« Continue Browsing

e-mail article Print     e-mail article E-mail

Brandi Jewett, Forum Communications, Published July 07 2012

Mass malware deadline comes tonight

GRAND FORKS – If you haven’t taken the time to scan your computer for malicious software infections, you may want to do so before bedtime tonight.

At 11:01 p.m., computers infected with the “DNS Changer Trojan” malware will lose Internet service when the safety net system the FBI has been using to keep them online since last year is shut down.

In the Red River Valley, however, Internet providers and computer virus experts say they don’t foresee any major issues.

“I don’t think we’ll be seeing a big problem with our customers,” said Kevin Kargel, a system administrator for Polar Communications, which covers 11 counties in northeast North Dakota. “We’re hoping it will be a nonevent.”

Tom Simmons, senior vice president of Midcontinent Communications, said the company has been taking a proactive approach to the malware issue. The company covers areas of North and South Dakota, including much of the Red River Valley; Minnesota and Wisconsin.

“We’ve identified 25 business customers and 125 residential customers with the problem,” he said. “We’ll be working through the weekend to contact all of them.”

Andrew Pedersen, a technician with The Computer Place, said the Fargo store has not yet seen any customers come in worried about the malware virus.

Pedersen said anyone concerned they have the virus can bring it to any local repair shop to have it removed. At The Computer Place, virus removal can range from $49 to $99.

“It depends on how malicious (the virus) is,” he said.

At its peak, DNS Changer infected an estimated

4 million computers around the world, earning the criminals who developed it some $14 million. The number of infections has since receded.

According to the FBI, there are about 277,000 around the world, down from about 360,000 in April. There are an estimated 64,000 infected computers in the United States.

Kargel said Polar customers with infected computers will be given instructions on how to correct the problem by changing the Domain Name System settings on their computers.

The DNS is responsible for converting website names into the Internet protocol addresses that computers use to communicate with one another.

DNS Changer changes the DNS settings on infected computers and reroutes Internet traffic to fraudulent servers. The computers then receive ads sold by developers of DNS Changer or are directed to websites of advertisers.

When the FBI arrested the malware’s developers in Estonia and seized the fraudulent servers in November, it substituted clean servers so that infected computers would not suddenly lose Internet access.

To find out if your computer is infected, use free online tests offered by the DNS Changer Work Group, the group at the forefront of the malware battle, and other groups. The DCWG’s test is at www.DCWG.org.

If your computer is infected, the DCWG recommends you backup your files first and then use a malware removal tool, such as McAfee Stinger, Norton Power Eraser, Microsoft Windows Defender Offline, MacScan, Kaspersky Lab TDSSKill and Trend Micro Housecall. All are free to download. See links at DCWG’s website.

The DCWG also recommends that you apply more than one removal tool, to ensure that you have completely erased the threat.


My computer has the malware. Now what?

• Be sure to back up your files to a flash drive or an external hard drive.

• Run a malware removal tool such as McAfee Sting, Norton Power Eraser, Microsoft Windows Defender Offline, MacScan, Kaspersky Lab TDSSKill or Trend Micro Housecall. Run more than one tool to be sure all infections are gone. Links to the tools are available at www.DCWG.org.

• Re-scan your computer to ensure the threat is eliminated.

• It’s Monday and I have no Internet: Call your internet service provider for further instructions.


Brand Jewett writes for the Grand Forks Herald

The Associated Press and Forum reporter Wendy Reuer contributed to this report.