Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe moon worm router infection self replicates, remote access, redirects


  • Please log in to reply
4 replies to this topic

#1 Question_Everything

Question_Everything

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 February 2015 - 08:29 PM

Hi guys after months of wasted time and bald patches I'm confident I have been cursed with this Adobe moon worm virus.

I get redirected, suspicious updates, DNS settings change, I get put on a proxy, slow net, pc, any attempt to download anything it infects even after many clean installs it keeps reviving itself.

To top it off when I'm trying to problemsolve notepad pops up with "hahahahaha"

It appears it can screw with almost anything as previously while trying to log on to my router from my iPhone it would redirect me...

Please help me get rid of this computational herpes.

BC AdBot (Login to Remove)

 


m

#2 Question_Everything

Question_Everything
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 February 2015 - 08:35 PM

Forgot to mention it doesn't like it when you try and update router firmware.

#3 Question_Everything

Question_Everything
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 11 February 2015 - 07:08 AM

No help? :/ 



#4 Xray Lady

Xray Lady

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 February 2015 - 03:27 PM

I don't know if this will be of any help to you but it seems to have worked for me.

 

A few days ago I started getting this pop-up EVERYWHERE and the worst part was that I had no search capabilities on my computer so I couldn't even try to find a solution. After spending countless hours washing my computer with virus removal software I decided to do the one thing I knew would work and start from scratch with a backup image of a clean install. Guess what? After all that, I rebooted and there it was again. I then dragged out my little netbook which had not been used in about a month so I knew it would be clean and lo and behold, like a ghost in the night it was there as well. I then turned on my Logitech Revue and there it was staring me in the face. It was everywhere on my network!

 

The only thing these machines had in common was the router so I decided to look there. I noticed that my DNS settings had been changed. I did not make these changes and I am the only one with access to the router so this had to be done by the culprit. Here is what I did to clear up this nasty little varmint.

  1. Change the DNS settings on the router (primary and secondary). If you do not know these, you will have to contact your ISP to get them.
  2. Reboot the router. Turn it off for a few minutes then back on.
  3. Clear all browser history, including cache, cookies, etc. You should not need to reset your browser, at least I did not have to with Firefox.
  4. Re-open your browser and the little fellow should be gone.

I put the backup I made before the clean install back onto my computer and everything is still working fine and all of my files have been saved. This creature seeps into your router so your anti-virus software will not find it. Save yourself the headache of trying the numerous solutions on the web or you will end up standing on your head while drinking a glass of water and reciting the National Anthem. They didn't work for me.

 

The solution I have given above is working. I am keeping a check on my DNS settings to make sure they stay the same and so far, so good.

 

I hope this will help you.



#5 redwolfe_98

redwolfe_98

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina, USA
  • Local time:11:34 PM

Posted 11 February 2015 - 10:16 PM

i wish i could help.. there is a recently discovered vulnerability that some routers have.. here is an artcle that is related to that:

 

http://www.pcworld.com/article/2876276/dns-hijacking-vulnerability-affects-dlink-dsl-router-possibly-other-devices.html

 

it seems like you have problems with both your router and your computer..

 

i am thinking that the first thing to do is to get the issue with the router resolved..

 

do you own the router of did you get it from your ISP? if you got it from your ISP, contact them for help with it..

 

if you own the router, "reset" it to the default settings and then try to tweak any of its settings that you can, to make it as secure as possible, and update the router's firmware, if an update for it is available.. you can find information about how to tweak the router's settings at the manufacturer's website..

 

you mentioned a "clean install".. are you able to do a "clean install" of "windows"? if so, i would recommend doing another clean install..

 

as part of doing a "clean install", in my opinion, you should "erase" at least part of the harddrive, in order to insure a "clean install"..

 

(when you "erase" a harddrive, actually what is done is, the data on the harddrive is overwritten with "zeros".. when the data has been overwritten with zeros, it is as if there is no data there)..

 

i always use utilities from the harddrive-manufacturers' websites to erase my harddrives, however there are other ways that it can be done..

 

i use programs on a floppy disk for erasing my harddrives, but you probably don't have that option.. if it were me, and i was not able to use a floppy drive, i would look far a way to use a program on a USB flash drive to erase my harddrives.. "hiren's bootcd" is one option.. it has the same programs from the harddrive manufacturers' websites..

 

erasing a harddrive can take a long time, if you completely erase the whole harddrive.. you don't have to completely erase the whole harddrive, but you should at least erase the first part of the harddrive, in order to insure a clean reinstall of "windows"..

 

when doing a clean reinstall of "windows", you need to be sure that you have the drivers for your computer's network card, so that you can reconnect to the internet.. you also need to have any other drivers or software that are needed in order to be able to reconnect to the internet.. (in my case, all i need is the drivers for my computer's network card, in addition to having "windows" installed).. you might not even need the drivers for the network card, if they are automatically installed when installing "windows".. on one of my old computers, the drivers for the network card were automatically installed when installing "windows".. it just depends on which hardware you have.. the point is, you need to consider that you need to be able to reconnect to the internet, after having done a clean reinstall of "windows"..

 

another thing is, you need to do what you can to try to make your router secure, like changing its default password, for one thing.. you probably also should try to block remote access to the router's control panel, unless that is something that is needed.. in that case, you need to make it secure, like by only allowing access from particular ip addresses..






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users