The Australian Communications and Media Authority has warned that up to 10,000 internet users locally remain infected by DNSChanger malware.
The ACMA has set up a local DNSChanger check-up site to inform users who may not realise they have been infected.
The malware was allegedly used in an internet advertising scam that infected four million computers in 100 countries, according to FBI statistics.
It redirected legitimate searches by computer users to malicious sites via rogue DNS servers.
Six Estonian nationals have been arrested and are currently subject to extradition procedures to bring them to the United States to face charges.
US authorities have interim control of the rogue DNS servers but expect to shut them down on July 9.
After that time, any computer still infected with DNSChanger - and thus trying to route all requests through the rogue servers - will not be able to connect to the internet.
The July cut-off date is four months later than originally planned, after a US court granted an extension to help authorities deal with the number of still-infected machines.
Internet security teams globally have been working to identify and clean infected computers.
The ACMA joined CERT Australia and the Department of Broadband, Communications and the Digital Economy to host a local version of the same DNSChanger diagnostic tool used elsewhere in the world.
Users can visit dns-ok.gov.au to see if they are infected.