1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet hijack on all operating systems

Discussion in 'Virus & Other Malware Removal' started by tommo020788, Apr 16, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. tommo020788

    tommo020788 Thread Starter

    Joined:
    Oct 20, 2008
    Messages:
    322
    Hi, recently a friend of mine accidentally clicked on a fake virus protection poppup, and I was able to stop the main part of the virus from effecting the rest of the computer, but there is still a browser hijacker hiding somewhere... and no virus protection I have tried has picked it up yet.
    The bad thing about this hijacker, is that it has spread through to the other computers through the network (Mac, and Linux/Kubuntu computers) aswell.

    The only noticable effect it is having, is on the internet browsers.
    Basically, there are 2 things this virus is doing.
    Firstly, every couple of times you click on a link, it redirects you to one of many sponsored websites, which seems to be making the virus owner, money through the google adwords ppc program.

    Secondly, every now and then, it will cause a poppup WITHIN the browser window, asking you to install some kind of security program, which if you click on, it will try to download a file.


    Any Idea what this could be, and how I could get rid of it from a mac, and a linux computer aswell?


    Additional info:
    Here is a HijackThis! log file - HijackThis! Log
     
  2. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Hi there. I'll check the windows computer for you but first, could you try resetting your router to factory defaults? There is an infection going around infecting the DNS settings on routers and if all your systems are obtaining their DNS settings from the router, this would cause those symptoms.

    I can help you find out how to do this if you tell me the make and model of your router/modem.
     
  3. tommo020788

    tommo020788 Thread Starter

    Joined:
    Oct 20, 2008
    Messages:
    322
    Hi, Thanks for your reply.
    Could a changed DNS setting on the router really be causing the poppup windows within the internet browsers?

    Also, should the router need to be reset to the factory defults using the pin?, or just reset by powering off for 10 secs, then turning back on?
     
  4. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    On most routers all you have to do is use a paperclip to push the reset button (which is typically within a small hole in the back) for about 10 seconds while the router is still on. I can look up the exact procedure for your router if you give me its make and model.

    We'll know once we test this theory ;)
     
  5. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
  6. tommo020788

    tommo020788 Thread Starter

    Joined:
    Oct 20, 2008
    Messages:
    322

    Thanks heaps :)
    I will give this a try later on when I get home.

    I can handel doin a reset on the router, but it would have been the DNS flush on lunix and mac that would have me confused haha... I'm still quite new to linux and mac terminal code.

    That website link is just what I needed! :)

    Cheers
    Tom

    p.s. I'l let you know how it goes when I do this.
     
  7. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    I'm going to bed now so it might be a while before I respond. Good luck :)
     
  8. tommo020788

    tommo020788 Thread Starter

    Joined:
    Oct 20, 2008
    Messages:
    322
    well You were right Neon ;) it turned out there were some DNS settings changed on the router.
    A factory reset, and a final virus scan on each computer did the trick.
    I also did a DNS flush on each computer for good measure as you suggested.
    there is now no more sign of the virus around.
     
  9. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Excellent.

    The best way to prevent this kind of infection is by changing the default administrative passwords on the router and by disabling telnet/remote access to it if it has that feature. I don't mean the wireless password, but the password that is used when you connect to it through your browser.


    I'll mark this thread as Solved, you have a good one.
     
  10. tommo020788

    tommo020788 Thread Starter

    Joined:
    Oct 20, 2008
    Messages:
    322
    Yeah well thats the thing... there was quite a nice password set on the router, so I am not sure how the virus was able to bypass that.
    And yes, I mean both a wireless WAP2 passphrase, and a password to log into the router...

    must have been a pretty reziliant virus to get past either of them, even through telnet.
    It would deffinantly be the first time I've seen a virus acheive this!

    either way, the problem seems to be solved, and there is no sign of the virus.

    Thanks again
    Tom



    p.s. by the way, how does one quallify to be a malware removal assistant? I have a fairly decent history in malware removal, and helping clients with getting rid of/repairing dammage from of all kinds of virus's.
    I have also helped allot of people on yahoo answers, and always gotten best answer in malware related issues.
    Do you require credentials of some sort?
    I would just like to be able to give back to the community a bit.
     
  11. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Curious how that would happen on a secure router. Maybe there's a bug in your router's firmware allowing remote code execution. See if you can find a firmware upgrade on the manufacturer's website.

    As for your postscript see here:

    http://forums.techguy.org/site-comments-suggestions/917510-how-can-i-help-others.html


    You'll have to go through a training program to be allowed to help in malware removal at various websites. I graduated from GeeksToGo but there are a number of others out there and they all have their pros and cons.
     
  12. tommo020788

    tommo020788 Thread Starter

    Joined:
    Oct 20, 2008
    Messages:
    322
    Thanks for the help. I took the little application test they had on the "Geeks to go!" webstie you linked me to, as well as the one in the "What the tech" website :)
    Hopefully hear back from them within a week ^_^

    Cheers!
    Tom
     
  13. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Great :) I'll probably see you around then. I'm sure you won't regret it. It's been really rewarding for me and I hope it will be for you too.

    It will be a long time before you are allowed to start helping in the forums but it's all worth it so don't give up!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917207

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice