Has Google said your PC is infected with DNS Changer malware?

Google reckons that up to 500,000 internet users, whose computers were impacted by the DNS Changer malware, will see the following message in the next week alone:

Google warning message

Your computer appears to be infected

We believe that your computer is infected with malicious software. If you don’t take action, you might not be able to connect to the internet in future.

Learn how to remove this software.

Let’s backtrack a little and explain why this is happening.

Sign up to our free newsletter.
Security news, advice, and tips.

Until November last year, a group of cybercriminals were using a bunch of rogue DNS servers to redirect PCs infected with a family of malware called DNS Changer to webpages and adverts that helped them make money.

The FBI seized control of the servers, and made them harmless. But hundreds of thousands of affected computers continue to use them. As we’ve described before, the FBI is going to shut down the servers on July 9th – meaning that those computers, if their owners do nothing about it, could lose access to the internet.

The best solution is for those affected to fix the DNS settings on their computers, but a method has to be found to inform those internet users who are impacted. And that’s why Google is joining the awareness campaign.

I think we should applaud Google for what’s it doing, as anything which warns computer users about genuine security issues has to be a good thing.

But, sadly and inevitably, there is clearly the potential for cybercriminals to mimic the Google warning and direct users to dangerous downloads and scams.

The danger is that many people may know what their own anti-virus software looks like when it displays a warning, but may be less familiar with how the Google warning presents itself, and where it links to.

I hope we won’t see any cybercriminals try to take advantage of Google’s initiative in the hope of lining their own pockets.

Sophos products detect various variants of the DNS Changer malware under names such as Troj/DNSChan-A.

Furthermore, Sophos products can detect if your computer is one of the ones whose DNS settings have been meddled with – identifying them as CXmal/DNSCha-A, and help repair the damage.

And, if you want to be proactive and see if your computer is one of those which might be affected on July 9th, you can check via the DNS Changer Working Group website (DCWG).

The FBI also has a look-up form on its own site.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.