Skip to content

Ghost Click DNS Changer Countdown

Time is running out.

Make sure you'll have online access when
Rove Digital servers come down

Last fall, cybercrime gang Rove Digital was busted by the FBI’s Operation Ghost Click. Shutting down the servers infected by their DNS changer Trojan could leave you without Internet access if you were affected. Take steps now to ensure you’re still connected when the servers come down July 9, 2012.


 

  If your computer is infected with a Rove Digital DNS changer Trojan If you’re not sure if your computer has been infected with a Rove Digital DNS changer Trojan
Windows
  1. Back up all of your important files onto a portable hard drive.
  2. Scan your system with our free tool, HouseCall. Remove the DNS changer Trojans that have infected your computer.
  3. To manually reset your Windows 7 computer’s DNS settings, click the Start button or the Windows icon on the lower-left part of your screen. Type cmd in the Search box and hit Enter.

If you’re using Windows 7, open the Start menu by clicking the Start button or the Windows icon on the lower-left part of your screen.

Type cmd in the Search box and hit Enter.

If you’re using Windows XP, click Run, type cmd then hit Enter. Then complete the following instructions.
  1. In the Command Prompt window (a black window with white text), type ipconfig/flushdns then hit Enter.
  2. You should see a prompt saying, “Successfully flushed the DNS Resolver Cache.”
  3. Check if your DNS settings have been reset by using this FBI-provided online tool.
  4. After fixing your computer, look at your home router and make sure this automatically uses the DNS settings provided by your ISP. You’ll need your ISP’s help in resetting the DNS settings of your router.
  1. In the Command Prompt window (a black window with white text), type ipconfig/all then hit Enter.
  2. Look for the entry, DNS Servers, and take note of the IP addresses listed under it.
  3. Check if any of the IP addresses correspond to Rove Digital servers using this FBI-provided online tool.

 

To use the tool, simply enter the IP addresses one by one and click the Check Your DNS button.

Changing DNS settings is only one of the functions of DNS changer Trojans. It is a good idea to check your bank statements and credit reports as well as change your online account passwords, especially those saved in applications or your web browsers.
Mac OS X
  1. Back up all of your important files onto a portable hard drive.
  2. Scan your system with your anti-malware solution. Remove the DNS changer Trojans that have infected your computer.
  3. To manually reset your computer’s DNS settings, click the Apple icon on the top-left part of your screen and select System Preferences.
  4. In the System Preferences panel, select the Network icon.
  5. When the Network window opens, click Advanced.
  6. Look for DNS then go to the Settings tab. Delete all of the entries under it and your DNS settings should go back to the default.
  7. Check if your DNS settings have been reset by using this FBI-provided online tool.
  8. After fixing your computer, look at your home router and make sure this automatically uses the DNS settings provided by your ISP. You’ll need your ISP’s help in resetting the DNS settings of your router.
  1. Click the Apple icon on the top-left part of your screen and select System Preferences.
  2. In the System Preferences panel, select the Network icon.
  3. When the Network window opens, select the currently active network connection on the left.
  4. Look at the right side of the panel then select the DNS tab.
  5. Take note of the IP addresses of the DNS servers your computer is configured to use.
  6. Check if any of the IP addresses correspond to Rove Digital servers using this FBI-provided online tool.

 

To use the tool, simply enter the IP addresses one by one and click the Check Your DNS button.

Changing DNS settings is only one of the functions of DNS changer Trojans. It is a good idea to check your bank statements and credit reports as well as change your online account passwords, especially those saved in applications or your web browsers.

What is Rove Digital?

Rove Digital is the Estonia-based mother company of Esthost, EstDomains, Cernel, UkrTelegroup, and many other less-known shell companies that engaged in organized cybercrime since 2002.

Why should you care about the impending Rove Digital rogue DNS server shutdown?

If infected computers are not cleaned and if their DNS settings are not reset, they will lose their connection to the Internet once the Rove Digital DNS servers are shut down.

Why is it important to rid your system of DNS changer Trojans?

Apart from losing Internet access, cybercriminals can also use DNS changer Trojans to log your keystrokes and/or use your system as proxy to direct other users to fake bank and social networking sites. Doing so would allow them to steal your and others’ online banking and social media credentials.

Rove Digital, which was taken down on November 8, 2011, was best known for spreading DNS changer Trojans to support their malicious operations. Take a look at Rove Digital’s cybercrime history as depicted in the TrendLabs infographic, “The Rise and Fall of Rove Digital.”

For more information on DNS changer Trojans and how Rove Digital extensively used them for financial gain, read the Threat Encyclopedia web attack entry, “How DNS Changer Trojans Direct Users to Threats.

Visit the following Trend Micro sites as well to arm yourself with knowledge:

TrendLabs Malware Blog:

 

CounterMeasures Blog:

 

Threat Encyclopedia


Social Media

Connect with us on