Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zombie/botnet/DNS/Router issue


  • Please log in to reply
No replies to this topic

#1 mirabelle x3

mirabelle x3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Great White North
  • Local time:08:44 AM

Posted 06 April 2015 - 07:14 AM

Any help to get stable would be aprreciated.  Ive pulled an all nighter and still have assignments to complete for Tuesdy.  Thank you.  I have found the text below in a log file from tunnybrowser (dev/log/system) on my ancient Asus TF101 tablet. Android 4.0.3  I have no idea where tunnybrowsercame from?

  This is from the first scan log fir tunny browser.

 

(7493) "Debuggerd committing suicide to release the zombie"

 

The tablet is having similar issues that I had with the laptop.  Browsers opening suspect looking sites.  Browser URL window being amended with java or scripts or something elese.  I have saved screen shots. 

 

The tablet is running a few app tools such as Fing to gather info on my router and devices. Issues first became apparent on my laptop when upgraded to 8.1. October 2014. Restored after failure to boot properly x:\window\system32\cmd.exe March 2015.

Planned on tweaking router and then cleaning laptop and doing fresh install, then the tablet
and phone.  The tablet is vulnerable (SSL, etc.) and the OS cant be upgraded without rooting....the next project.

 

Initial symptoms seen on the laptop noted below.  Tablet was not online until late March.

Issues were multiple browser processes, duplicate files, url's adding script, ssid changed from 2257 to 22571. ISP contacted, made to feel paranoid. DNS changing. Large amounts of data over router when from 2little activity to explain. A second router (dlink) has been seen in the scans...not for a few weeks. Still confirming MAC addresses of additional devices such as  my Cisco digital boxes

Avast scan result that could be repeated advised router had been hacked and my network connections being routed throuh a malicious server. DNS records being hijacked. Given it could not repeat this finding I thought was an error or an effort to purchase software. February 2015..   cmd prompts sfc and scanreg/fix and no more errors.  Just enough bandaids to keep up with assignments.

 

Scans with Rkiller  found pup files..others errors included cabarchive corrupted in AppData

Files and data have been saved on an external device. Happy to pull the plug on the laptop and start fresh I am most concerned about the router I need help with the router recommendations and it would be nice to determine the cause of the issues. Botnet? . I appreciate any assistance. I apologize for the obscure and limited details. Typing with one finger and not versed with these types of threats and am just an average computer user. .


Edited by hamluis, 06 April 2015 - 08:42 AM.
Moved from Gen Sec to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users