"Flash player pro" malware and router dns redirection

Malware detection, cleaning and prevention

"Flash player pro" malware and router dns redirection

Postby kiwigene on Wed May 07, 2014 12:45 pm

I have an issue with the "Flash Player Pro" malware. I have run various anti-malware scans and they find nothing.
If I try and open google.com I get the pop-up. Other websites are affected too.

It's also affecting my use of Google, FaceBook and YouTube on my iPad - popups telling me to install Flash Player or in the case of FaceBook telling me there is an internet connection error.

This makes me suspect that perhaps my router has been hacked and there is some form of dns redirection going on.

Can anyone offer some help?

Exetel reps: Can you send me the standard ip/dns settings for routers/modems connected to Exetel so I can see if my router's settings have been changed?
User avatar
kiwigene
 
Posts: 75
Joined: Wed Sep 12, 2007 4:35 pm
Location: Sydney

Re: "Flash player pro" malware and router dns redirection

Postby Dazzled on Wed May 07, 2014 2:05 pm

220.233.0.4 and 220.233.0.3 are Exetel's servers. The modem should report them automatically.

It's a well-known Windows infection, and can come with new software installs, eg a range of "Lyric" type applications. If you have installed one of these recently, remove it. Have you tried malwarebytes https://www.malwarebytes.org/ to have a crack at it? Then follow up wth CCleaner, https://www.piriform.com/ccleaner. Last check your browser for an unwanted extension or add-on.

PS On the Apple machine, clear all cookies and data. If you think your modem is compromised, do a factory reset and reinstall.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6525
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: "Flash player pro" malware and router dns redirection

Postby KavindaS on Wed May 07, 2014 2:17 pm

kiwigene wrote:
Exetel reps: Can you send me the standard ip/dns settings for routers/modems connected to Exetel so I can see if my router's settings have been changed?


If you are referring to the WAN configurations,
IP- Should be your Exetel given WAN IP / Static IP
DNS - Primary 220.233.0.4/3

PM me your service number if you require more information.
User avatar
KavindaS
Forum Admin
 
Posts: 1635
Joined: Wed Dec 23, 2009 3:59 pm
Location: Sydney

Re: "Flash player pro" malware and router dns redirection

Postby kiwigene on Wed May 07, 2014 2:41 pm

Thanks Kavinda.

I have already run malwarebytes and adaware anti-malware programs. They found nothing. I'll try CCleaner.

The computer is effectively new - I haven't downloaded any software (except Chrome and Waterfox - but that was only because IE was giving me the "Flash Player pro" problem).
That being said, I didn't set it up - it came preinstalled with Windows 7, IE11, Office 2010 etc. I guess it could have already been on the new computer.

But since I'm seeing similar problems on iPads and iPod Touch's (before I got the new computer) I reckon it's the modem.

I'll reset the modem to see if that helps. Thanks again.
User avatar
kiwigene
 
Posts: 75
Joined: Wed Sep 12, 2007 4:35 pm
Location: Sydney

Re: "Flash player pro" malware and router dns redirection

Postby kiwigene on Thu May 08, 2014 4:40 pm

Reset my modem and the issues now seems to be gone (only checked a couple of websites so far, problem on iPad is gone too...).

So it does look like my moden had been compromised with the dns redirect hack.

So lesson learned is to ensure your modem is protected by changing the admin password.

Not all virus/malware issues are confined to just your computer.

Everyone should check their modems regularly...
User avatar
kiwigene
 
Posts: 75
Joined: Wed Sep 12, 2007 4:35 pm
Location: Sydney

Re: "Flash player pro" malware and router dns redirection

Postby KavindaS on Thu May 08, 2014 5:04 pm

kiwigene wrote:Reset my modem and the issues now seems to be gone (only checked a couple of websites so far, problem on iPad is gone too...).

So it does look like my moden had been compromised with the dns redirect hack.

So lesson learned is to ensure your modem is protected by changing the admin password.

Not all virus/malware issues are confined to just your computer.

Everyone should check their modems regularly...


Glad to hear the issue is fixed now. Thanks for the information about how you resolved the issue. :D
User avatar
KavindaS
Forum Admin
 
Posts: 1635
Joined: Wed Dec 23, 2009 3:59 pm
Location: Sydney


Return to Virus / spam / spyware issues

Who is online

Users browsing this forum: No registered users and 1 guest