Jump to content

Help removing possible infection from modem!


Recommended Posts

I have a Dlink DSL-2520U modem with a separate WiFi router at home. Everything was working fine until I used this modem at a friend's place since his internet wouldn't work and we thought we'd check whether there was a problem with his modem.

Apparently he has had malware issues for some time now and these seem to have creeped into my connection. So I got the modem back to my place and connected it and all worked just fine for the day.

Next day onwards, I cannot connect to the internet. The PPPoE light on the modem does not turn on. Plus I'm having these two new problems :

1. I can't open my modem settings page. Im able to login to 192.168.1.1, but it simply shows a blank page after that.

2. Everytime I boot my PC, a webpage kb.ribaki.org opens up. I have looked this up and apparently it is some form of malware.

I have tried resetting the modem using the pinhole button multiple times but it doesn't seem to help. I still am unable to access the settings page.

Also, the same modem worked at my friend's place AND on my office connection(which in itself has been infected with malware for some time now... i have a separate thread on this forum for that). I had called in a technician who tried his own spare modem which seemed to work at my place.

I'm in a major dilemma here. My last resort would be to buy a new modem, but im unsure if that would solve the problem.

Any help with this would be highly appreciated.

Thanks,

KV

 

 

Link to post
Share on other sites

Hello KV and welcome to Malwarebytes.....

Lets run the sequence of how to use the Factory reset option again....

Use a paperclip or other suitable tool to gently push down the reset button in the following
sequence:
 
  • Press and hold the reset button while the device is powered off. (Keep the button in)
  • Turn on the power.
  • Wait for 10~15 seconds and then release the reset button.[/list

    Please be aware that this will wipe out any settings stored in the memory, including user account information and LAN IP settings. The device settings
    will be restored to the factory default IP address 192.168.1.1 and the subnet mask is 255.255.255.0, the default management Username is "admin"
    and the default Password is also "admin"

    Next,

    Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

    There are three buttons to choose from with different names on, select the first one and save it to your desktop.
     
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.


    Next,

    Please open Malwarebytes Anti-Malware.
     
    • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
    • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
    • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the Scan is complete Apply Actions to any found entries.
    • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.


    To get the log from Malwarebytes do the following:
     
    • Click on the History tab > Application Logs.
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have three options:
      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
       
    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


    Next,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin...

Link to post
Share on other sites

Thanks for those logs, continue as follows :-

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin.....

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.