DNS Hijack Removal
- The DNS Hijack changes its form to accommodate its need to survive and hide from Trojan removal programs. When a program finds DNS Hijack, it changes into a something resembling a system file and hides within the System Restore files. They are part of the operating system, which the computer needs to run. Security programs pass over the infected "system files" thinking they are safe. The Trojan then continues and allows other infections to access and infect the system.. This infection spreads by opening infected Web pages and then infecting the browser. It then migrates to the System Restore files. The infection also spreads through sending and opening infected attachments.
- The biggest symptom of this Trojan is redirected traffic. The Trojan will take any search term and use it to display a search results page with bogus results. The results usually contain links to other infectious pages. While you are waiting for pages to load, the message "Waiting for 7.7.7.0..." appears in the status bar of the browser's bottom left corner. Sometimes that message will contain the name of the intended site but show ".com.com" as the domain instead of ".com." All traffic and searches slow considerable or stop completely. If you manage to download an item, the process halts or the infection corrupts the files. When you are trying to open the item, a message appears stating the file is corrupt. The infection knows the name of antimalware programs and corrupts the files while downloading them.
- Back up all data to an outside source. Disable Autorun so the infection does not infect the new security program when you open it. Disable System Restore so the antimalware can clean the infection from the system files. Obtain a data CD or a USB flash drive. Download Malwarebytes Anti-Malware 1.44 from any reputable website such as CNet.com or Softpedia.com. Use an uninfected computer to download the program to the disk or flash drive. When prompted to save the program, rename it before downloading so that it passes by the infection unnoticed when you install it to use. Insert the CD or the Flash drive into the proper drive on the infected computer. Click "Start," then "My Computer," and double-click the drive with the program on it. Double click the renamed program to run the "InstallShield Wizard." Follow the prompts allowing the Wizard to install the program. Do not change any of the available options. When the process is finished, a dialog box will appears. Check the boxes labeled "Update Malwarebytyes" and "Launch Malwarebytes" to open the program. Click the "OK" button when the program opens to close the dialogue box. The program will ask you to update again. This is unnecessary because you just did during installation. Click the "Scanner" tab, check the radio button labeled "Perform full scan," then the "Scan" button. This starts the scan. It could take up to three or four hours to complete, and depends on your system's capacity. When the process is finished, in the dialogue box, click "OK" and then click the "Show Results" button. Click to check all of the boxes next to the items in the list. Click "Remove Selected" to delete the infection. When the program is finished deleting the infectious files, a report will appear in Note Pad. Either save or delete it according to your preference. Click the "Close" button at the top right of the program, and you will be finished.
