement and select only the Custom, Manual or Advanced installation option, don’t rush to press the Next button. Also, always try to find a review of the application on the Internet. Be careful and attentive! If DNSChanger trojan has already come into your computer, then you need to check your PC for malware.

To find out how to remove DNSChanger virus, we suggest to read the steps added to this blog post below. The guidance was prepared by IT security professionals who discovered a method to uninstall DNSChanger malware out of the PC system.

Remove DNSChanger trojan

There are a few solutions that can be used to remove DNSChanger malware. But, not all unwanted software and malware can be completely removed using only manual methods. Most often you are not able to delete any virus utilizing standard MS Windows options. In order to delete DNSChanger virus you need complete a few manual steps and use reliable removal utilities. Most security specialists states that Zemana, MalwareBytes Anti-Malware or HitmanPro tools are a right choice. These free programs are able to find and uninstall DNSChanger trojan from your PC system and restore your system settings to defaults.




If you are using an Apple computer running Mac OS, then use the following few simple steps How to delete browser hijacker, pop-ups, ads from Mac

To remove DNSChanger, perform the steps below:

  1. Remove DNSChanger malware without any utilities
    • Delete suspicious software through the Control Panel of your computer
    • Clean up the web-browsers shortcuts that have been hijacked by virus
    • Get rid of DNSChanger malware from Internet Explorer
    • Delete DNSChanger trojan from Firefox
    • Remove DNSChanger virus from Google Chrome
    • Remove malicious Scheduled Tasks
  2. Scan your PC system and remove DNSChanger malware with free utilities
    • Delete DNSChanger with Zemana Anti-malware
    • Remove DNSChanger malware from internet browsers with HitmanPro
    • Run Malwarebytes to get rid of DNSChanger trojan
  3. How to stay safe online
  4. Repair your Internet settings
  5. Check and clean all infected machines
  6. Finish words

Remove DNSChanger malware without any utilities

The useful removal tutorial for the DNSChanger . The detailed procedure can be followed by anyone as it really does take you step-by-step. If you follow this process to remove DNSChanger let us know how you managed by sending us your comments please.

Delete suspicious software through the Control Panel of your computer

Some of PUPs, adware and browser hijackers can be uninstalled using the Add/Remove programs tool which can be found in the MS Windows Control Panel. So, if you are using any version of Windows and you have noticed an unwanted program, then first try to remove it through Add/Remove programs.

Windows 8, 8.1, 10


First, press Windows button windows key, then click Search windows search. Type ‘Control panel’and press Enter as on the image below.
search
Once the ‘Control Panel’ opens, press the ‘Uninstall a program’ link under Programs category like below.
windows 10 control panel
You will see the ‘Uninstall a program’ panel as on the image below.
remove a program
Very carefully look around the entire list of programs installed on your PC. Most likely, one of them is the DNSChanger malware that can reroute your web browser to various intrusive web-sites. If you have many applications installed, you can help simplify the search of malicious apps by sort the list by date of installation. Once you have found a suspicious, unwanted or unused program, right click to it, after that click ‘Uninstall’.

Windows XP, Vista, 7


First, click ‘Start’ button and select ‘Control Panel’ at right panel as displayed in the figure below.
windows7 start menu
Once the Windows ‘Control Panel’ opens, you need to click ‘Uninstall a program’ under ‘Programs’ as displayed in the figure below.
windows 7 control panel
You will see a list of apps installed on your PC. We recommend to sort the list by date of installation to quickly find the apps that were installed last. Most likely, it’s the DNSChanger trojan. If you are in doubt, you can always check the program by doing a search for her name in Google, Yahoo or Bing. After the application which you need to delete is found, simply click on its name, and then press ‘Uninstall’ as displayed on the screen below.
Uninstall a program in Windows 7

Clean up the web-browsers shortcuts that have been hijacked by virus

After installed, DNSChanger malware may add an argument similar to “http://site.address” into the Target property of the desktop shortcut for the MS Edge, Firefox, Chrome and Internet Explorer. Due to this, every time you start the web browser, it will show a malicious or misleading web site.

To clear the internet browser shortcut file, right-click to it and choose Properties. On the Shortcut tab, locate the Target field. Click inside, you will see a vertical line – arrow pointer, move it (using -> arrow key on your keyboard) to the right as possible. You will see a text such as “http://site.address” that has been added here. You need to delete it.

clean a shortcut

When the text is removed, press the OK button. You need to clean all shortcuts of all your browsers, as they may be affected too.

Get rid of DNSChanger malware from Internet Explorer

In order to restore browser settings and remove malicious browser extensions you need to reset the Internet Explorer to the state, that was when the MS Windows was installed on your machine.

First, run the Microsoft Internet Explorer, then click ‘gear’ icon IE tools menu icon. It will display the Tools drop-down menu on the right part of the web-browser, then press the “Internet Options” as displayed on the screen below.

reset Internet Explorer tools menu

In the “Internet Options” screen, select the “Advanced” tab, then click the “Reset” button. The Internet Explorer will open the “Reset Internet Explorer settings” dialog box. Further, click the “Delete personal settings” check box to select it. Next, click the “Reset” button as shown below.

reset Microsoft Internet Explorer settings

After the process is complete, click “Close” button. Close the Internet Explorer and reboot your personal computer for the changes to take effect. This step will help you to restore your web-browser’s new tab, search engine and homepage to default state.

Delete DNSChanger trojan from Firefox

Resetting Mozilla Firefox browser will reset all the settings to their default state and will remove malicious add-ons and its settings. It will save your personal information like saved passwords, bookmarks, auto-fill data and open tabs.

Click the Menu button (looks like three horizontal lines), and click the blue Help icon located at the bottom of the drop down menu as displayed on the screen below.

Mozilla Firefox menu

A small menu will appear, press the “Troubleshooting Information”. On this page, click “Refresh Firefox” button like below.

Mozilla Firefox troubleshooting info page

Follow the onscreen procedure to return your Firefox internet browser settings to their default state.

Remove DNSChanger virus from Google Chrome

Run the Reset web browser tool of the Chrome to reset all its settings such as newtab page, default search provider and home page to original defaults. This is a very useful tool to use, in the case of web-browser redirects to undesired web sites.

Open the Google Chrome menu by clicking on the button in the form of three horizontal dotes (chrome menu button). It will display the drop-down menu. Choose More Tools, then click Extensions.

Carefully browse through the list of installed extensions. If the list has the plugin labeled with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following guide: Remove Chrome extensions installed by enterprise policy otherwise, just go to the step below.

Open the Chrome main menu again, click to “Settings” option.

open Chrome settings

Scroll down to the bottom of the page and click on the “Advanced” link. Now scroll down until the Reset settings section is visible, as shown in the following example and click the “Reset settings to their original defaults” button.

Chrome settings reset link

Confirm your action, press the “Reset” button.

Remove malicious Scheduled Tasks

Once installed, the DNSChanger malware virus can add a task in to the Windows Task Scheduler Library. Due to this, every time when you boot your computer, it will show an unwanted web-page. So, you need to check the Task Scheduler Library and delete all malicious tasks that have been created by unwanted apps.

Press Windows and R keys on the keyboard at the same time. This shows a prompt that titled as Run. In the text field, type “taskschd.msc” (without the quotes) and press OK. Task Scheduler window opens. In the left-hand side, click “Task Scheduler Library”, as shown below.

Task scheduler

Task scheduler

In the middle part you will see a list of installed tasks. Please choose the first task, its properties will be open just below automatically. Next, click the Actions tab. Pay attention to that it launches on your computer. Found something like “explorer.exe http://site.address” or “chrome.exe http://site.address”, then remove this malicious task. If you are not sure that executes the task, check it through a search engine. If it’s a component of unwanted programs, then this task also should be removed.

Having defined the task that you want to get rid of, then click on it with the right mouse button and choose Delete as shown in the figure below.

Delete a task

Delete a task

Repeat this step, if you have found a few tasks that have been created by DNSChanger trojan. Once is finished, close the Task Scheduler window.

Scan your PC system and remove DNSChanger malware with free utilities

Anti-Malware apps differ from each other by many features like performance, scheduled scans, automatic updates, virus signature database, technical support, compatibility with other antivirus applications and so on. We suggest you run the following free software: Zemana Anti-Malware, MalwareBytes Free and HitmanPro. Each of these programs has all of needed features, but most importantly, they can look for this trojan and remove DNSChanger malware from Microsoft Windows 10 (8, 7 and XP) for good. If DNSChanger trojan returns after rebooting your computer, then boot the Windows OS into Safe Mode and run your anti-malware tool once again.




Delete DNSChanger with Zemana Anti-malware

We advise you to use the Zemana Anti-malware that are completely clean your PC system of DNSChanger malware that can cause multiple undesired ads and pop-ups. Moreover, the utility will allow you to remove potentially unwanted programs, malware, toolbars and hijackers that your personal computer can be infected too.

Zemana AntiMalware delete DNSChanger malware that can redirect your web browser to various intrusive pages

  1. Click the following link to download Zemana Free. Save it to your Desktop so that you can access the file easily.
    Zemana AntiMalware
    Zemana AntiMalware
    164877 downloads
    Author: Zemana Ltd
    Category: Security tools
    Update: July 16, 2019
  2. Once the downloading process is done, close all applications and windows on your personal computer. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup.
  3. Further, click Next button and follow the prompts.
  4. Once setup is finished, click the “Scan” button to start checking your PC for the DNSChanger trojan. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your PC system and the speed of your computer. During the scan Zemana AntiMalware (ZAM) will detect threats present on your computer.
  5. After the scan is complete, a list of all threats found is produced. Review the scan results and then click “Next”. Once the cleaning procedure is done, you can be prompted to reboot your personal computer.

Remove DNSChanger malware from internet browsers with HitmanPro

HitmanPro is a free removal tool that can be downloaded and use to get rid of DNSChanger malware that can inject ads into the web pages that you are visiting, browser hijackers, malicious software, potentially unwanted software, toolbars and other threats from your system. You can use this tool to look for threats even if you have an antivirus or any other security program.

Installing the HitmanPro is simple. First you’ll need to download Hitman Pro by clicking on the link below.

HitmanPro
HitmanPro
12223 downloads
Author: Sophos
Category: Security tools
Update: June 28, 2018

After the downloading process is finished, open the directory in which you saved it and double-click the Hitman Pro icon. It will start the HitmanPro tool. If the User Account Control dialog box will ask you want to open the program, press Yes button to continue.

Next, press “Next” to perform a system scan for the DNSChanger trojan and other malware. While the HitmanPro application is scanning, you can see number of objects it has identified as threat.

As the scanning ends, a list of all threats detected is produced as on the image below.

Once you have selected what you want to remove from your PC system press “Next” button. It will display a dialog box, click the “Activate free license” button. The HitmanPro will remove DNSChanger malware and move threats to the program’s quarantine. When the clean-up is complete, the utility may ask you to restart your computer.

Run Malwarebytes to get rid of DNSChanger trojan

We suggest using the Malwarebytes Free that are completely clean your computer of DNSChanger malware. The free tool is an advanced malware removal program developed by (c) Malwarebytes lab. This program uses the world’s most popular anti-malware technology. It is able to help you remove malware from your web browsers, potentially unwanted applications, hijackers, toolbars, ransomware and other security threats from your PC system for free.

MalwareBytes Anti-Malware (MBAM) for Microsoft Windows, scan for virus is done

  1. Click the link below to download the latest version of MalwareBytes AntiMalware for MS Windows. Save it on your Microsoft Windows desktop or in any other place.
    Malwarebytes Anti-malware
    Malwarebytes Anti-malware
    327132 downloads
    Author: Malwarebytes
    Category: Security tools
    Update: April 15, 2020
  2. At the download page, click on the Download button. Your browser will open the “Save as” prompt. Please save it onto your Windows desktop.
  3. After downloading is finished, please close all applications and open windows on your computer. Double-click on the icon that’s named mb3-setup.
  4. This will launch the “Setup wizard” of MalwareBytes Free onto your computer. Follow the prompts and do not make any changes to default settings.
  5. When the Setup wizard has finished installing, the MalwareBytes Anti Malware (MBAM) will start and show the main window.
  6. Further, click the “Scan Now” button to perform a system scan for the DNSChanger trojan . A system scan can take anywhere from 5 to 30 minutes, depending on your system. When a malicious software, adware or PUPs are found, the number of the security threats will change accordingly.
  7. After finished, a list of all threats found is produced.
  8. Review the results once the utility has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click the “Quarantine Selected” button. When finished, you may be prompted to reboot the computer.
  9. Close the Anti-Malware and continue with the next step.

Video instruction, which reveals in detail the steps above.

How to stay safe online

The AdGuard is a very good ad blocking program for the Google Chrome, Mozilla Firefox, Internet Explorer and Edge, with active user support. It does a great job by removing certain types of annoying ads, popunders, popups, unwanted new tab pages, and even full page ads and website overlay layers. Of course, the AdGuard can stop malicious and misleading web-pages automatically or by using a custom filter rule.

AdGuard can be downloaded from the following link. Save it directly to your MS Windows Desktop.

Adguard
Adguard download
26858 downloads
Version: 6.4
Author: © Adguard
Category: Security tools
Update: November 15, 2018

When the downloading process is done, double-click the downloaded file to start it. The “Setup Wizard” window will show up on the computer screen as shown on the screen below.

adguard ad-blocker installer

Follow the prompts. AdGuard will then be installed and an icon will be placed on your desktop. A window will show up asking you to confirm that you want to see a quick instructions as shown on the screen below.

adguard installation is competed

Press “Skip” button to close the window and use the default settings, or click “Get Started” to see an quick guidance that will allow you get to know AdGuard better.

Each time, when you run your computer, AdGuard will run automatically and block pop up ads, web-browser redirects, as well as other harmful or misleading sites. For an overview of all the features of the application, or to change its settings you can simply double-click on the AdGuard icon, that may be found on your desktop.

Repair your Internet settings (Set option “Obtain DNS servers automatically”).

During the installation on the computer, DNSChanger malware can change or damage your Internet/Network settings, so you need to check and restore these settings. Skip this step, if computer uses static ip address (ask your Internet Service Provider).

  • Go to Start -> Control Panel ->Network Connections;
  • Right click your default connection, usually Local Area Connection or Wi-Fi Connection;
  • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically, click OK twice;
  • Go to Start -> Run, enter CMD and click OK;
  • At the Dos Prompt Screen, type in cd\ and then press ENTER;
  • Now type in ipconfig /flushdns and then press ENTER (notice the space after ipconfig);
  • Close the command prompt window;
  • Reboot your PC.

Check and clean all infected machines

  • If you have a home network or other DNSChanger infected machines using your router, you should clean them with the above steps;
  • Now your should reset your router (trojan DNSChanger can change the router’s DNS settings), click Reset button on back side of the router;
  • You may also need to consult with your Internet service provider to find out which DNS servers you should be using.

Finish words

Once you’ve done the few simple steps shown above, your computer should be clean from DNSChanger malware and other unwanted software. The Edge, Internet Explorer, Chrome and Mozilla Firefox will no longer redirect you onto malicious and misleading web-pages when you surf the Web. Unfortunately, if the steps does not help you, then you have caught a new trojan, and then the best way – ask for help.

Please start a new thread by using the “New Topic” button in the Spyware Removal forum. When posting your HJT log, try to give us some details about your problems, so we can try to help you more accurately. Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the DNSChanger trojan.

 

Malware removal Trojan
Useful guides

 Previous Post

SUPERAntiSpyware Free for home use

Next Post 

How to remove safenavweb.com hijacker

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

73 Comments

  1. Lonnie
    ― September 26, 2010 - 1:13 am  Reply

    Thank you but i got it. I just updated my firmware on my router and it was fixed.

  2. Ross
    ― October 28, 2010 - 5:59 am  Reply

    A customer of mine had the av8 virus which even after being removed had left a browser redirect to antimalwarelist.com

    It does not get removed by malwarebytes/spybot/superanti etc. It’s embedded into the MBR. It gets succesfully removed by the above kaspersky tool TDSSKiller.

    Thanks very much!

  3. Bill
    ― January 3, 2011 - 3:07 pm  Reply

    Been fighting this problem for several days. Webroot detected and deleted Winlogonhook, but it kept returning. I finally found the offending dll manually, but the DNS redirection problem continued.

    TDSSKiller looks like it solved the problem. I can now connect with MS update.

    One reminder when working with similar problems, turn off software restore then reactivate once system is clean and working normally.

  4. Javi
    ― January 5, 2011 - 12:13 pm  Reply

    Hey Patrik, I have “Antivirus Scan” and I’m trying to get rid of it. I have downloaded HijackThis and I tried to download Malware Bytes and it said the browser couldn’t find the webpage, so I assumed I needed to remove this TrojanDNSChanger. When I click “properties” after right-clicking “My Computer” it says “Application cannot be executed. The file rundll32.exe is infected. Do you want to activate your antivirus software now?” What do I do now?

  5. Patrik
    ― January 8, 2011 - 8:19 am  Reply

    Javi, follow the instructions http://www.myantispyware.com/2010/12/18/how-to-remove-antivirus-scan-virus-uninstall-instructions/
    Important steps:
    1. reboot in safe mode
    2. reset proxy settings

  6. Al
    ― January 9, 2011 - 4:34 pm  Reply

    I did everything and it seemed to have removed antivirus scan, but even though the machine has an ip address and I can ping my router I can not get online.

  7. Patrik (Myantispyware admin)
    ― January 11, 2011 - 3:36 am  Reply

    Al, try reset proxy settings. Look my previous comment.

  8. Che
    ― April 8, 2011 - 7:37 pm  Reply

    I followed the instructions and now no desktop appears just my screensaver photo-no other icons. help!m

  9. Che
    ― April 8, 2011 - 7:48 pm  Reply

    I tried safemode too and it is the same result, my desktop seems to have been erased?

  10. Simon
    ― September 12, 2011 - 3:51 pm  Reply

    Please help! I found I had the DNS Changer trojan after I ran Super Anti-Spyware. So I removed / quarantined the offending items. But now I can’t get an internet connection. I just get “acquiring network address” as the status?
    Thanks.

  11. jennifer
    ― April 28, 2012 - 6:50 pm  Reply

    thanks so much i had tried everything 🙂 this worked

  12. sharon powers
    ― July 12, 2012 - 12:01 pm  Reply

    cannot get on-line with my pc but can with my laptop. have norton 360 but can’t access it on the pc. help……..when i checked on line to see if my comps had the virus, both were clean, so they said.

  13. sharon
    ― July 12, 2012 - 12:06 pm  Reply

    forgot to mention that i am completly self taught on these things and i tried rebooting to what i thought was a safe date.

« Previous 1 2 3

Leave a Reply Cancel reply

New Guides

Banana Hack Recipe For Weight Loss & Lipo Drops Reviews, Scam or Legit?
Arialief Nerve‑Health Supplement Reviews, Rachel Mathews & Dr Richard Moore?
The Bitcoin Promo Code Scam: A Look Inside Tidexcoin.com
Hunny7.com: A Task App Scam Exposed
HunnyCash.com Review, Free $100 Signup Bonus Scam Exposed

Follow Us

Search

Useful Guides

How to reset Internet Explorer settings to default
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
This setting is enforced by your administrator (Removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]

Recent Guides

SUPERAntiSpyware Free for home use
Fake codecs story continue … found some new fake codecs
HostsXpert – Free hosts file manager
ESET Online Scanner – free malware remover
Found fake microsoft update popup

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.