Author Topic: router virus COMPLETED THANKS  (Read 6392 times)

Offline wilcoxon

  • -
  • RootsChat Marquessate
  • ****
  • Posts: 6,189
  • Barry Sheene 1950-2003
    • View Profile
router virus COMPLETED THANKS
« on: Sunday 07 November 10 14:44 GMT (UK) »
I`ve been and still am having problems with unwanted web pages popping up, and a page `Google Analytics` appearing when I `m on some sites including this one.
I`ve had my PC wiped clean, and a scan with  about 5 different tools show no virus at all.
Is it possible for something to have been corrupted in the settings in the Netgear N150 router I have.
This has recently replaced my old Speedtouch moden because I was having problems with it constantly disconnecting, the Netgear is far more reliable, but it seems I have only had this web page trouble since using it.
I may be totally off track on this as I`m not an expert, but it is baffling us both now. :'(
Census information is Crown Copyright (see: www.nationalarchives.gov.uk)

RootsChat is the busiest, largest free family history forum site in the country. It is completely free to use. Register now.
Also register instantly with Facebook or Twitter (and other social networks). Start your genealogy search now.


Offline downside

  • RootsChat Marquessate
  • *******
  • Posts: 4,206
  • Make my day
    • View Profile
Re: router virus
« Reply #1 on: Sunday 07 November 10 16:11 GMT (UK) »
Routers do not get viruses [Moderator Comment: Routers can be compromised, and that is what happened here] and Google Analytics is not a virus.  It has recently been discussed here:

http://www.rootschat.com/forum/index.php/topic,494166.0.html

I may have found a solution here:

http://www.google.com/support/forum/p/Web%20Search/thread?tid=52197b92c28f0b22&hl=en
Sussex: Floate, West
Kent: Tuffee
Cheshire: Gradwell
Lancashire: Gradwell

UK Census information is Crown Copyright, from www.nationalarchives.gov.uk

RootsChat is the busiest, largest free family history forum site in the country. It is completely free to use. Register now.
Also register instantly with Facebook or Twitter (and other social networks). Start your genealogy search now.


Offline wilcoxon

  • -
  • RootsChat Marquessate
  • ****
  • Posts: 6,189
  • Barry Sheene 1950-2003
    • View Profile
Re: router virus
« Reply #2 on: Sunday 07 November 10 18:09 GMT (UK) »
Thanks, but which of the answers is the solution.
We`ve used malware, bleepingcomputer, combofix, hijackthis, and goodness knows how many other tools, but it`s still there.
There is absolutley nothing showing .
I`ve even contacted my ISP and their reply is that its not going to be a virus in the router.
Census information is Crown Copyright (see: www.nationalarchives.gov.uk)

Offline oldhippy

  • RootsChat Aristocrat
  • ******
  • Posts: 1,127
  • Census information Crown Copyright, from www.natio
    • View Profile
Re: router virus
« Reply #3 on: Sunday 07 November 10 22:27 GMT (UK) »
It sounds to me like a Trojan. Have you tried a program that will detect Trojans?   Some programs that detect viruses won't detect Trojans. I use Trojan Remover.
Please scan photos at 300dpi or higher. Thank you.


Hambling. Mexter. Taylor. Bailey. Bolton. Boyse. Davenport. Fisher. Godfrey. Goff. Hawkins. Holmes. Jarvis. Joseph. Leek. Morgan. Osborne. Ross. Sharp. Webber.

Websites
http://hamblingfamily.tribalpages.com

http://taylorfamily1.tribalpages.com

Offline downside

  • RootsChat Marquessate
  • *******
  • Posts: 4,206
  • Make my day
    • View Profile
Re: router virus
« Reply #4 on: Sunday 07 November 10 22:31 GMT (UK) »
The answer is to edit your hosts file using NotePad and add an extra line.

Use My Computer and navigate to:

C:\Windows\system32\drivers\etc

Right click the file hosts and select Open With and then select NotePad

Go to the end of the file and add this line:

127.0.0.1       www.google-analytics.com


Then save the file.
Sussex: Floate, West
Kent: Tuffee
Cheshire: Gradwell
Lancashire: Gradwell

UK Census information is Crown Copyright, from www.nationalarchives.gov.uk

Offline wilcoxon

  • -
  • RootsChat Marquessate
  • ****
  • Posts: 6,189
  • Barry Sheene 1950-2003
    • View Profile
Re: router virus
« Reply #5 on: Monday 08 November 10 12:57 GMT (UK) »
Thanks, Im not confident enough to try this myself, but will show it to my PC man  .
Census information is Crown Copyright (see: www.nationalarchives.gov.uk)

Offline Sikes

  • RootsChat Member
  • ***
  • Posts: 195
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: router virus
« Reply #6 on: Wednesday 10 November 10 13:18 GMT (UK) »
The answer is to edit your hosts file using NotePad and add an extra line.

Use My Computer and navigate to:

C:\Windows\system32\drivers\etc

Right click the file hosts and select Open With and then select NotePad

Go to the end of the file and add this line:

127.0.0.1       www.google-analytics.com


Then save the file.

That is only stopping the pop-ups but not solving the underlying problem(s) you mentioned in other posts.

wilcoxon, you say you've tried hijackthis. Have you posted your log from this onto a specialist trojan / malware site? If you dont understand what I mean, you should follow these steps: http://www.bleepingcomputer.com/tutorials/tutorial94.html


Wiltshire: Matthews, Cresswell, Gregory
Staffordshire: Dean

--------------------------------------------
Map of Senghenydd mining disasters (1901 & 1913) victims

Offline sstarr2008

  • RootsChat Senior
  • ****
  • Posts: 274
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: router virus
« Reply #7 on: Friday 12 November 10 19:28 GMT (UK) »
Just a thought but have you tried connecting directly to the internet without your router?
If that cures your problem then it might be possible to cure the router by resetting it.
Starkey, Beaumont, Dunstan, Hogan, Nichol, Nichols, Laycock, Norbron, North, Smith, Connolly, Archer, Copley, Brook, Walker, Stocks, Berry, Swinden, Ambler.

Offline wilcoxon

  • -
  • RootsChat Marquessate
  • ****
  • Posts: 6,189
  • Barry Sheene 1950-2003
    • View Profile
Re: router virus
« Reply #8 on: Saturday 13 November 10 16:42 GMT (UK) »
Since I was last here we tried the ` answer is to edit your hosts file using NotePad and add an extra line.` theory, this did work and stop going to the Google search page, which by now was happening every single time I clicked on a link on this site.  Doing a search with Google still got me being redirected to other places.
My PC man just wasn`t happy about this as as far as he was concerned it was just covering up the problem as Sikes also said.
So my PC was taken away to repairmans home, after 36 hours he brought it back and told me that during all that time the problem had not happened once. He said he had `hammered` it downloading all sorts of stuff, and using sites that I never heard of trying to get it to happen just once.
I had previously  found a web page discussing router infections, and sent this to my PC man , he had a good look at all the possibilities of this.
Then he wiped it clean again, for the 3rd time, and just reinstalled Windows.
He brought it back yesterday , reconnected it and $%&*//@ heck it started again.
The only thing different from his house and mine was the router.
He reset it and Lo and Behold it worked with no problem at all. Then he reinstalled all my files etc, then my programmes and it`s still OK.
He did say that there seemed to have been 2 settings on the router, one which was correct and another that possibly taking me to goodness knows where.
Now I did get a bad virus  a couple of weeks after installing the new router and a scan showed me there were appx 854 infections.
This was before the second  reinstall.  Every  removal tool showed absolutlely  nothing , so at the end of a very frustrating couple of weeks we have come to the conclusion that somehow the router had become corrupted, settings had changed and caused the problem.
PC man has now stored this problem of mine in his mind as something to consider if anyone else has similer issues.
Thanks for all the suggestions, I think sstarr2008 was on the right track  :)
Census information is Crown Copyright (see: www.nationalarchives.gov.uk)