DNSChanger Malware Detection
Medium Nessus Plugin ID 58182
SynopsisThe remote host may be infected with malware.
DescriptionDNSChanger appears to be installed on the remote host. This malware configures the host to use rogue DNS servers, which could cause requests for legitimate websites and hostnames to be routed to attacker controlled machines.
Nessus determines the likelihood of infection by comparing the list of DNS servers configured on the host to a list of IP addresses associated with this malware. More information can be found in the linked references.
SolutionUpdate the host's antivirus software, clean the host, and scan again to ensure the Trojan's removal. If symptoms persist, re-installation of the infected host is recommended.