If a machine is infected with DNSChanger, that infection is often accompanied by a rootkit that is very difficult to remove, says Jose Nazario, senior manager of security research at Arbor Networks.

"The safest thing is to nuke the box and reinstall," Nazario says, meaning that the hard drive should be wiped and the operating system and reloaded. "Remediation is one of the toughest challenges we face."

BACKGROUND:

But there are also that can remove the rootkit without having to reformat, says Barry Greene, the former director of Internet Systems Consortium, a volunteer group that has been working on the problem. "A paranoid security person is going to tell you [reformatting] is what you've got to do," Greene says.

DNSChanger has attracted attention , when a major botnet distributing the viruses under the corporate name Rove Digital was taken down by the FBI, NASA Office of the Inspector General and Estonian police. The takedown involved seizing servers in New York, Chicago and Estonia.