Trojan.DNSChanger - How to remove?
Trojan.DNSChanger is generic name for Trojans that have ability to change name servers for internet connections. Name servers are responsible in the way domains are resolved, so malware can display completely different websites instead the ones you are looking for. This results in search engine redirection, blockage of legitimate websites (including antivirus makers) and showing advertisement sites instead regular ones. A specific symptom is that unlike trojans that hijack network traffic directly, DNS Changer infection will result in TCP/IP protocol change that is not malware on itself. In some cases, only hosts file is altered and only some websites are redirected. Such settings are easy to fix once malware is gone, but many of remover programs do not detect these changes directly. Thus some parts of repair have to be done manually.
One of the first Trojan.DNSChangers were parasites from Zlob family. This family was extremely popular in 2007-2009, and were used to distribute fake AVs. Nowadays DNS change is still used by various Trojans to implement redirection for making advertisement money and preventing anti-virus software download.
To remove DNSChanger Trojan, one should scan with reputable antivirus or anti-malware program to remove the parasite itself. I recommend Kaspersky, or Malwarebytes Anti-Malware for this task. After removal, make sure you check TCP/IP settings and reset DNS servers to the ones of your ISP. Usually these will not be fixed by software automatically and redirects will continue. For full removal instructions, check our guide on Google Redirect Virus removal. Steps 1 and 2 apply for this type of parasites.
Automatic Trojan.DNSChanger removal toolsWe might be affiliated with some of these programs. Full information is available in disclosure
Manual Trojan.DNSChanger removal
Important Note: Although it is possible to manually remove Trojan.DNSChanger, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on 2-viruses.com.
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Trojan.DNSChanger infected files and get help in Trojan.DNSChanger removal by using Reimage scanner.