Jump to content
CCleaner Community Forums

Router infected


razz

Recommended Posts

A scan with Avast revealed that our router had been infected. A notice further reads:

"Your router has been compromised and your network connections are being routed through a malicious remote server". Part of another message reads: "Your router has been hacked and its DNS settings have been modified to serve malicious contents".

 

I immediately changed the router password via the TP-Link page on my browser (192.168.0.1).

 

Besides performing a firmware update to our router, is there anything else that you would recommend that I do?

 

Our router is:

TP-Link Wireless N Gigabit Router

Model: TL-WR1043ND Version 2

Link to post
Share on other sites

tvm for the link mta.  I'll update the firmware and then proceed with configuration according to the instructions.  Thanks again.

 

@ login: glad you feel better now  :)  Hopefully I will too soon.

Note: In case you haven't yet, it's a very good idea to change your password from the password that it was shipped with (usually "admin").

Link to post
Share on other sites

Can't a phone call to the ISP reset the router and input a new password (that's part of what you're paying them for).

 

Is that not only if your router was supplied by you ISP?  We purchased ours from another source.  Only the modem was supplied by our ISP.

Link to post
Share on other sites
  • Moderators

"The password is...1...2...3...4...5..."

President Screwball - "That's amazing! I have the same password for my luggage!"

What? If this is helpful I'm not understanding, if not try and be a little more useful when posting in threads which deserve it...
Link to post
Share on other sites

tvm for the link mta.  I'll update the firmware and then proceed with configuration according to the instructions.  Thanks again.

 

@ login: glad you feel better now  :)  Hopefully I will too soon.

Note: In case you haven't yet, it's a very good idea to change your password from the password that it was shipped with (usually "admin").

 

Thanks for the reply.  My isp recently replaced the old router I purchased with one they supply.  The old one was out of date (imagine that, on a system of mine :P ) so I just allowed them to replace it.  I could control anything I wanted in the old one, not so much on the new one.  I checked everything I know how, and did fix the password, but don't completely trust it yet.  

 

So the Avast scan made me feel better.  

 

Fwiw, I think Corona's reply was a joke.   

Am pretty sure of that, but my conclusion is not based on any quantitative empirical data.  

Link to post
Share on other sites

A router firmware update won't necessarily change DNS settings. Check them manually! Usually you'll want to have it set to obtain DNS server addresses automatically from the ISP (DHCP feature). In rare cases (like the ISP DNS servers are unreliable) you might use OpenDNS or Google settings.

Link to post
Share on other sites

The 2 posts circled are identical as far as I can tell, except in different forums.  

Same URL, same content, etc.  How can this be?  

Am I seeing double double?   Is a forum software glitch?    :)

Don't think razz double posted.  

 

 

Link to post
Share on other sites
  • Moderators

No you aren't seeing double as I can see it too.

 

Usually when a post is moved to another area of the forum (e.g. Lounge to Win Security) it isn't seen in the original area, just the new area.

 

Not sure what happened here but it's gone now from the lounge to post heaven :)

Link to post
Share on other sites
  • Moderators

I think the forum software is perhaps auto-cleaning itself as I've seen moved posts before with a link still in the improper forum area it was originally posted in.

 

Or someone is doing it. :ph34r: Not me though!

Link to post
Share on other sites
  • Moderators

It was probably an expiring redirect.

 

As a mod on another forum (vBullitin based) I occasionaly move threads from one forum to another.

 

When I move a thread there are options to leave a redirect from the original location, and you can set these to expire after a set time (no redirect, 1 day, 1 week, 1 month, permanent).

 

This is partly so that anyone who has bookmarked (or subscribed to) the original location will be redirected to the new location.

It does leave the same thread showing in both locations until the redirect expires, but there is only one thread in reality.

 

As I say that's with vBulletin but I assume it's the same with IPBoard.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...