Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security
This article explains the security precaution IT Security has taken to block all traffic to a set of malicious servers on the Internet associated with the malware DNSUnlocker. Infected machines will be unable to reach the controlling server, which will have the side effect of degrading service or making the the system unable to access the Internet. To restore service, you must remediate the malware.
The DNSUnlocker malware hijacks a computer's Domain Name Server configuration, redirecting traffic to a malicious external server, injecting ads into webpages visited, and adding an unauthorized root certificate to a computer's certificate store.
If your computer has a Domain Name Server (DNS) that starts with 82.163 (e.g. 188.8.131.52 or 184.108.40.206) or begins with 95.211.158. (e.g. 220.127.116.11 or 18.104.22.168) you are infected with a kind of malware known as DNSUnlocker. From a different system you can reference these online resources on how to see your DNS settings:
If you find yourself infected, your options include:
- Our recommendation in all cases of infection is to back up then reformat/reinstall or restore to a known good state. This is the only way you can be certain your computer is clean.
- As an alternative, since this malware does not try to hide itself, it may be possible to safely remove it:
- Non-technical users should contact your local IT group for assistance. They can follow the instructions below or back up your data and reformat the computer.
- Technical users could refer to this online walk-through guide that allows you to remove this malware yourself: DNSUnlocker removal instructions from BleepingComputer.
If you are unable to successfully remove the malware, IT Security recommends formatting the computer after backing up your data.