regarding this week's malware of teh century, namelydnschanger....

  • Thread starter Thread starter danny burstein
  • Start date Start date
D

danny burstein

Anyone know if the "microsoft malicious software removal tool"
(more or less its name) that m-soft keeps updating every
few intervals and pushing out to Windows computers...

..... anyone know if it handles dnschanger?

thanks
 
danny said:
Anyone know if the "microsoft malicious software removal tool"
(more or less its name) that m-soft keeps updating every
few intervals and pushing out to Windows computers...

.... anyone know if it handles dnschanger?

There is a common misconception about this *new* problem. It's not some
new malware, it's old malware that had changed settings to use "bad" DNS
servers. When the malware related servers were taken over by the good
guys and the malware cleared up on local machines they became dependent
upon those good guy owned "bad" servers for the normal operation of DNS
which is almost critical for resolving URLs.

The good guys are now ready to wean the affected (previously infected)
local machines off from the "bad" servers, and thus all of the hoopla.
 
There is a common misconception about this *new* problem. It's not some
new malware, it's old malware that had changed settings to use "bad" DNS
servers. When the malware related servers were taken over by the good
guys and the malware cleared up on local machines they became dependent
upon those good guy owned "bad" servers for the normal operation of DNS
which is almost critical for resolving URLs.
The good guys are now ready to wean the affected (previously infected)
local machines off from the "bad" servers, and thus all of the hoopla.

In the words of Commodore Decker from Star Trek (the one
and only, no "pre" or "post" or "second" or "rebooted"),
"don't you think we know that?"

My question, as expanded a bit, is whether the m-soft
download, which anyone doing updates has gotten, gets
rid of teh malware _and_ also resets the DNS back
to the pre-infection default.
 
My understanding is the monthly downloaded MRT will not alter the Windows PC
DNS Table. It will only remove the DNSChanger trojan.

Thanks for the pointer. If you're correct, then one (I'll volunteer)
should scream out loudly:

Dear Redmond:
Add the fixxer upper. Please.
Thank you.
 
My question, as expanded a bit, is whether the m-soft
download, which anyone doing updates has gotten, gets
rid of teh malware _and_ also resets the DNS back
to the pre-infection default.

yeah, about that. how exactly is a program supposed to know what your
DNS settings were before you got infected?

this isn't a setting that has a default value that you can set it back
to and have things work.

the DNS setting in question, specifically, is the address of the DNS
server your computer connects to when it wants to look up the
numerical IP address associated with a domain name (necessary for
reaching any website unless you're entering the IP address yourself).
for most people that DNS server is the one their ISP provides. even if
a program were to detect which ISP you used, and had a listing of
every DNS server provided by every ISP (a pretty monumental
undertaking), not everyone uses their ISP's DNS so a recovery program
still wouldn't be able to restore the right one.

restoring altered DNS settings is outside the scope of what a clean up
tool (like the one microsoft provides) can do.
 
kurt said:
restoring altered DNS settings is outside the scope of what a clean
up tool (like the one microsoft provides) can do.

The cleanup tool can (or should) perform a test to see *if* your system
is using a known-malicious DNS server (just as these tests are possible
as some third-party websites perform this service). Even if the tool
can't change the system's DNS-server setting (* because it doesn't know
what it should change it to) telling the user that the system has a bad
DNS setting is a necessary first step at fixing the problem.

---
* Even that is debatable, since the system's DNS server setting
could be changed to point to a known-good public DNS server.
Even if the user's router or modem has been comprimized to
provide a malicious DNS server via DHCP, that can be by-passed
by hard-coding a known-good public DNS server setting on a
system's TCP/IP properties.
---
 
The cleanup tool can (or should) perform a test to see *if* your system
is using a known-malicious DNS server (just as these tests are possible
as some third-party websites perform this service).  Even if the tool
can't change the system's DNS-server setting (* because it doesn't know
what it should change it to) telling the user that the system has a bad
DNS setting is a necessary first step at fixing the problem.

agreed, a cleanup tool should be able to do that. i'm not sure
microsoft's tool (or the design philosophy) incorporate user feedback,
however. my guess is that such notifications would generate support
requests that they don't have the capability to deal with.
 
Back
Top