More than one in 10 Fortune 500 companies still have computers infected with DNSChanger malware, according to estimates by Internet security firm IID.
The firm also estimated that around four percent of "major US Government" agencies also still have infected machines, a figure which has been steady for almost three months.
DNSChanger redirected legitimate searches by computer users to malicious sites via rogue DNS servers.
US authorities have interim control of the rogue DNS servers but expect to shut them down on July 9, after which infected computers won't be able to connect to the Internet.
The number of infections has been slowly reducing over the past few months. However, it is expected up to 300,000 Internet users worldwide could face connection problems when the DNS servers are switched off next week.
It remains unclear whether the FBI will be granted a further extension by a US Court to operate the DNS servers while infections continue to be identified and removed.
Six Estonian nationals have been arrested and are currently subject to extradition procedures to face charges in the United States over DNSChanger.