Trojan.DNSChanger - How To Remove?
Trojan.DNSChanger is generic name for Trojans that have ability to change name servers for internet connections. Name servers are responsible in the way domains are resolved, so malware can display completely different websites instead the ones you are looking for. This results in search engine redirection, blockage of legitimate websites (including antivirus makers) and showing advertisement sites instead regular ones. A specific symptom is that unlike trojans that hijack network traffic directly, DNS Changer infection will result in TCP/IP protocol change that is not malware on itself. In some cases, only hosts file is altered and only some websites are redirected. Such settings are easy to fix once malware is gone, but many of remover programs do not detect these changes directly. Thus some parts of repair have to be done manually.
One of the first Trojan.DNSChangers were parasites from Zlob family. This family was extremely popular in 2007-2009, and were used to distribute fake AVs. Nowadays DNS change is still used by various Trojans to implement redirection for making advertisement money and preventing anti-virus software download.
To remove DNSChanger Trojan, one should scan with reputable antivirus or anti-malware program to remove the parasite itself. I recommend Kaspersky, or Malwarebytes Anti-Malware for this task. After removal, make sure you check TCP/IP settings and reset DNS servers to the ones of your ISP. Usually these will not be fixed by software automatically and redirects will continue. For full removal instructions, check our guide on Google Redirect Virus removal. Steps 1 and 2 apply for this type of parasites.