Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

flash update virus - damaged router?


  • Please log in to reply
10 replies to this topic

#1 Paul_g

Paul_g

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 March 2014 - 04:48 AM

Hi all,
I'm new to this forum. I'm here as I have no idea how to get my network back online again (I'm using a 3g phone to type this) after getting an infection.

A few days ago my PC started to get pop-ups stating "warning! Your flash player may need to be updated". Initially I clicked the link and downloaded a file. This file looked suspect upon opening (no publisher name) so I did not continue installation. I deleted the file.

The pop-ups continued, on Firefox and IE, on pc, tablets and phones. I did some scans using Windows defender, nothing found. Internet connection was ok at this point.

The following day my internet connection was down. I can connect to my router (tp-link td-w8901g), but access is "limited" and there is no internet connection. Router appears to have a connection. My ISP confirmed that connection is ok. I have tried wireless and Ethernet, but no luck.

I tried several adware programs, downloaded onto a sub elsewhere - adwcleaner, some others. They picked up a few things, but this didn't solve the problems.

I have since reset the router. I have used system restore, which didn't help. I have now reset pc to factory settings. Still no connection.

I can't access the printer's menus or reinstall the drivers. I'm not sure what to do now. I can't install most security software as I can't get online.

Does anybody have any advice?!?!?!

BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 08 March 2014 - 05:05 AM

G'day Paul_g, and Welcome to BC

 

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

 

 

If no luck, then please try this.

 

comintrep.zip


Edited by Condobloke, 08 March 2014 - 05:09 AM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 BInarybaited

BInarybaited

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 08 March 2014 - 05:27 AM

you can flush the dns but if theres  someone trying to hack into your system you will need to check the settings on all your network adapters to make sure they arnt changed..one little adjustment could change the settings completely

this problem drove me nuts for a week .check your log errors as well and see if anything has changed manually.. best to put all net adapters  on auto for starters if the flush doesn't work.also go into device manger and click view hidden  files .and check for bogus adapters.



#4 Paul_g

Paul_g
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 March 2014 - 05:54 AM

Thanks for your help people!

Condobloke: I ran the commands, some didn't seem to work but most did something. Still offline though, so ran the program (Bluetoothed from phone), sadly it still isn't working.

Blnarybaited: I'm not sure what the adapter settings were or should be, how to check log errors, or change adapters to auto in Windows 8. I've hunted through control panel and network menus. Bit of an amateur! Think I'm out of my depth

#5 Inveryes

Inveryes

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 08 March 2014 - 07:00 AM

I had this exact same problem last week and have the same router as you do.

 

I had difficulty accessing the router settings as it repeatedly asked for my username and password, but eventually I did get into them.

 

I found that, under Interface Setup, LAN, my username and password were showing blank.

 

I entered the correct details again.

 

Also, under Interface Setup Wireless, the encryption setting had changed to None.

 

Again I entered the correct details and re-entered the Pre-Shared Key details, saved the changes and also changed my user and password again ( the ones that are initially admin and admin).

 

After this, everything worked fine again.

 

I ran several scans with McAfee, Malwarebytes, CCleaner, HitManPro but nothing was found so I'm not entirely confident that something isn't still lurking somewhere, but all appears to be working OK.

 

Now I'm certainly no expert and am not recommending you do anything. Just sharing my experience.



#6 Paul_g

Paul_g
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 March 2014 - 08:05 AM

Thanks Invereyes. I've now managed to get back into the router menu to alter settings. Passwords are now set, I've gained access to the internet again. Now I'll be downloading and running some anti-spyware stuff.

Thanks everybody, you've been very helpful, very quickly. I'll be back if it doesn't work out!

#7 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 08 March 2014 - 05:28 PM

You should read this ::

 

http://www.bleepingcomputer.com/forums/t/526443/more-hacked-routers-brand/.  the link immediately below gives good background and shows the routers affected, etc

Also please read MrBruce1959's suggestion at post no.5 ....if you have any questions /dramas reply to that topic and I am sure he will be only too pleased to help.

Also cat1092's post no.9 offers good advice.

 

Regards,


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#8 BInarybaited

BInarybaited

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 09 March 2014 - 08:03 AM

Awesome.congats . I am still dealing with this problem and good idea to tighten up security .somebody
changed your settings keep an eye on them ,I had to redo all mine again on both my g.f and mine .hers was set for an address 169.254.208.99 I traced the address and its from the states, I was shocked when I found a shortcut connection in my user folder and was turned on to sharing.when I know I had sharing turned off .the connection was changed to homegroup .I could not change it back.I think the registry
was altered because there are 000000000 in the network address box that I couldn't get rid of .
my last resort was a system restore.its working so far . unbelievable.!!!!

#9 musicrab

musicrab

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 10 March 2014 - 08:15 AM

The OP may have fixed his problem but we had the same "Flash out of date -needs updating" on a random selection of devices/platforms.

Reason - manually defined DNS (cannot remember if it was google or openDNS) - but whoever it was, it was buggered.   Set back to "ISP defined DNS" and all's well again.



#10 Inveryes

Inveryes

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 10 March 2014 - 01:47 PM

The OP may have fixed his problem but we had the same "Flash out of date -needs updating" on a random selection of devices/platforms.

Reason - manually defined DNS (cannot remember if it was google or openDNS) - but whoever it was, it was buggered.   Set back to "ISP defined DNS" and all's well again.

 

The two options I have are:

 

Use User Discovered DNS Server only

 

and

 

Use Auto Discovered DNS Server only

 

Which should I select?

 

The Primary DNS Server IP address showing on my router was 50.63.128.135 which appears to belong to GoDaddy.com in Arizona.


Edited by Inveryes, 10 March 2014 - 01:52 PM.


#11 musicrab

musicrab

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 10 March 2014 - 02:05 PM

"Use Auto Discovered DNS Server only"  should be fine (your ISP sorts its out unless I'm mistaken).

 

EDIT: I am 99% sure this wasn't a (local) router hack but reports are that TP-LINK routers are involved. Can these be hacked without installing malware on a client computer?  I have no idea but we haven't seen any virus or malware on our clients.


Edited by musicrab, 10 March 2014 - 05:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users