Router infected? Seeking assistance with a fake tech support hijack

[WCSWood]

Ok, will do. As for the other the problem started with my old computer.
A 15 yr old Dell. And it was currently disabled by the fake tech screen
when I unplugged it and installed the new tower. The new one instantly showed
the same screen and everything worked except the internet, meanwhile
the wifi phone was not connecting as always happens when the plugged in
computer gets hijacked. The one constant between the two is the modem,
as I tried plugging the new computer directly into the modem and the tech
support scam screen was still blocking things.
Also, the refurbished one came from Best Buy and it had me do a system
restore upon start up.
I did contact my phone company and they assure me everything is
fine on their end. When the internet is on it is great. Not slow, nothing.
And like I said, it's been on all day, yay!
I'll download that last and get on the scan.
Thanks for all your help.

[WCSWood]

ESET Online Scanner detected no threats.

[Juliet]

Somewhat running out of options with tools to detect something malicious.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

• rkill.exe
• rkill.com
• rkill.scr
• rkill.pif
• WiNlOgOn.exe
• uSeRiNiT.exe

~~~~~~~~~~~~~~~~~~~`

Please remove any usb or external drives from the computer before you run this scan!


Please download RogueKiller and save it to your desktop.
RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.

[WCSWood]

RogueKiller V12.1.3.0 (x64) [Apr 18 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Willis [Administrator]
Started from : C:\Users\Willis\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 04/24/2016 11:45:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2558890546-1323134406-2902475843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2558890546-1323134406-2902475843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75M2NA0 ATA Device +++++
--- User ---
[MBR] 28364a0ca2477cf40bedd8798243a6e2
[BSP] 8b28c01e9b1167f236fb6ab87bffebae : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5816 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 11913216 | Size: 948051 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[WCSWood]

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/24/2016 09:19:16 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/24/2016 09:19:52 AM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

[WCSWood]

Hey there, Juliet. Still have not lost my internet.
So that is great.

[Juliet]

Hey there, Juliet. Still have not lost my internet.
So that is great.

How long have we been running now and it's still hanging in there?

IF, it's working as it should, let's give it a day or 2 and see what happens. I'll keep this topic open till I hear back from you......in a small amount of time I hope

[WCSWood]

Hey, thanks so much for all your attention. I am wondering if maybe the new
computer with Win 7 was able to better and more fully update a defense against
this thing. My old computer seemed to be constantly trying to update stuff and
was constantly bogged down with that. I had thought that my virus scans, which
I perform religiously as well as cache dumps and resets, etc, got this thing a while
back but it kept coming back. Anyway, now seems all good. Do you think plugging
the old computer back in and connecting to wifi would be at all risky? And were
the two last items found in that scan of any concern?
And yeah if all good then hope to not bother ya again. Plus I think I have some
cool new scanners to keep me clean. Thanks again.
I take it a donation to the mothership is the best way to keep this going?

[Juliet]

Hey, thanks so much for all your attention. I am wondering if maybe the new computer with Win 7 was able to better and more fully update a defense against this thing.
My old computer seemed to be constantly trying to update stuff and was constantly bogged down with that. I had thought that my virus scans, which I perform religiously as well as cache dumps and resets, etc, got this thing a while back but it kept coming back. Anyway, now seems all good.
Do you think plugging the old computer back in and connecting to wifi would be at all risky? And were the two last items found in that scan of any concern?
And yeah if all good then hope to not bother ya again. Plus I think I have some cool new scanners to keep me clean. Thanks again.
I take it a donation to the mothership is the best way to keep this going?

You can open and run RogueKillerX64.exe and check it to be deleted it's really not on the malicious end more of possibly unwanted...

Your newer computer might have been able to get more updates on board then the older one....who knows

This last months set of updates from Microsoft was a nightmare for a lot of people including myself...I worked hard at getting all off that made it on and uninstalled. Set windows to never update then manually went after them one by one till I found the one that was causing the most trouble.....then hid that one!

If you should connect the old computer back in and connecting to wifi , can be done but first thing I would do is make sure to run updates on all programs.
This includes virus protection, updates to windows, malware protection, ect..ect...

Scanners we used here have to be downloaded regularly to have the latest definitions. Some, when left on the computer are picked up later as malicious and the antivirus can go bonkers.

Donations are always appreciated

~~~~~~~~~~~~~
Let's remove tools and quarantine folders.

DelFix

• Please download DelFix or from Here and save the file to your Desktop.
  
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  
• Activate UAC
• Remove disinfection tools
  
  
• Click the Run button.
• -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~`

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malwareby quietman7, MVP

• AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
• Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
• SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
• Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
• Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
  

Want to help others? Join the ClassRoom and learn how.

[WCSWood]

Great, all cleaned up. The Malwarebytes is still here and I am wondering
is it all it claims to be, is it better than Spybot S&D, a complimentary piece
or what? Is the premium a stand alone and the free more of a scan as
needed? Both just came up in the dropdown menu when I was transfering
music files and the Malwarebytes made short work of scaning the whole folders
and Spybot complained that the queue was too large.
I also was curious about one other thing I encountered
in the notes/links. Java updates are mentioned often. There is no "java icon" in my control panel and
I couldn't get it to come up with any of the alternative cmd prompt ways
outlined. Do I need to worry about this as I don't even know what java is?
Lastly, I like this Windows 7. Should I upgrade to the 10?