Tips and Tricks

Prepare for a Black Hole in the Internet – Fix Your PC before July 9th

In November 2011, the Federal Bureau of Investigations took over a series of DNS servers that had been used by cyber-criminals to redirect users’ traffic to potentially risky locations they control. However, as disruption of the DNS system has a huge impact on the way PCs communicate over the Internet, the Bureau substituted the rogue DNS servers with valid ones to keep resolving internet names.

This will end on July 9, when the substitute servers will be taken offline, making communication nearly impossible for the average user if their DNS settings were tampered with. After July 9th, any computer using these rogue DNS servers will be unable to resolve domain names. The FBI says about 500,000 computers are infected, based on the number of PCs connected to the servers they seized alone. The total number of affected users could run much high.

To restore the computer to a functioning state, Bitdefender has developed a free tool that assesses the status of the DNS settings and prompts the user when rogue DNS settings are found. Please read through this document to see how to restore your system settings to normal and ensure permanent connectivity after July 9th.

[wpdm_package id=21]

What exactly is the role of DNS?

 Computers and other devices connect to the network using what is called IP addresses – series of numbers that identify them. For instance, the website has an IP address of Since IP addresses are difficult to remember for humans, the DNS (Domain Name System) acts like a phone directory: if you know who to call, you only need to look up the person’s name and the phone brings up the number. Similarly, the DNS server converts domain names into IP addresses.

If the DNS system is tampered with, chances are that the IP address of your favorite e-banking website, e-mail service or social network will lead you to a web page that is actually controlled by the attacker. This way, any data you pass to the website (including authentication information), lands into the wrong hands without the user even realizing it.

 What will happen on July 9th?

 On July 9th, the FBI will shut down these temporary name servers. Without DNS servers to convert domain names to addresses, computers will be unable to function properly. You will still be able to browse the web by entering IP addresses instead of URLs in the browser, but this is not only inconvenient, but also may not work in some circumstances.

 How can I fix things up and avoid disruption?

 First and foremost, you need to identify whether your DNS settings have been replaced with rogue DNS entries. Please download and run the DNS Changer Detector. If the tool reports that your system is clean, you have nothing to worry about. If it shows signs of subversion, follow these steps to fix your PC.

  1. First and foremost, rid your PC of malware. The DNS settings have likely been changed by an active infection on your PC. Run a 60-second QuickScan to see if you are infected, then manually clean the DNS Changer malware from your PC. Alternatively, you may want to install a 30-day trial of Bitdefender Internet Security 2012 that will clean the system for you automatically. It is mandatory that you clean up your machine before changing the DNS settings. Otherwise, the malware on your PC will likely change these settings back.
  2. Run the DNS Changer Fix-it tool and let it adjust your DNS settings. Depending on the type of connection you have, the DNS changer will try to restore you the recommended DNS settings and will inform you if the problem has been solved or not.

The DNS Changer Checker is available courtesy of Bogdan Timofte, Malware Researcher at Bitdefender.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment
  • Hi Bogdan, hi there!

    interesting article! i tried to scan my pc with your tool and i got the message: “an error occured”, so no scan has been possible…do you have any advice helping to solve the problem?

    best wishes,

  • DNS Changer Detector tool does not work. Every time I try to run it, it says an error has occurred, check log and all the log tells me is one network adapter found. Pretty useless tool for me anyway.

  • I tried it and it worked for me. But first you must extract the files from the archive into a directory, then try to run it.


  • Buna ziua
    am incercat sa rulez aplicatia dar imi da mesaj de eroare “an error has occurred, please check the log”

    Ce trebuie sa fac ?

    O zi cat mai buna

  • Alright, good guys should be smarter than the bad guys. This is not the case, BDDnsChangerDetector.exe is logging without “running” the cleaner this stupid error

    2012-07-09 08:51:35.138 000000001765 009956 006880 [BDDnsChanger] [BDDnsChanger] [ INFO] [htmlayout::MainDlg::ScanningThre] Aquiring network information.
    2012-07-09 08:51:35.138 000000001765 009956 006880 [BDDnsChanger] [BDDnsChanger] [ INFO] [ BDDnsChecker::AquireNetworkInfo] Found 2 network adapters.

    It really pays for Windows users to run their wonderful piece of marvel.

  • Intru pe net mai mult de 3 zile pe saptamana, si cu toate acestea
    inca nu am citit articole la fel de citibile ca ale dumneavoastra.
    E destul de interesant pentru mine. Dupa parerea
    mea, daca toti web owners si blogerii ar face
    comentarii la fel de interesante ca ale dvs, netul ar
    fi cu mult mai util decat a fost pana in acest moment.
    Mi-a fost imposibil sa nu va scriu. Cu grija scris!