Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Router infection?


  • Please log in to reply
10 replies to this topic

#1 emeraldmagic

emeraldmagic

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 05 October 2010 - 02:56 PM

Hello I've been doing so much research on this "Wordslife", "google.analytics" etc issue because i have it, but the thing is that my virus scans and malware scans show that there is nothing wrong! another interesting thing is that this issue only occurs on my home wireless connection! interestingly, i never have any of these issues when i'm on a network other than my own. Even when im browsing on my iphone on my own wifi the same issue occurs. im suspecting that my router is the culprit. please help!

thank you very much in advance!

- John

BC AdBot (Login to Remove)

 


#2 emeraldmagic

emeraldmagic
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 05 October 2010 - 04:38 PM

can somebody please help?

#3 m1garand

m1garand

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 05 October 2010 - 04:51 PM

This may remove the redirects but it will NOT remove the malware so you'll have to wait for the malware response team/moderators/bc advisors to post. Search up the default ip adress and the username and password for your specific router model and write them down. Take a pin/sharp object and poke into your routers hole/reset button. Then quickly run up to one of your computers, log into your router and change the login password to your router to something that can't be found in a dictionary and also change the password to your wireless network. Write down the passwords on a piece of paper and store them in a hidden but memorable location so you can use them in the future.

Edited by m1garand, 05 October 2010 - 04:51 PM.


#4 emeraldmagic

emeraldmagic
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 05 October 2010 - 05:21 PM

thank you m1grarand!
i will do what you have suggested and do what you have explained and also wait for the moderators to check on the situation.
my only question is, how did the infection happen in the first place? my password for the router is very unique :thumbsup:

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:34 AM

Posted 05 October 2010 - 07:07 PM

Hello this is my reply to Router infections. It adds a bit more to m1garand's approach as it will clean too.

The problem is actually based in your router and that in turn is infecting all the other computers on your network, if there are others.
Here is the entire fix(from the beginning) that you will need to run on each PC.

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 emeraldmagic

emeraldmagic
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 05 October 2010 - 11:35 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/5/2010 9:34:29 PM
mbam-log-2010-10-05 (21-34-29).txt

Scan type: Quick scan
Objects scanned: 115202
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 m1garand

m1garand

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 06 October 2010 - 02:42 PM

You do not have the latest malwarebytes virus definitions, which means that any viruses created after the release of mbam 1.46 (so any malware released after april) will go by undetected. So, you must open up malwarebytes, click on the update tab and click on the "check for updates" button and rescan your computer.

#8 emeraldmagic

emeraldmagic
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 06 October 2010 - 04:45 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4759

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/6/2010 2:42:05 PM
mbam-log-2010-10-06 (14-42-05).txt

Scan type: Quick scan
Objects scanned: 135198
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:34 AM

Posted 06 October 2010 - 07:14 PM

Are you still having re directs??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 emeraldmagic

emeraldmagic
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 08 October 2010 - 02:24 PM

none so far! thank you all very much!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:34 AM

Posted 08 October 2010 - 03:06 PM

Let;s take one last look and be sure.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users