This is in continuation with this post on FBI shutting down the stand-in DNS Servers on March 8, 2012 and its implications

In short, the computers affected by the DNSChanger Trojan will not be able to connect to the internet after March 8 until the DNS Settings have been fixed. The DNS Checker tool discussed in the above blog post helps you primarily find whether your system is infected with the DNSChanger Trojan. You will have to fix your DNS Settings manually to be able to connect to the internet.

At ManageEngine, we understand the pain of identifying the affected computers manually and fixing them. We have come up with a script that will help you identify and fix the affected computers at once. The script can be executed on multiple computers using ManageEngine Desktop Central

The script can be executed silently (without user input) on remote computers to:

  • Check whether the computer is affected
  • Check and reset the DNS setting to obtain DNS automatically
  • Check and change the DNS Servers with the given IP addresses

Steps to Fix the Affected Systems  

  1. Download this script and rename it to dnschangermalwareremoval.vbs
  2. Login to Desktop Central web client
  3. Select Configurations –> Configuration –> Custom Script (under Computer Configurations). This opens the Custom Script Configuration screen for computers. Specify the following
    1. Name and description for the configuration, say DNS Changer
    2. Under Define Configuration, choose Create
    3. Select script location as Local and browse to choose the script that you have downloaded
    4. Specify the Script Arguments as below
      1. -silent -scan to scan and identify the affected computers
      2. -silent -fix reset to identify the affected computers and to reset the DNS settings to obtain the DNS automatically
      3. -silent -fix “<ip address 1>,<ip address2>” to identify the affected systems and change the DNS settings to the ip addresses specified here.
    5. Select Once as Execute option
    6. Choose the target computers to run the script
    7. Click Deploy
  4. After successful execution of this configuration (the state of the configuration should be Executed (Failed)* ), you can verify the status of the execution on individual computers as below:
    1. Click Configurations tab and click on the configuration name
    2. Click the “View Complete Execution Status” link available below the Execution Summary graph
    3. Verify the remarks column of the individual computers to check the status:
      1. 20001 – refers to the systems that are affected by this Trojan
      2. 20002 – refers to the systems that are not affected by this Trojan
      3. 20003 – refers to the systems that are affected and have been successfully fixed
      4. If you have chosen to scan and fix and if you do not see any of the above error codes and find some description here, it means that there were some problems encountered while executing the script. Read the description to fix or try running the script manually in one of the computers with the given arguments.

*This script is being rolled out as a quick fix to the problem using the current configuration framework without requiring you to upgrade your existing Desktop Central build.  Handling this properly would call for agent upgrades, which might require some additional effort and time.

We hope that Desktop Central users can make use of this script to automate and fix the DNS problems.

Sit back and relax while we work for you!

For any assistance, contact desktopcentral-support@manageengine.com

Cheers

  1. Damon Slocumb

    In using the script included in this article, is there a way to specify which DNS server(s) are primary and secondary? I need the servers to be specified in a certain order.

    • Ananth

      In this command: -silent -fix “,”

      is the primary DNS server and
      is the secondary

      Hope this helps!