I've been researching and fighting a problem that has been occurring on my home network for the past couple of weeks. I've seen this behavior mainly on my desktop computer where a browser window will open warning me that I need to update the flash player for security reasons. I'm a seasoned IT professional so I knew this was malware right off the bat and started performing scans of my computer. Both Malwarebytes and my Vipre antivirus have come back stating that my computer is clean but the problem is still happening. The most confusing aspect about this problem is that this behavior is occurring across multiple devices and platforms.
While browsing the net on my iPad, links within a trusted retailer website took me to radically different advertisement webpages. My finance has experienced the same behavior on her Kindle HD and I've also noticed the same behavior on my Motorola RAZR M smartphone. Each time this happens it's only at our home and when we're connected to our LAN (my smartphone doesnt show this behavior if I'm on a different Wi-Fi or using my data plan).
I've checked my router and it doesn’t appear as though any changes have been made. The DNS settings don’t appear to have been changed (though I'm tempted to update them to 220.127.116.11 and 18.104.22.168 tonight when I get home). All of my passwords and settings for the router were intact and it doesn’t appear to be tampered with. Aside from resetting the router back to factor specs I can’t think of what I can do to fix this problem.
The list of equipment affected so far is:
Desktop: Windows 7 SP1 using IE 9 and Firefox 29
Laptop: Windows 7 SP1 using IE 9
iPad, 1st Gen using Safari
Amazon Kindle HD, Android 4.1.2 using embedded browser
Motorola RAZR M, Android 4.4.2 using Chrome 35 mobile
I've performed both Malwarebytes scans and Vipre antivirus scans on my desktop computer and they keep coming back clean each time. I've even gone so far as to uninstall unused programs to cut down on the number of files the software has to scan so I can save time. I've checked the router to confirm that it hasn’t been tampered with and it appears (from what I can tell) that everything is fine.
Has anyone heard of a virus that affects a router to redirect browsers to infected websites or advertisement pages? I can’t think of what else could be causing this kind of behavior. Please let me know if there is any additional information I can provide that would help.