- Hundreds of thousands of PCs still at risk worldwide
- FBI ‘ring-fenced’ the virus late last year – but protection ends on Monday
- See below for advice on checking if your computer has been infected
PUBLISHED: 21:06 EST, 7 July 2012 | UPDATED: 10:29 EST, 8 July 2012
Tens of thousands of Americans whose computers are infected with malware will lose Internet service on Monday – but the meltdown is preventable by following a few simple steps.
The impending crash will affect those whose computers have been infected with the nasty ‘Alureon/DNS Changer bot’ when the FBI takes down the servers at 12.01 a.m. on Monday, July 9.
To avoid the meltdown, users need to determine if their computer is infected with DNS Changer. Antivirus software will not have offered protection, and Mac computers are also at risk.
To check, users can visit www.dns-ok.us. If you see a red background, your machine has been infected, and while green signals good news, you could still be at risk.
You can also go to www.dcwg.org, run by the DNS Changer Working Group, a collection of experts the FBI recruited to help with the problem.
The site includes links to commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.
Once there, click on ‘Detect’ and scroll to ‘Manually Checking if your DNS server have been Changed’. Click on the option for your system and follow the step-by-step guide.
THE SIMPLE STEPS TO STAY SAFE
If you are worried about the impending meltdown, follow these steps:
1) Visit this FBI-approved site – http://www.dns-ok.us – and see if you get an ‘all-clear’ green background or an ‘at risk’ red background.
2) If you have a red background, visit http://www.dcwg.org/fix which lists free virus scanner and removal software.
Our personal recommendations from the free range are Microsoft Windows Defender and Avira.
For more information, visit here: http://www.dcwg.org/detect/
Your Internet service provider might also be able to help if you think your computer could have been affected.
Scroll to the bottom of www.dcwg.org/detect to see a list of the pages set up by providers for users.
If you discover that your computer has been infected, you can follow the steps at www.dcwg.org/fix. It is recommended to back up your files.
The cause of the crash is a piece of software, which was designed to redirect you from trusted websites to other sites in a bid to steal personal information and which found its way onto hundreds of thousands of computers last year.
When the attack was noticed, the FBI took the unusual step of setting up a ‘safety-net’, routing infected machines through their server to stop the ‘spoof’ attacks.
These servers will be taken down on 12.01 a.m. on Monday, July 9, and when this happens, people still infected are likely to lose their internet connection without warning.
The warnings about the problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI has set up its special website.
Despite repeated alerts, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April.
Of those still infected, the FBI believes that about 64,000 are in the United States.
Users whose computers are still infected on Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.
According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers.
Grasso said other Internet providers may come up with technical solutions that they will put in place on Monday that will either correct the problem or provide information to customers.
If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims’ computers and could pose future problems.
In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.