trojan.DnsChange has the  functionality to access the internet and communicate with a remote server via HTTP. It can download files from a remote server and may execute them. DnsChange may modify the Windows System Restore Area, causing it to create infected restore points.  Modifies the Windows registry by changing DNS entries, so that it can communicate with remote servers. 

What it Does:

• Has the functionality to access the internet and communicate with a remote server via HTTP.
• Downloads files from a remote server and may execute the files that have been downloaded.
• Modifies the Windows System Restore Area, causing it to create infected restore points.
• When program is run (usually by user executing the file), the file would copy itself to the Windows System directory and may remove itself from the directory it originally existed in.
• Modifies the Windows Registry by changing DNS entries. Values such as 85.255.112.132 and 85.255.113.13 are associated with the Trojan.DnsChange infection.
• Adds itself to your computer's registry so that the infection runs when Windows starts.

How It Infects:

Trojan.DnsChange does not have a specific means of distribution.

How To Avoid Infection:
Do not click any unexpected links in instant messages. Do not download email attachments from unexpected sources. Do not download unknown files or files from unknown sources. Scan all downloaded files with StopSign and ensure that all updates are installed from Microsoft's Windows Update.

Vulnerable Operating Systems:
Windows 95/98/Me/NT/2000/XP

Type:
backdoor Trojan

Technical Name:
Trojan.DnsChange.Trojan

Aliases:

TR/Agent.QB.17
Win32:Small-BHP
Generic.YGM
MemScan:Trojan.Agent.QB
Trojan.DNSChanger
Trojan.Small-267
Win32.Polipos.sus
Win32/Alureon!generic
Trojan.Small.fb
Agent.BC!tr.spy
W32/new-malware!Maximus
Trojan.Win32.Small.fb
Downloader-ARR
Win32/Alureon.A
Win32/Small.FB
W32/Smalltroj.IPT
Trj/Ruins.MB
Covert.Sys.Exec
Troj/RuinDl-U
Trojan.Win32.Small.28DA
Trojan.Win32.Small.fb
Trojan.Small.DFY