Possible Router Infection
Started by
ShowMe
, Jul 07 2011 09:32 AM
#1
Posted 07 July 2011 - 09:32 AM
#2
Posted 09 July 2011 - 01:53 PM
If there is a separate dsl or cable modem then disconnect your neighbor's PC from the router. Press the RESET button on the router and hold it for 30 seconds. Connect your PC with a cable. Log on to the router and change the password. (If you don't know the router's address just Start, Run, cmd, OK and then type:
ipconfig
(With an Enter after the line). The router will be the same as the default gateway so open a browser and type in the ip address of the default gateway.)
You will need the password. Look at
http://www.phenoelit...rg/dpl/dpl.html
or
http://www.routerpasswords.com/
The first one you can print out the second is easier to use if you are on line.
Log on and change the password(s) to something else. (You can write the new password on a piece of paper and tape it to the bottom of the router.)
While there verify that the router is not running DD-WRT software. IF it is you may need to go to the router maker's website and download the latest version of the original firmware. I have seen one case where malware had presumably installed this open source router code and a day after the reset and password change it was reinfected so presumably the code had a back door installed in it. IF the router is wireless you should pick the newest encryption scheme it has (something besides WEP) and use a nice long password for it. We are seeing some drive-by hacks these days and the WEP encryption is easily hacked.
Odds are that your neighbor's PC is/was infected so perhaps you could run a good scan on it while you are there.
ESET's is very good:
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
You can also try the bitdefender quickscan.
http://quickscan.bitdefender.com/
MBAM is also good:
http://www.malwarebytes.org/mbam.php
SAVE Malwarebytes' Anti-Malware to your desktop.
Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Ron
ipconfig
(With an Enter after the line). The router will be the same as the default gateway so open a browser and type in the ip address of the default gateway.)
You will need the password. Look at
http://www.phenoelit...rg/dpl/dpl.html
or
http://www.routerpasswords.com/
The first one you can print out the second is easier to use if you are on line.
Log on and change the password(s) to something else. (You can write the new password on a piece of paper and tape it to the bottom of the router.)
While there verify that the router is not running DD-WRT software. IF it is you may need to go to the router maker's website and download the latest version of the original firmware. I have seen one case where malware had presumably installed this open source router code and a day after the reset and password change it was reinfected so presumably the code had a back door installed in it. IF the router is wireless you should pick the newest encryption scheme it has (something besides WEP) and use a nice long password for it. We are seeing some drive-by hacks these days and the WEP encryption is easily hacked.
Odds are that your neighbor's PC is/was infected so perhaps you could run a good scan on it while you are there.
ESET's is very good:
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
You can also try the bitdefender quickscan.
http://quickscan.bitdefender.com/
MBAM is also good:
http://www.malwarebytes.org/mbam.php
SAVE Malwarebytes' Anti-Malware to your desktop.
Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Ron
#3
Posted 09 July 2011 - 02:29 PM
Thank you very much for your quick and very comprehensive reply. I will follow your instructions in a few days when m y neighbor gets back from Japan.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users