Worried of FBI’s Blackout? Let ME help you to fix your DNS

This is in continuation with


post on FBI shutting down the stand-in DNS Servers on March 8, 2012 and its

In short, the computers affected by the DNSChanger Trojan
will not be able to connect to the internet after March 8 until the DNS
Settings have been fixed. The DNS Checker tool discussed in the above blog post
helps you primarily find whether your system is infected with the DNSChanger
Trojan. You will have to fix your DNS Settings manually to be able to connect
to the internet.

At ManageEngine, we understand the pain of identifying the
affected computers manually and fixing them. We have come up with a script that
will help you identify and fix the affected computers at once. The script can
be executed on multiple computers using ManageEngine Desktop Central

The script can be executed silently (without user input) on
remote computers to:

  • Check whether the computer is affected

  • Check and reset the DNS setting to obtain DNS

  • Check and change the DNS Servers with the given
    IP addresses

Steps to Fix the Affected Systems


  1. Download

    this script

    and rename it to dnschangermalwareremoval.vbs

  2. Login to Desktop Central web client

  3. Select Configurations –> 
    Configuration –> Custom Script (under
    Computer Configurations). This opens the Custom Script Configuration screen for
    computers. Specify the following

  1. Name and description for the configuration, say
    DNS Changer

  2. Under Define Configuration, choose Create

  3. Select script location as Local and browse to
    choose the script that you have downloaded

  4. Specify the Script Arguments as below

  1. –silent –scan

    to scan and identify the affected computers

  2. –silent –fix

    to identify the affected computers and to reset the DNS settings to
    obtain the DNS automatically

  3. –silent –fix

    to identify the affected systems
    and change the DNS settings to the ip addresses specified here.

  • Select


    as Execute option

  • Choose the target computers to run the script

  • Click Deploy

  • After successful execution of this configuration
    (the state of the configuration should be


    ), you can verify the status of the execution on individual
    computers as below:

    1. Click Configurations tab and click on the
      configuration name

    2. Click the “View Complete Execution Status” link
      available below the Execution Summary graph

    3. Verify the remarks column of the individual
      computers to check the status:

    1. 20001 –
       refers to the systems that are affected by
      this Trojan

    2. 20002 – refers to the systems that are not
      affected by this Trojan

    3. 20003 – refers to the systems that are affected
      and have been successfully fixed

    4. If you have chosen to scan and fix and if you do
      not see any of the above error codes and find some description here, it means
      that there were some problems encountered while executing the script. Read the
      description to fix or try running the script manually in one of the computers
      with the given arguments.

    *This script is being rolled out as a quick fix to the
    problem using the current configuration framework without requiring you to upgrade your existing Desktop Central build. 
    Handling this properly would call for agent upgrades, which might
    require some additional effort and time.

    We hope that Desktop Central users can make use of this
    script to automate and fix the DNS problems.

    Sit back and relax while we work for you!

    For any assistance, contact desktopcentral-support@manageengine.com


    You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com

    The original article/video can be found at Worried of FBI’s Blackout? Let ME help you to fix your DNS

    Leave a Reply

    %d bloggers like this: