Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1


    Member Since
    Jun 27, 2012
    Posts
    7
    Help! How do I change my DNS server settings on router?
    Hello! I think this is a hardware problem, isn't it?

    This might be old news for some but I only found out about this malware a few days ago. Sorry if this is a bit of a long winded post.

    This malware infects a computer with malicious software (DNS Changer) to change the userís DNS server settings to replace the ISPís good DNS servers with bad DNS servers operated by the criminal.

    I used MacScan which found the DNS Changer malware. I isolated it and dumped it in the trash and emptied the trash as instructed. I am still getting the Google alert telling me my computer is infected Ė this time a different colour! The websites set up to tell you if you are infected are also telling me that I am still infected. Iíve read some other stuff on the internet so I know my router has been affected. Through a command in Terminal in Utilities, it shows it has 2 DNS servers that have been identified as one of the many rogue DNS servers set up by the criminals.

    Iíve got an iMac PowerPC G4. Itís just my home computer about 7 years old and Iím using the Built -in- Ethernet. So I need to replace the rogue DNS servers with good ones. I did speak to my ISP provider and was told that as my Mac is using DHCP it means that my router cannot be infected - which goes to show how much they know. Iíve done some research on line but I canít find instructions specific enough to enable me to change my DNS settings especially as my machine is an older one. This is what I have:

    I click on Network.
    Built-in-Ethernet is green because thatís what Iím using. But there is no ĎAdvancedí button to press. Just Configure.
    I press Configure.
    Location: is ĎAutomaticí
    Show: is Built-in-Ethernet
    My button options are TCP/IP, PPPoE, AppleTalk, Proxies, and Ethernet. There is no DNS button across the top of the box with these others.

    Under TCP/IP it says Configure IPv4 in front of a drop down menu that is showing ĎUsing DHCPĒ
    Under this there is my IP address.
    There is a Subnet Mask number printed as well.
    And under that is the printed Router number: 77.102.28.1. These are printed, they cannot be altered and they are not the same IPs that showed up when I used Terminal.

    Under this is the DNS Servers box which is empty.
    Under this the Search Domains box is also empty
    Under this is IPv6 Address which is a long line of letters and numbers, lots of 0s. Plus the option to Configure IPv6.

    There are no DNS servers for me to remove and replace in the boxes. So how do I change them?

    Any help would be much appreciated as the FBI, who have caught the criminals behind it and who are now maintaining those ďrogueĒ (actually no longer rogue) DNS servers will be turning them off on July 9th and if I havenít fixed this problem by then I will be cut off from the internet. Thanks

  2. #2

    louishen's Avatar
    Member Since
    Oct 22, 2007
    Location
    London
    Posts
    8,968
    Specs:
    Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver
    I shouldn't think you've been infected unless you are getting web redirects to gambling or pown sites

    But what router do you have?
    Member of the Month September 2008 & August 2012 | Found advice useful? Ė use the rep system

  3. #3

    Adric's Avatar
    Member Since
    Mar 28, 2012
    Location
    Atlanta, GA
    Posts
    263
    Specs:
    27" iMac (Mid 2011), 3.4GHz Intel Core i7, 16GB RAM, 2GB Video Card, 2TB HDD
    I always thought you changed your DNS settings in the router settings menu and not on the computer itself. I am no networking expert though.

    To get to the router settings on a Linksys router (it's different for each brand so look up how to do it for your router brand) you open Safari on a computer connected to the network and in the URL box type "192.168.1.1". It will bring up a window asking for your username and password. Username is left blank and the password is "Admin". This will take you to the router settings where you can adjust the DNS (I think) and DHCP settings on the network.

  4. #4


    Member Since
    Jun 27, 2012
    Posts
    7
    I tried that Adric and I'm getting nothing, a 'failed to open page' with Safari because the server where the page is located isn't responding. I'll check it for my router brand as well.

    Thanks for the prompt reply guys.

    The router I have is a Motorola Surfboard cable Modem.
    Also I just read somewhere that I can type new DNS servers into the empty DNS server boxes but I'm not sure if this is enough to override and replace the bogus DNS servers.

  5. #5

    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    50,239
    Specs:
    Late 2013 27" iMac, iPad 3, iPhone 6s+, iPhone 6+, 3 iPods, Sierra
    The router I have is a Motorola Surfboard cable Modem.
    A cable modem is not a router unless that particular model has both combined into one unit. I just took a look at several Motorola Surfboard modems and they do not include a router. You didn't include your model number otherwise I could have looked a bit deeper.

    Anyway, you should be able to change your DNS settings from System Preferences, Network, WiFi, Advanced, DNS.

  6. #6

    cradom's Avatar
    Member Since
    Feb 14, 2004
    Location
    Groves, Texas
    Posts
    4,614
    Specs:
    21in. iMac 10.11 --- HP Linux Mint 18
    Quote Originally Posted by Feisty411 View Post
    Also I just read somewhere that I can type new DNS servers into the empty DNS server boxes but I'm not sure if this is enough to override and replace the bogus DNS servers.
    If all you have is a cable modem and your DNS "boxes" are blank, you do not have rogue DNS servers. Also this the ip to the Motorola cable modem: 192.168.100.1 ... but you wont find any settings to change there.
    One manís theology is another manís belly laugh.
    -Lazarus Long

  7. #7


    Member Since
    Jun 27, 2012
    Posts
    7
    Sorry to be so ignorant about my hardware. Never had a problem before with my Mac in the 7 or 8 years I've had it.
    The only other bit of hardware I have with my Mac is the Motorola Sufboard cable Modem. The model number is SB5101E. And I assume the router is a physical piece of hardware so I assumed the Motorola was the router/Modem.

    cradom when I used Terminal in Utilities to check what DNS servers my computer was using it came up with 2 of the rogue DNS servers which are 85.255.114.85 and 85.255.112.25. Also I am still getting the alert that my Mac's infected.

    This is the website that tells you how to check if you're still infected by the malware and how to fix it (up to a point) "www.dcwg.org/" and here is a site that tells you what the rogue DNS servers are: DNSChanger Notification

    And here's an a recent article on it: Google warns users infected with DNSChanger as Web outage nears - PC Advisor

    I really appreciate your help, guys. If someone here can't help I'll just have to keep searching the net

  8. #8


    Member Since
    Jun 27, 2012
    Posts
    7
    My last post has to be looked at by the mods so it's not on here yet, but I do have an update. I was advised to go into Utilities and Terminal to input the command "sudo nano /etc/resolv.conf." Then to enter my Admin password. It then comes up with my servers and I'm able to delete the bogus ones. Then press Control - x. You're asked if you want to save your changes and you press y and then restart your Mac. It all worked up until I pressed y. I wasn't able to exit Terminal after that as it seemed to want me to write the file name. It said: "File Name to Write: /etc/resolv.conf." If I try to close and exit it tells me that it will terminate the "processes working inside, login, bash, nano." So I end up having to 'terminate' or cancel the whole process. I also sometimes get the added line: "cpc10-dals18-20-cust331:~" in Terminal.

    I don't want to write anything for the file name, (if that's what it's asking me for) in case I get it wrong and mess it up. Does anyone know what to do when you get to this point? Because it seems as this will work and help me to delete the bogus DNS servers from my machine if I can just get past this bit. Thanks.

  9. #9

    cradom's Avatar
    Member Since
    Feb 14, 2004
    Location
    Groves, Texas
    Posts
    4,614
    Specs:
    21in. iMac 10.11 --- HP Linux Mint 18
    It's asking you if you want to save the file. Just press enter again and it will save and quit. Then you can quit Terminal.
    Actually you need to press Control-o to write out the file and then control-x to quit nano. No need to type in a filename, it assumes the one you opened.
    One manís theology is another manís belly laugh.
    -Lazarus Long

  10. #10


    Member Since
    Jun 27, 2012
    Posts
    7
    Thanks for replying, cradom.
    Something's not right. I'm so close to sorting this and it's so frustrating that I'm at this last hurdle and it won't work. I'll go through what I'm doing so far from advice given elsewhere:

    In Terminal type sudo nano /etc/resolv.conf
    Enter password
    Delete bad DNS servers
    There are 4 lines. The last 2 are the rogue DNS servers added by the malware. The first 2 are my ISP's DNS servers that I called and asked them for. The cursor is at the beginning of the first line so I have to use the back arrow to scroll down 4 lines to the last number of the last line of rogue server then use the backspace arrow to delete the 2 lines of the bad DNS servers.
    Press Control - x to exit
    Doing this jumps me straight into a highlighted question: "Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?" I'm given the highlighted options of yes, no or cancel.
    Then press y to save changes
    Pressing y for yes jumps me straight into the highlighted line "File Name to Write: /etc/resolve.conf." I cannot come out of this highlighted line. I can only move the cursor along this line to the beginning of " /etc..." This is where the problem starts.I was advised to press y again but that only adds the letter to the line. I pressed Control - O as you advised but nothing happens - presumably because it's not one of the options below. The only options I have at this point, which are also highlighted with this line are:
    Control - G Get Help
    Control - T To Files
    M-D DOS Format
    M-O Mac Format
    M-A Append
    M-P Prepend
    M-B Backup File
    Control - C Cancel

    So I only get as far as saving the file. It seems to accept the save up to a point but then it wants me to do something else. Add to the name of the file? If I do add to the file name, then press return, it jumps to "File exists, OVERWRITE ?" with the options yes, no or cancel. I don't dare choose any of them. If I try to close nano and exit I get the "closing this window will terminate the following processes inside it: login, bash, nano."

    I can't do anything except to close and terminate because I can't complete the process of deleting the rogue DNS servers.

    What do you think? Are all the steps in this process correct?

  11. #11


    Member Since
    Dec 11, 2010
    Location
    Chicago
    Posts
    1,513
    Specs:
    late 2012 mini w/SSD
    cradom was trying to simplify things for you by doing ctrl-o (output=write the file) before ctrl-x.

  12. #12

    cradom's Avatar
    Member Since
    Feb 14, 2004
    Location
    Groves, Texas
    Posts
    4,614
    Specs:
    21in. iMac 10.11 --- HP Linux Mint 18
    Quote Originally Posted by Feisty411 View Post
    Thanks for replying, cradom.
    Something's not right. I'm so close to sorting this and it's so frustrating that I'm at this last hurdle and it won't work. I'll go through what I'm doing so far from advice given elsewhere:

    In Terminal type sudo nano /etc/resolv.conf
    Enter password
    Delete bad DNS servers
    There are 4 lines. The last 2 are the rogue DNS servers added by the malware. The first 2 are my ISP's DNS servers that I called and asked them for. The cursor is at the beginning of the first line so I have to use the back arrow to scroll down 4 lines to the last number of the last line of rogue server then use the backspace arrow to delete the 2 lines of the bad DNS servers.
    Press Control - x to exit Don't do this, instead press control-o to save your changes. THEN press control-x to quit Nano.
    Doing this jumps me straight into a highlighted question: "Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?" I'm given the highlighted options of yes, no or cancel.
    Then press y to save changes
    Pressing y for yes jumps me straight into the highlighted line "File Name to Write: /etc/resolve.conf." I cannot come out of this highlighted line. I can only move the cursor along this line to the beginning of " /etc..." All you need to do here is press 'ENTER' to save changes. Don't move the cursor.This is where the problem starts.I was advised to press y again but that only adds the letter to the line. I pressed Control - O as you advised but nothing happens - presumably because it's not one of the options below. The only options I have at this point, which are also highlighted with this line are:
    Control - G Get Help
    Control - T To Files
    M-D DOS Format
    M-O Mac Format
    M-A Append
    M-P Prepend
    M-B Backup File
    Control - C Cancel

    So I only get as far as saving the file. It seems to accept the save up to a point but then it wants me to do something else. Add to the name of the file? If I do add to the file name, then press return, it jumps to "File exists, OVERWRITE ?" with the options yes, no or cancel. I don't dare choose any of them. If I try to close nano and exit I get the "closing this window will terminate the following processes inside it: login, bash, nano."

    I can't do anything except to close and terminate because I can't complete the process of deleting the rogue DNS servers.

    What do you think? Are all the steps in this process correct?
    Fixed things for ya.
    One manís theology is another manís belly laugh.
    -Lazarus Long

  13. #13


    Member Since
    Jun 27, 2012
    Posts
    7
    I followed the instructions with your added info and it all went according to plan. I restarted my Mac, but when I used cat /etc/resolv.conf to check, the 2 rogue servers were still there - even though I deleted them in nano. If Control - O is the same as saving, then why are the servers still there? And beneath them had been added the line: cpc10-dals18-2-0-cust331:~ What does that mean? And why has Terminal added it? Maybe it's an error code of some kind.

    I'm so tired of this. I've been working on it for a week now.
    cradom, thank you so much for all your help. If you can shed any further light on this that would be cool. Maybe the rogue servers can't be deleted in this way. Can't be that easy! Maybe it does have to be done by the ISP or through the actual router, except I've got a Motorola Surfboard Cable Modem that has no manual reset, so I may have to try to speak to their technical support team.

  14. #14


    Member Since
    Jun 27, 2012
    Posts
    7
    Smile All sorted now!
    Oh finally!! Sorted!
    I didn't need to do anything with my cable modem/router in the end.

    I'd like to thank everyone for their advice and help on this. It was much appreciated. In the end it was using crontab that did it for me and in case anyone new has a problem with this in the future, this was the process:


    Go into Utilities in Applications and open the Terminal app
    Type cat /etc/resolv.conf to check what servers you have
    To delete the rogue servers from here type sudo nano /etc/resolv.conf.
    Enter your password.
    Delete rogue servers. You have to scroll with your cursor to get to the end of the line and then delete from there.
    Press Control - O to write out and save changes
    Press Control - X to exit.
    Restart machine.

    This actually didn't work for me personally. So after more searching, help and advice, I got this process:

    Go into Terminal
    Type sudo crontab -l (That's the letter ell) This shows what entries are in the directory. In mine, the malware script showed up as /Library/Internet Plug-Ins/QuickTime.xpt. If you have more than the malware entry in there, you will want to edit and delete. To do this for a single line:
    Type sudo crontab -e. Use arrow key to navigate to line. I scrolled to end of line.
    Type dd to delete the line
    Type wq and press Return to write out the file and quit.

    I had only the one entry and that was the malware script so I was able to use sudo crontab -r which will delete everything in there, so you have to be careful with it. After that I also flushed the cache. For Tiger you go into Terminal and type lookupd -flushcache. This is like a reset. Two extra servers showed up and I assume they are the original servers that were there - which means that when I called my ISP to ask for the servers they used, they gave me 2 different ones from the original. Whatever.

    I restarted my machine and the google alert was gone. I checked out the site that tells you if you're still 'infected' and the background was green. I'm clear.

    Thanks everyone!

  15. #15


    Member Since
    Jul 10, 2012
    Posts
    3
    Unhappy password section won't budge !!
    Hello y'all,

    I've been reading this threads and trying all means. Yes, I'm uber desperate.

    I typed sudo nano /etc/resolv.conf and it prompted for my password. But I can't seem to type anything!! What's wrong? Each time I pressed "enter", it says password is incorrect. I mean, duh. It doesn't even allow me to type anything.

    I'm stuck in that section and hopefully the rest will work smoothly!

    Thanks guys!

    Ps: device used - macbook pro OS 10.4

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DNS Issues - Open DNS works with Facebook - ISP DNS does not
    By David A in forum OS X - Operating System
    Replies: 3
    Last Post: 09-16-2009, 04:12 PM
  2. DNS settings problem when connecting my XBox via ethernet
    By benne252 in forum OS X - Apps and Games
    Replies: 0
    Last Post: 08-11-2009, 01:06 PM
  3. Mac os 9.2 flush dns change
    By lsharp in forum Running Windows (or anything else) on your Mac
    Replies: 0
    Last Post: 10-03-2008, 06:08 AM
  4. locating my dns server
    By jon_p in forum Switcher Hangout
    Replies: 8
    Last Post: 03-25-2006, 02:22 PM
  5. DNS,Proxy Server and etc
    By droc in forum Web Design and Hosting
    Replies: 4
    Last Post: 05-11-2005, 11:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •