Dns Lock is a tiny free tool which prevents malware (or anything else) modifying your IPv4 DNS server addresses.
Launch the program and you're prompted to enter your preferred primary and secondary DNS server IP addresses in a box, separated by commas.
Dns Lock also offers you Google DNS and OpenDNS IP addresses by default. It doesn't explain what these are, which is going to confuse novices, but as they're not the target audience anyway that may not matter too much.
Once you're happy, click "Install Service", your DNS settings are updated, and Dns Lock installs itself as a service to monitor and protect the addresses.
To test this, we went to Control Panel > Network and Internet > Network Connections, right-clicked our network adapter, selected Properties, right-clicked TCP/IP IPv4 and selected Properties. We changed our DNS settings to "Obtain... automatically", clicked OK, and everything appeared to work as normal, but when we returned to the dialog the protected IP addresses were back.
To remove this protection later, run Dns Lock later and click "Uninstall Service".
If you lose the initial executable, or can't run it for some other reason, Dns Lock can also be disabled or managed like any other Windows service. Launch the Services applet (services.msc) and scroll down to DNS-Lock... to view its options.
[Fixed] – Cpu usage is between 0,003 – 0,005 (reduced)
[Fixed] – Many false positive warning
[Fixed] – A minor code BUG