Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rdsrv changing my router's and modem's DNS repeatedly


  • This topic is locked This topic is locked
4 replies to this topic

#1 nvik

nvik

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 30 May 2015 - 01:34 PM

Hi folks!

 

I use a D-Link 2520Z ADSL modem wired to a WRT120N Linksys router.

For the past week, I have literally seen like 1000 ads on virus removal tool kit, bang your computer is infected, here a girl who wants to meet and what not! Every page I got (heck even on google search results page), I first need to click anywhere the page to open this rdsrv (or adcash) link and only then am I able to click on any valid links.

 

Thinking this was an issue with my Windows 7 computer - I downloaded all possible anti-virus, anti-malware, anti-spyware software but the thing didn't go away. Selectively deleted every single file (which i thought was suspicious) that got created with the last 10 days and the damn ads will still not go away.

Literally wasted 3 days over this.

 

Then, i started noticing that my Mac, my android device - every device connected to Wifi had this issue. My phone over 3G didn't get ads!

So I dug things up over the internet and found that something is changing the DNS of my modem and/or router. And bang.. the DNS1 entry on my router and modem were IP addresses of Netherlands!

 

I did a factory reset of both devices, upgraded their firmwares, changed their login passwords and manually put in Google DNS (8.8.8.8 and 8.8.4.4).. what a relief. All was well for a day, and the next morning I started getting the ads again! My modem's and router's DNS again had a new IP address, this time from Ukraine!

Redid everything and things were fine until the next day.. and I am seeing ads again... on every single page I visit,  every single link I click, I see 2 sometimes 3 popups opening up.

 

What can I do to fix this?

 

Relevant threads :- https://discussions.apple.com/thread/6987223?start=0&tstart=0

http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/potential-malware-rdsrvcom/adab5118-07f8-4020-af94-b6dd3eced7bf?page=1

http://www.bleepingcomputer.com/forums/t/561684/forgot-my-restrictions-passcode-now-i-cant-reset-to-factory-default/

 

 

Please help!!!



BC AdBot (Login to Remove)

 


#2 nvik

nvik
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 31 May 2015 - 12:11 PM

anyone?? Please help..



#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:09:33 PM

Posted 04 June 2015 - 11:18 AM

:welcome:

 

Just so you know that our helpers look for logs with Zero replies and when you replied to your own topic it removed you from that category.

 

Lets run some scanners and see whats going on

 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Right click the aswMBR icon and select Run as Administrator
  • XP users just Double Click it to run
  • If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes
  • Click the Scan button to start scan.
  • Select Quickscan on the dropdown list
  • If you are asked to update the Avast Virus database please allow it to do so.
  • The scan could take 20 minutes or more , please be patient and let it finish
  • It will say Scan Finished when its done.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     

     
    Please download Farbar Recovery Scan Tool and save it to your DESKTOP
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #4 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:33 PM

    Posted 07 June 2015 - 04:05 PM

    Still with me, do you still need help or have you resolved this issue ?


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:33 PM

    Posted 08 June 2015 - 05:59 AM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users