This is in continuation with
this
post on FBI shutting down the stand-in DNS Servers on March 8, 2012 and its
implications
In short, the computers affected by the DNSChanger Trojan
will not be able to connect to the internet after March 8 until the DNS
Settings have been fixed. The DNS Checker tool discussed in the above blog post
helps you primarily find whether your system is infected with the DNSChanger
Trojan. You will have to fix your DNS Settings manually to be able to connect
to the internet.
At ManageEngine, we understand the pain of identifying the
affected computers manually and fixing them. We have come up with a script that
will help you identify and fix the affected computers at once. The script can
be executed on multiple computers using ManageEngine Desktop Central
The script can be executed silently (without user input) on
remote computers to:
-
Check whether the computer is affected
-
Check and reset the DNS setting to obtain DNS
automatically
-
Check and change the DNS Servers with the given
IP addresses
Steps to Fix the Affected Systems
-
Download
this script
and rename it to dnschangermalwareremoval.vbs
-
Login to Desktop Central web client
-
Select Configurations –> Configuration –> Custom Script (under
Computer Configurations). This opens the Custom Script Configuration screen for
computers. Specify the following
-
Name and description for the configuration, say
DNS Changer
-
Under Define Configuration, choose Create
-
Select script location as Local and browse to
choose the script that you have downloaded
-
Specify the Script Arguments as below
-
–silent –scan
to scan and identify the affected computers
-
–silent –fix
reset
to identify the affected computers and to reset the DNS settings to
obtain the DNS automatically
-
–silent –fix
,
to identify the affected systems
and change the DNS settings to the ip addresses specified here.
Select
Once
as Execute option
Choose the target computers to run the script
Click Deploy
After successful execution of this configuration
(the state of the configuration should be
Executed
(Failed)*
), you can verify the status of the execution on individual
computers as below:
-
Click Configurations tab and click on the
configuration name
-
Click the “View Complete Execution Status” link
available below the Execution Summary graph
-
Verify the remarks column of the individual
computers to check the status:
-
20001 – refers to the systems that are affected by
this Trojan
-
20002 – refers to the systems that are not
affected by this Trojan
-
20003 – refers to the systems that are affected
and have been successfully fixed
-
If you have chosen to scan and fix and if you do
not see any of the above error codes and find some description here, it means
that there were some problems encountered while executing the script. Read the
description to fix or try running the script manually in one of the computers
with the given arguments.
*This script is being rolled out as a quick fix to the
problem using the current configuration framework without requiring you to upgrade your existing Desktop Central build.
Handling this properly would call for agent upgrades, which might
require some additional effort and time.
We hope that Desktop Central users can make use of this
script to automate and fix the DNS problems.
Sit back and relax while we work for you!
For any assistance, contact desktopcentral-support@manageengine.com
Cheers
You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com
The original article/video can be found at Worried of FBI’s Blackout? Let ME help you to fix your DNS