Trojan.DNSChanger.ACMB2
Short bio
Trojan.DNSChanger.ACMB2 is Malwarebytes’ generic detection name for changes made by a type of Trojanon users’ DNS settings on affected Windows systems.
Type and source of the infection
The changes made by the DNS-changing malware can be found in the registry values called NameServer under the keys:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{GUID of the interface}
and
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters
Protection
Home remediation
Malwarebytes can detect and remove Trojan.DNSChanger.ACMB2 without further user interaction. The removal also takes care of some required actions to undo other changes:
- Reset the DNS settings to something safe
- Clear the browser cache
- Remove the jobs (Scheduled Tasks) that were responsible for the change (if still present)
Procedure:
- Please download Malwarebytesto your desktop.
- Double-click MBSetup.exeand follow the prompts to install the program.
- When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantineto remove the found threats.
- Reboot the system if prompted to complete the removal process.
Business remediation
How to remove Trojan.DNSChanger.ACMB2 with the Malwarebytes Nebula console
You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.
Nebula endpoint tasks menu
Choose the Scan + Quarantine option. Afterwards you can check the Detections pageto see which threats were found.
On the Quarantine pageyou can see which threats were quarantined and restore them if necessary.