Win32.DNSChanger VJ.Trj
Some anti-virus program detects this Trojan as Win32:DNSChanger-VJ [Trj]. Its main purpose is to assign unknown Domain Name Server (DNS) settings for the infected computer.
Win32.DNSChanger VJ.Trj is a harmful Trojan that modifies infected computer’s Domain Name Server (DNS) settings to be able to redirect traffic to predefined unwanted web sites. Win32.DNSChanger VJ.Trj may display advertisements on the compromised machine while user is browsing the web.
Alias: Win32:DNSChanger-VJ (Trj), Win32.DNSChanger-VJ
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
When executed, Win32.DNSChanger VJ.Trj immediately alters the “NameServer” key value to an attacker specified IP address. The Trojan typically applies the IP address for specific purposes. Modified DNS values will connect the infected computer to a newly allocated DNS server and redirect web request to a different site.
Win32.DNSChanger VJ.Trj is designed with moneymaking as its main purpose. To gain profit from the web, it requires huge traffic from Internet users. The Trojan attempts to achieve its objective by applying the technique of diverting victim’s traffic to assigned web servers. It will make user to be involve with this fraudulent moneymaking scheme without their full knowledge.
Overall, Win32.DNSChanger VJ.Trj will function as follows:
- Manipulate search result and redirect Internet browser to a predefined web page.
- Redirect user’s browser to a misleading security web sites and entice them to download rogue software.
- Display excessive pop-up advertisements for various products.
- Contact a remote server to update itself and download additional configuration file.
Distribution
Win32.DNSChanger VJ.Trj is known to infected computers using the following method:
- May arrive as an attached file to spam email messages
- Masquerade as coder/decoder for adult web sites
- Uses Internet messaging programs to send malicious links pointing to a Trojan
- Infects executable files from file-sharing networks
- Run a script to infect visitors of infected legitimate web sites
How to Remove Win32.DNSChanger VJ.Trj
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Win32.DNSChanger VJ.Trj, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Win32.DNSChanger VJ.Trj. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.
red_ivy
Dec 07, 2011 @ 23:25:04
Two days ago, I was infected with a malware called Vista Internet Security 2012. On the same day, my Avast keeps on detecting Win32.DNSChanger VJ.Trj. I scanned my computer using Avast and deleted some files but Win32.DNSChanger VJ.Trj remains and I think my AV cannot remove it. So, I do another scan using malwarebytes and found another couple of files. However, when I restart the computer, Avast still detects the Trojan.
Two days after, I updated malwarebytes database and run another scan. MBAM found Trojan Agent and it successfully removes it. So far, my computer is working fine and no more Win32.DNSChanger VJ.Trj. In my conclusion, it was MBAM with database version 8330 that took care of the virus.