update on my PC woes
Apr. 20th, 2010 01:31 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
johncomicMy PC is alive and well, and no re-install of anything was required, no loss of data, etc -- happy ending all round! For the curious among you, what happened (as near as I can gather) was:
my PC was hit with something called Trojan.DNSChanger which changed the static DNS number settings in my wireless router. This in essence creates a backdoor into any machine connected to my network. My anti-malware was able to detect and remove this trojan, but unable to detect or do anything about the DNS settings in my router because it's a separate distinct piece of hardware which doesn't get scanned by them. So these rogue DNS settings allowed the trojan to pop right back in as soon as it was removed -- it was never really gone. These DNS settings also allowed it to control my internet access and create such problems as the Google misdirections, the “unable to connect to anti-malware websites”, etc.
This also meant that when I took my PC into the shop, they couldn't find anything wrong and couldn't duplicate the problems I was having -- because the problem was in my router, not in the PC. Hooked up to a different router, everything was working fine.
Anyhoo, Ken at the shop walked me thru how to locate and fix my DNS settings, and since then all has been peachy. What still puzzles me is why no one else I was dealing with came close to suspecting the true nature of the problem? I'm wondering if this “bug that can attack hardware other than your PC” is a relatively new development in malware. In which case, should I feel honoured to be one of their first test cases?
my PC was hit with something called Trojan.DNSChanger which changed the static DNS number settings in my wireless router. This in essence creates a backdoor into any machine connected to my network. My anti-malware was able to detect and remove this trojan, but unable to detect or do anything about the DNS settings in my router because it's a separate distinct piece of hardware which doesn't get scanned by them. So these rogue DNS settings allowed the trojan to pop right back in as soon as it was removed -- it was never really gone. These DNS settings also allowed it to control my internet access and create such problems as the Google misdirections, the “unable to connect to anti-malware websites”, etc.
This also meant that when I took my PC into the shop, they couldn't find anything wrong and couldn't duplicate the problems I was having -- because the problem was in my router, not in the PC. Hooked up to a different router, everything was working fine.
Anyhoo, Ken at the shop walked me thru how to locate and fix my DNS settings, and since then all has been peachy. What still puzzles me is why no one else I was dealing with came close to suspecting the true nature of the problem? I'm wondering if this “bug that can attack hardware other than your PC” is a relatively new development in malware. In which case, should I feel honoured to be one of their first test cases?
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-04-20 08:36 pm (UTC)no subject
Date: 2010-04-20 08:54 pm (UTC)• Password-protect your router and do it with a decent password
• Watch what you double-click -- easiest way to get a Trojan installed it to disguise it as an MP3 or some other "file." The executable part can launch, do some nasty business, and then pass an actual MP3 on to a music player. So you never see what it's doing.
You might also think about something like ZoneAlarm, that will track outbound packets (i.e., sent by a Trojan and containing your bank account info), not just inbound packets like a firewall.