This is in continuation with

this

post on FBI shutting down the stand-in DNS Servers on March 8, 2012 and its
implications

In short, the computers affected by the DNSChanger Trojan
will not be able to connect to the internet after March 8 until the DNS
Settings have been fixed. The DNS Checker tool discussed in the above blog post
helps you primarily find whether your system is infected with the DNSChanger
Trojan. You will have to fix your DNS Settings manually to be able to connect
to the internet.

At ManageEngine, we understand the pain of identifying the
affected computers manually and fixing them. We have come up with a script that
will help you identify and fix the affected computers at once. The script can
be executed on multiple computers using ManageEngine Desktop Central

The script can be executed silently (without user input) on
remote computers to:

• 
  Check whether the computer is affected
  
• 
  Check and reset the DNS setting to obtain DNS
  automatically
  
• 
  Check and change the DNS Servers with the given
  IP addresses
  

Steps to Fix the Affected Systems

 

1. 
   Download
   
   
   this script
   
   
   and rename it to dnschangermalwareremoval.vbs
   
2. 
   Login to Desktop Central web client
   
3. 
   Select Configurations –> Configuration –> Custom Script (under
   Computer Configurations). This opens the Custom Script Configuration screen for
   computers. Specify the following
   

1. 
   Name and description for the configuration, say
   DNS Changer
   
2. 
   Under Define Configuration, choose Create
   
3. 
   Select script location as Local and browse to
   choose the script that you have downloaded
   
4. 
   Specify the Script Arguments as below
   

1. 
   –silent –scan
   
   
   to scan and identify the affected computers
   
2. 
   –silent –fix
   reset
   
   
   to identify the affected computers and to reset the DNS settings to
   obtain the DNS automatically
   
3. 
   –silent –fix
   ,
   
   
   to identify the affected systems
   and change the DNS settings to the ip addresses specified here.
   

Select


Once


as Execute option

Choose the target computers to run the script

Click Deploy

After successful execution of this configuration
(the state of the configuration should be


Executed
(Failed)*


), you can verify the status of the execution on individual
computers as below:

1. 
   Click Configurations tab and click on the
   configuration name
   
2. 
   Click the “View Complete Execution Status” link
   available below the Execution Summary graph
   
3. 
   Verify the remarks column of the individual
   computers to check the status:
   

1. 
   20001 – refers to the systems that are affected by
   this Trojan
   
2. 
   20002 – refers to the systems that are not
   affected by this Trojan
   
3. 
   20003 – refers to the systems that are affected
   and have been successfully fixed
   
4. 
   If you have chosen to scan and fix and if you do
   not see any of the above error codes and find some description here, it means
   that there were some problems encountered while executing the script. Read the
   description to fix or try running the script manually in one of the computers
   with the given arguments.
   

*This script is being rolled out as a quick fix to the
problem using the current configuration framework without requiring you to upgrade your existing Desktop Central build. 
Handling this properly would call for agent upgrades, which might
require some additional effort and time.

We hope that Desktop Central users can make use of this
script to automate and fix the DNS problems.

Sit back and relax while we work for you!

For any assistance, contact desktopcentral-support@manageengine.com

Cheers

You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com

The original article/video can be found at Worried of FBI’s Blackout? Let ME help you to fix your DNS