Posted on 06/27/2010 6:12:20 AM PDT by Mere Survival
Thanks for the ping!
I copy all the tools and suggestions and send them to a web-based e-mail that I can reference whenever I get to a pc that looks like toast...
keeps me up to date! some good webtools available..
I still find USB flashed superantispyware and windows defender/windows security essentials manage to remove the activity until you can hit it with everything you have...like malwarebytes, etc....
tagged
Cheers!
Thanks!
If it’s your router that’s been compromised and had its DNS servers redirected so you’re constantly browsing to the hacker’s chosen site, then we need to reset the router to factory original, then update the device. Hard reset, will be a small button somewhere on the router (depending upon your make/model).
If it’s your PC that is actually infected, first download AVG Free (I like it) and Microsoft Security Essentials (also free).
Then, BEFORE you install, disconnect from the Internet (unplug or turn off your WiFi), and shut down the computer. Then restart, run AVG Free, then run and install MSE.
THEN, and only then, reconnect to your router.
Then download new firmware for your router and install it. Reboot everything again, and you should be in the clear.
As another poster above mentioned, your router is most likely NOT infected, it’s probably just been reconfigured, so the reset - and updating the firmware - will fix that issue.
Maybe I missed it but what OS (including service Pack) are you running and which version of IE? What type of router do you have? Model and firmware?
Never heard of that one but got a copy. Thanks!
The Chuck Norris Computer virus doesn’t infect computers....
Computers just stop working in fear of getting it....
The malware changes the proxy setting in the browser to redirect all traffic for control. Eliminating the malware alone does not restore the browser to its original config.
Glad it helped you.
In my case the nuisance messages were popping up frequently, every minute in some cases. If I closed the pop-up, it would route my browser to porno sites. MalwareBytes did clean the rogue program and fix the registry (yes, the rogue program does a number on the registries, and also blocks out Windows Explorer, and will not allow you to go to the DOS prompt unless you are in the Safe Mode). It also corrupts Panda to the point it becomes inoperable, so a full uninstall, reinstall, and update of Panda or whatever internet security package you are using may be necessary.
This would be a first. Never seen a virus that infected a router.
____________________________________________________________
No I don’t think it’s a first, and it infects the router from my experience. If I just wiped the hard drive the virus was still there. I had to wipe the hard drive and reset/turn off the router. I think it lodges in the RAM of the router. The redirect stays in the router unless you power down the router and kill the RAM. If you don’t do that you are just redirected to a server that reinfects you even if you kill the virus on the computer.
Is “Root!” a tradename? What is “Root!”?
Maybe I missed it but what OS (including service Pack) are you running and which version of IE? What type of router do you have? Model and firmware?
______________________________________________________________
Why does that matter to you or your advice?
However, I am not sure Combofix did anything. What I did do is download Malawarebytes in
In saftey mode to the desktop
Do not execute right a way, when you do, do not download the latest updates or add to menu etc. Go back and execute the most recent downloads, then run it. That Got Vondu.
Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
____________________________________________________________
Nod. I did that on setup with Firefox, same gets me back on track with explorer. So do you think this 5 step process will kill the virus:
1) Reset router password from factory origninal to avoid getting redirect in router’s RAM
2) Reset turn off router
3) Disconnect PC from router and internet.
4) Run Malwarebytes to kill the malware
5) Uncheck “proxy server
It matters hugely on how to prevent it from coming back. He may be doing something wrong or very inproper in terms of security so like turning of UAC.
I have up to date service packs on my XP OS and set a password on the Nextgear router. Anything else I can do to prevent reinfection?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.