Jump to content

Does anyone recognise this Malware?


racer

Recommended Posts

Hi

 

I have a client's computer infected with a browser popup ad wich pops up on every new webpage opened.

 

I'm quite adept at removing infections, but this one has got me stumped.

 

So far I've run a Malwarebytes full scan which found nothing.  I've also done the same with SuperAntiSpyare, Hitman Pro, ADWCleaner, JRT, Avast Rootkit Scanner..  all scans come up clean.  I've run HijackThis as well, which shows no suspicious entries....

 

So I'm hoping someone here will recognise this particular popup format as now I'm stuck...  Please see attached screenshot.

 

tks

roger

post-53396-0-39366400-1453373896_thumb.j

Link to post
Share on other sites

Well, it turns out that the computer was indeed clean as all the anti-malware software reported.  the problem was that their router had been compromised and was setup to give bad DNS info to the computers on the LAN.  The router http port was also changed from the default so that one couldn't log into the router!

 

I discovered this by watching the network traffic and noticed that DNS requests were going to an unrecognised IP address.  Once I set the computer's DNS manually to the correct servers, the popups stopped.

 

A portscan on the router gave me the listening port, so I could eventually log on to router and erase the DNS info that had been inserted.  I also re-flashed the router to be safe.

 

Hopefully this helps somone with a similar problem where the anti-malware scanners don't pick up anything on the computer...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.