Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirection


  • Please log in to reply
1 reply to this topic

#1 slyde

slyde

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 25 August 2011 - 09:28 AM

I have several PC's all running windows XP SP3 and Avast antivirus(Pro/managed) that have been having trouble connecting to network drives etc.the users did not point the issue out until the issue got a lot worse. at least three PCs on the network get messages about Internet explorer needing to be updated before they can browse the Internet(appears to be a false claim, however some users click the upgrade button), Pinging any site brings back one of a handful of IP addresses, typically 188.229.89.121. On at least one of the infected systems avast no longer seems to be installed (was working fine yesterday and today it is no where to be found). I have re-installed avast, scanned, and found nothing. I have also tried using malware bytes anti malware, hijackthis, combofix, avira antivir, hosts expert, super anti-spyware, and several tools included with ubcd4win and none of them seem to find any problems. I have also used msconfig to check start up items and services and haven't found anything that stands out. I am looking for any suggestions on how to clean this up (hopefully without re-installing windows), I have also tried searching google several times to find more information, however I see that the tools I have already tried usually fix the issue. Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 PM

Posted 25 August 2011 - 01:07 PM

Hello, It appears your router is hijacked by trojan DNS-hijacker.

Download and update MBAM (below) Do not run yet.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.


As there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users