High Nessus Network Monitor Plugin ID 7055
DescriptionThe remote host was observed performing DNS lookups to an IP address that is included in the DNSChanger rogue servers. This indicates that the remote host is infected with DNSChanger. DNSChanger hijacks DNS settings on a system causing the host to query the DNSChanger rogue servers.
SolutionManually inspect and clean the system.