Forum Discussion

cindydavid's avatar
New Contributor

Compromised Computer Notification from Cox Communications - DNSChanger

I have been receiving the below email for the last few months regarding the DNSChanger.  The first time we checked everything it told us to do.  Continued to receive them. Upgraded Norton, who assured me that the upgrade will take care of DNS. Still receiving email.  Went to the phone number for tech help and its basically an advertisement for Cox Tech Help, which is fine if I really needed it but I am not sure I do.  So my questions are 1) is this for real or is it spam? 2) are my devices indeed compromised and how would I know? and 3)Will Norton definitely take care of this?  If i must I'll use the tech site, but want to make sure before I spend more money. Thanks.

 Cox Communications proactively notifies customers when our systems indicate a device on your home network may be infected with a virus.

You are receiving this notice because our security systems have detected that one or more devices on your network is, or was, infected with the "DNSChanger" virus.

DNS means Domain Name System. It is the service that makes browsing the Internet possible.

The DNSChanger virus has the ability to change your DNS settings. This virus can redirect your legitimate Internet browsing traffic to multiple malicious web sites that attempt to steal personal information or download additional viruses/malware. This malicious software affects both Windows and Mac OSX systems.

Please follow the steps below to clean the virus and correct your DNS settings:
1. Scan and clean all your devices with an antivirus / antimalware program.
        o The Microsoft Safety Scanner (Note this is not the same thing as the Microsoft Malicious Software Removal Tool) located at:

2. Reset your IP settings on all devices and routers to use DHCP which will empty your DNS settings and allow you to use the correct Cox DNS servers automatically.
        o Simply cleaning the virus will NOT resolve the DNS setting issue.

If you are using a Wireless Router, for additional information, please visit:

If you need further assistance, Cox offers premium technical support at reasonable rates. Visit Cox Tech Solutions at or call 877.TEC.SOLV (832.7658) to get started.

2 Replies

Replies have been turned off for this discussion
  • Don't spend money.

    Look it up. It is an ages-old virus. Perhaps someone has repurposed it. Regardless, you can fix it if it is there. It sure seems to me Cox is getting false positives, and they don't care to correct their detectors. 

  • Hi Cindydavid,

    I can verify that these emails are legitimate. We notify customers when their computer systems may be infected with a virus or other malicious software. DNSChanger is a virus that compromises Windows and Mac OS computers by redirecting legitimate Internet browsing traffic to multiple malicious websites that attempt to steal personal information or download additional viruses or malware.

    There are many forms and versions of this malicious software, and no utility can effectively detect and remove all versions of this software from all operating systems at this time. Have you run full system scans on each of your devices? Have you followed the steps to reset your IP settings on all devices?

    We recommend the Microsoft Safety Scanner, as it has been known to remove many versions of the DNSChanger virus. (Note: this is not the same as the Microsoft Malicious Software Removal Tool.) Make sure you have cleared any DNS settings that the virus added, and to set your devices to automatically detect the correct Cox DNS servers. Reset the IP settings on all impacted devices and routers to use DHCP.