Jump to content

Router infected


razz

Recommended Posts

A scan with Avast revealed that our router had been infected. A notice further reads:

"Your router has been compromised and your network connections are being routed through a malicious remote server". Part of another message reads: "Your router has been hacked and its DNS settings have been modified to serve malicious contents".

 

I immediately changed the router password via the TP-Link page on my browser (192.168.0.1).

 

Besides performing a firmware update to our router, is there anything else that you would recommend that I do?

 

Our router is:

TP-Link Wireless N Gigabit Router

Model: TL-WR1043ND Version 2

Link to comment
Share on other sites

  • Moderators

in case you haven't gone to the Avast website, this is from their site; https://help.avast.com/en/ws_android/1/tp-link/howto_dns_hijack.html#solution

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites

Thank you for that, Razz & mta.  Never had even run that scan with Avast.  Came back OK.  

Got a new router from my isp a while back, have not learned to trust it yet.  

Feel better now.  :)  

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

tvm for the link mta.  I'll update the firmware and then proceed with configuration according to the instructions.  Thanks again.

 

@ login: glad you feel better now  :)  Hopefully I will too soon.

Note: In case you haven't yet, it's a very good idea to change your password from the password that it was shipped with (usually "admin").

Link to comment
Share on other sites

Can't a phone call to the ISP reset the router and input a new password (that's part of what you're paying them for).

 

Is that not only if your router was supplied by you ISP?  We purchased ours from another source.  Only the modem was supplied by our ISP.

Link to comment
Share on other sites

  • Moderators

"The password is...1...2...3...4...5..."

President Screwball - "That's amazing! I have the same password for my luggage!"

What? If this is helpful I'm not understanding, if not try and be a little more useful when posting in threads which deserve it...

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

tvm for the link mta.  I'll update the firmware and then proceed with configuration according to the instructions.  Thanks again.

 

@ login: glad you feel better now  :)  Hopefully I will too soon.

Note: In case you haven't yet, it's a very good idea to change your password from the password that it was shipped with (usually "admin").

 

Thanks for the reply.  My isp recently replaced the old router I purchased with one they supply.  The old one was out of date (imagine that, on a system of mine :P ) so I just allowed them to replace it.  I could control anything I wanted in the old one, not so much on the new one.  I checked everything I know how, and did fix the password, but don't completely trust it yet.  

 

So the Avast scan made me feel better.  

 

Fwiw, I think Corona's reply was a joke.   

Am pretty sure of that, but my conclusion is not based on any quantitative empirical data.  

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

A router firmware update won't necessarily change DNS settings. Check them manually! Usually you'll want to have it set to obtain DNS server addresses automatically from the ISP (DHCP feature). In rare cases (like the ISP DNS servers are unreliable) you might use OpenDNS or Google settings.

Link to comment
Share on other sites

The 2 posts circled are identical as far as I can tell, except in different forums.  

Same URL, same content, etc.  How can this be?  

Am I seeing double double?   Is a forum software glitch?    :)

Don't think razz double posted.  

 

 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

No you aren't seeing double as I can see it too.

 

Usually when a post is moved to another area of the forum (e.g. Lounge to Win Security) it isn't seen in the original area, just the new area.

 

Not sure what happened here but it's gone now from the lounge to post heaven :)

CCleaner documentation can be found here

https://www.ccleaner.com/docs/ccleaner

Support contact

https://support.piriform.com/hc/en-us/requests/new

support@ccleaner.com

 

Link to comment
Share on other sites

  • Moderators

It was probably an expiring redirect.

 

As a mod on another forum (vBullitin based) I occasionaly move threads from one forum to another.

 

When I move a thread there are options to leave a redirect from the original location, and you can set these to expire after a set time (no redirect, 1 day, 1 week, 1 month, permanent).

 

This is partly so that anyone who has bookmarked (or subscribed to) the original location will be redirected to the new location.

It does leave the same thread showing in both locations until the redirect expires, but there is only one thread in reality.

 

As I say that's with vBulletin but I assume it's the same with IPBoard.

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.