Router Hijack

John A · October 27, 2010

Starting a new thread as requested.

In reply to Noknojon http://forums.malwarebytes.org/index.php?s...20&start=20 post #36

I think I am clean after resetting the router, resetting the TCP/IP stack and flushing the DNS. Everything seems normal. I have scanned all computers with Microsoft Security Essentials, Malwarebytes, Superantispyware and can't see anything unusual with Hijackthis and other tools. I think that I won't bother the malware removal experts at this stage, but will keep an eagle eye on activities on my computer.

I will also heed the advise of Haider in post #37 in the above thread.

I really appreciate the advice given by others here. I thought I was on top of computer security, but this has opened up another dimension.

noknojon · October 27, 2010

Hi -

These are rapidly growing problems , so always keep your eyes open for any odd events -

Thank You -

John A · October 27, 2010

Another purchase of MBAM Full Version coming up!

Haider · October 27, 2010

Hello John A:

Couple of suggestion if you don't mind:

Please read and follow instructions in MS-KB967715
Always keep your system completely patched, not only Windows but all installed software. This is your first line of defense, a good program to use is Secunia PSI
Have any good Antivirus plus MBAM Full/PRO
A firewall

Bottom line is no security program/combination is 100% guaranteed

yardbird · October 27, 2010

Post # 4 above is good advise John !!!! regards...

noknojon · October 27, 2010

Hi -

Thank you for that - I am glad that we were able to help -

Always post back , and now as a paid member you will get priority help each time from our help desk -

Thank You -

John A · October 27, 2010

Thanks Haider & Yardbird

Does MBAM real-time protection prevent router hijacks? How?

1. I will look at Autoruns

2. I always keep system fully patched - will look at Secunia PSI

3. I have MS Security Essentials and now MBAM Pro

4. I use Windows firewall plus hardware firewall

I used to use Kaspersky but too much effort was required to keep it operational and it was too complicated for the other user of my PC

Haider · October 27, 2010

Hello John A:

You'd need following exclusions in MSE for MBAM to avoid conflict(s) if any due to real-time protection of both:

Windows XP 32-bit
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys

Windows 7 32-bit
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys

Now with MBAM Full/PRO you may want to configure Automatic Updates and Schedule Scans please check How To Use The New Scheduler

noknojon · October 27, 2010

Does MBAM real-time protection prevent router hijacks? How?

This is still an unknown as the infection has not actually entered your computer to run an exe -

But in saying that , there has not been a report from any paid users (that I can find) that have been infected this way -

The IP module should prevent you from accessing sites that contain these infections -

Thank You -

yardbird · October 27, 2010

FROM: John A posted via yardbird

Log received, and I was told your router is clean, Log posted below: Post back if you have any questions, or if theres anything else you need.

Glad everything worked out -- regards....

Traceroute Malwarebytes CDN version 1.5

Wed 27/10/2010

20:56:48.65

Phase #1

Tracerouting: data-cdn.mbamupdates.com

Tracing route to gs1.wpc.edgecastcdn.net [68.232.45.133]

over a maximum of 30 hops:

1 1 ms 1 ms 1 ms home [10.0.0.138]

2 44 ms 43 ms 43 ms 172.18.112.37

3 43 ms 42 ms 43 ms 172.18.66.18

4 43 ms 45 ms 43 ms 172.18.239.137

5 42 ms 42 ms 45 ms Bundle-Ether10.chw48.Sydney.telstra.net [203.45.17.13]

6 43 ms 45 ms 43 ms Bundle-Ether6.chw-core2.Sydney.telstra.net [203.50.6.153]

7 41 ms 43 ms 42 ms TenGigabitEthernet7-1.chw38.Sydney.telstra.net [203.50.20.176]

8 44 ms 44 ms 43 ms aaptpeer2.lnk.telstra.net [139.130.248.202]

9 45 ms 44 ms 43 ms 110.232.179.17

10 41 ms 43 ms 43 ms 68.232.45.133

Trace complete.

DNS Info

Server: home

Address: 10.0.0.138

Name: gs1.wpc.edgecastcdn.net

Address: 68.232.45.133

Aliases: data-cdn.mbamupdates.com

wpc.1d00.edgecastcdn.net

============================================================

Phase #2

Tracerouting: llnw.data-cdn.mbamupdates.com

Tracing route to mwbyte.vo.llnwd.net [117.121.253.254]

over a maximum of 30 hops:

1 1 ms 1 ms 1 ms home [10.0.0.138]

2 45 ms 43 ms 43 ms 172.18.112.37

3 44 ms 43 ms 43 ms 172.18.66.18

4 44 ms 45 ms 43 ms 172.18.239.137

5 43 ms 43 ms 44 ms Bundle-Ether10.chw48.Sydney.telstra.net [203.45.17.13]

6 43 ms 45 ms 45 ms Bundle-Ether2.ken39.Sydney.telstra.net [203.50.6.182]

7 42 ms 50 ms 49 ms tge5-1.fr3.syd.llnw.net [117.121.252.33]

8 42 ms 43 ms 43 ms cdn-117-121-253-254.syd.llnw.net [117.121.253.254]

Trace complete.

DNS Info

Server: home

Address: 10.0.0.138

Name: mwbyte.vo.llnwd.net

Address: 117.121.253.254

Aliases: llnw.data-cdn.mbamupdates.com

============================================================

Phase #3

Tracerouting: edge.data-cdn.mbamupdates.com

Tracing route to gs1.wpc.edgecastcdn.net [68.232.45.133]

over a maximum of 30 hops:

1 5 ms 1 ms 1 ms home [10.0.0.138]

2 42 ms 43 ms 43 ms 172.18.112.37

3 42 ms 42 ms 43 ms 172.18.66.18

4 43 ms 43 ms 42 ms 172.18.239.137

5 44 ms 42 ms 43 ms Bundle-Ether10.chw48.Sydney.telstra.net [203.45.17.13]

6 45 ms 44 ms 45 ms Bundle-Ether6.chw-core2.Sydney.telstra.net [203.50.6.153]

7 42 ms 45 ms 45 ms TenGigabitEthernet7-1.chw38.Sydney.telstra.net [203.50.20.176]

8 42 ms 45 ms 43 ms aaptpeer2.lnk.telstra.net [139.130.248.202]

9 44 ms 43 ms 45 ms 110.232.179.17

10 83 ms 62 ms 145 ms 68.232.45.133

Trace complete.

DNS Info

Server: home

Address: 10.0.0.138

Name: gs1.wpc.edgecastcdn.net

Address: 68.232.45.133

Aliases: edge.data-cdn.mbamupdates.com

wpc.1D00.edgecastcdn.net

============================================================

John A · October 27, 2010

Thanks

Do the MSE exclusions all go in the "Excluded files and locations" section only? I wasn't sure if I should put some/all the exe files in the "Excluded Processes" section as well.

Firefox · October 27, 2010

See Section I HERE for exclusions in MSE.

John A · October 27, 2010

Thank you Firefox

So I don't have to exclude the other ones below listed by Haider in W7 x32?

C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Firefox · October 27, 2010

John A, it wont hurt one way or the other....

John A · October 27, 2010

I use IE9 Public Beta and find it very stable. Are there any known problems with MBAM Pro with IE9 (I haven't had a problem yet)?

noknojon · October 27, 2010

Hi -

There are none known with Malwarebytes - Although McAfee has asked their users not to use IE9 at this stage -

That is the only Known conflict so far -

Thank You -

EDIT -

Love the new avatar :lol:

YoKenny1 · October 27, 2010

I use IE9 Public Beta and find it very stable. Are there any known problems with MBAM Pro with IE9 (I haven't had a problem yet)?

I use MBAM Pro with IE9 and it works great. :lol:

YoKenny1 · October 27, 2010

Hi -
There are none known with Malwarebytes - Although McAfee has asked their users not to use IE9 at this stage -
That is the only Known conflict so far -
Thank You -
EDIT -
Love the new avatar

I would not use McAfee ever.

noknojon · October 27, 2010

Hi YoKenny1 -

After being on their forum (McAfee) for the last week , I certainly agree -

Many internal problems with the new versions - Getting like AVG 2011 -

Thank You -

Router Hijack

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Important Information