DNS changer is a malicious computer infection that usually disables the computer’s antivirus programs and manipulates users by redirecting them to suspicious and dangerous websites. Criminals behind the malware can control what websites are visited by computer users. This is achieved by changing the settings of DNS servers. DNS servers are vital for using the Internet, because without the servers and DNS (Domain Name System), users would not be able to browse the internet, chat online, send e-mails or use other services available on the Internet.
Usually, the presence of DNS changer causes lack of Internet connection and disorders of the system. It is essential to get rid of this infection, which can get in the system in various ways of social engineering. Moreover, there is a strong possibility that along with DNS changer, the system is infected with other malware, which of course should be removed from the system.
Importantly, DNS changer can access other devices connected to the victim’s SOHO (Small office/ home office) network. If the user has not changed the default username and password of the device, the malware can access the machine and make DNS servers in there. It also refers to, for example, routers that can be infected by the malware.
It is useful to check the settings of DNS Servers to see whether the computer is infected or not. To do so, if your OS is Windows, open Run and type cmd.exe and press OK. In the black windows, type “ipconfig /all” and press Enter. Find the line DNS Servers and look at the IP address. If you find the IP address that correspond with the range given below, your computer is infected with DNS changer.
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255
Typically, private IP addresses of home or office computers with high-speech Internet connection are provided by DHCP from a device on the network, and then the IPs range from 192.168.0.0 to 192.168.255.255, from 172.16.0.0 to 172.31.255.255 and from 10.0.0.0 to 10.255.255.255.
Do not hesitate to delete the malware from your system, because only after the removal of the infection, the system will start running normally. The infection should be removed by an appropriate application able to terminate malware. Remember that you should use a legitimate and powerful tool to delete the infection, because only with a reputable application you will achieve the desired results.