[RKinner]

Good. I still think there is something wrong with the router. If you open IE or Firefox and type in 192.168.1.1 and hit Enter it should ask you for a login and password. Unless you changed it on most Linksys there is no login name and the password is admin.

Click on Status and look under Internet Connection.

There are three entries for DNS. Do you see our evil addresses there?

Just looked at the Linksys page and they now recommend a 30 second hold on the reset button so if you see the bad DNS addresses, press and hold the RESET button for 30 seconds then go back and look and see if things are different.

Make sure you change the password from the default. When the router’s web-based setup page appears, click Administration.

Enter the new password on the Password and Re-enter to confirm fields.

SAVE Settings.

Hint. Send yourself an email with the router's new password.

Ron

[Advertisements]

Hi Ron,
I changed the password and rebooted the router like you said. I went back and changed the DNS to automatic and redid the 3 ipconfig steps, and still have the 2 bad DNS servers on the list
I went back and changed the DNS to the 2 preferred, but there is still obviously a problem. Dumb viruses!

[Rolph]

Hi Ron,
I changed the password and rebooted the router like you said. I went back and changed the DNS to automatic and redid the 3 ipconfig steps, and still have the 2 bad DNS servers on the list
I went back and changed the DNS to the 2 preferred, but there is still obviously a problem. Dumb viruses!

[RKinner]

Did you check to see if the Router has those two bad DNS addresses on it?

If you changed the password before your reset it then the password went bye-bye as the reset removes all changes.

Go to
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.

Select Find in Registry, check all HKEY boxes then have it look for 213.109.65.40. You can then select all and then right click and delete selected. It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it. If it finds the first one then go ahead and repeat for 213.109.75.90.

RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron

[Rolph]

Hi Ron,
Regseeker found nothing for both scans. Here is the ESET log:

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{EB7E826C-0FE9-40EC-BC3C-B51E4912BA92}\RP792\A0154713.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

[RKinner]

Go into the router and see what DNS it wants to use:

http://www6.nohold.n...=...=96&slnid=4

If it's our evil friends then the router may be getting reinfected by another computer.

Ron

[Rolph]

DNS 1 and 2 are the bad ones. 209.18.47.61 and .62. DNS 3 is empty. The only other device that should be on this network is my Xbox, which has been off the whole time.

[RKinner]

The router is still infected. You have changed the password so it should not be possible for an infection on your computer to cause this. It really acts like the reset is not working.

Remove the router from the mix and plug the PC directly into the cable/dsl modem. Change the PC back to Automatically get the DNS and then run the ipconfig series. What DNS do you get from the modem? Is it the same as the router was showing? What IP address and default router does it want to use?

Ron

[Rolph]

The router is still infected. You have changed the password so it should not be possible for an infection on your computer to cause this. It really acts like the reset is not working.

Remove the router from the mix and plug the PC directly into the cable/dsl modem. Change the PC back to Automatically get the DNS and then run the ipconfig series. What DNS do you get from the modem? Is it the same as the router was showing? What IP address and default router does it want to use?

Ron

Hi Ron,
I've been messing with this stupid router for 2 weeks trying to get it to work right. No matter what I do, I cannot connect to the internet when I have the modem connected directly to the ethernet card. It will only work when connected to the router. This is driving me crazy. Any advice?