Redirect Problems San Jose CA

[Jack&Jill]

Hello Jack ,

We need to try few things to clarify the source of the redirects your are experiencing.

My understanding of your reply regarding your computer we are working on now is that it uses Actiontec DSL Gateway modem, correct?

Do the other computers experience any redirects through the wireless connection? If not, can you try to connect to the Internet using the wireless modem with this computer?

Another question is do you know how to configure the modems in case we need to reset them to factory default settings?

 

[Jack Fischer]

Redirecdt Problems in San Jose

That's correct, an Actiontec DSL Gateway modem.

And this is so interesting. Both my lap top and my son's Mac mini are experiencing redirect problems and they both connect through the wireless modem.

I don't think I can connect the desktop machine we've been working on wirelessly. I think's too old to have a wireless card.

I don't know how to configure the modem, but I bet we can find instructions online. One problem, my wife is a physician who often works on charts from home, so I can't have the Internet access down for long.

Next steps?

jack

 

[Jack&Jill]

Hello Jack ,

I think's too old to have a wireless card.

An ancient one, no wonder the rootkit scan programs are havings problems running.

One problem, my wife is a physician who often works on charts from home, so I can't have the Internet access down for long.

We will work with desktop first. At least you will have the others as backup in case anything happens.

Check router / modem

• Open Notepad. Copy and paste the following text into it:
  

  @echo off
  >router.txt (
  ipconfig /all
  nslookup google.com
  nslookup yahoo.com
  ping -n 2 google.com
  ping -n 2 yahoo.com
  route print
  )
  start router.txt
  del %0

• Save it as router.bat on the desktop. Make sure the Save as type: is All Files (*.*).
• Double click on router.bat to run it. Allow if prompted by any security software.
• Post the contents of router.txt. It is found on your desktop.

--------------------

Please post back:
1. router.txt

 

[Jack Fischer]

Redirect Problems in San Jose, CA

Here you go:



Windows IP Configuration



Host Name . . . . . . . . . . . . : dell

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-05-5D-37-13-77

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, December 16, 2010 2:02:08 PM

Lease Expires . . . . . . . . . . : Friday, December 17, 2010 2:02:08 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.159.104, 74.125.159.99, 74.125.159.147, 74.125.159.106
74.125.159.105, 74.125.159.103

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 67.195.160.76, 72.30.2.43, 209.191.122.70
69.147.125.65



Pinging google.com [74.125.45.99] with 32 bytes of data:



Reply from 74.125.45.99: bytes=32 time=118ms TTL=48

Reply from 74.125.45.99: bytes=32 time=118ms TTL=48



Ping statistics for 74.125.45.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 118ms, Maximum = 118ms, Average = 118ms



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=46ms TTL=53

Reply from 98.137.149.56: bytes=32 time=47ms TTL=53



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 47ms, Average = 46ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 05 5d 37 13 77 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
63.241.108.124 255.255.255.255 192.168.1.1 192.168.1.5 20
64.208.138.214 255.255.255.255 192.168.1.1 192.168.1.5 20
64.208.176.122 255.255.255.255 192.168.1.1 192.168.1.5 20
64.208.176.144 255.255.255.255 192.168.1.1 192.168.1.5 20
66.119.34.43 255.255.255.255 192.168.1.1 192.168.1.5 20
66.150.117.24 255.255.255.255 192.168.1.1 192.168.1.5 20
76.13.219.190 255.255.255.255 192.168.1.1 192.168.1.5 20
94.245.121.179 255.255.255.255 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
174.129.224.140 255.255.255.255 192.168.1.1 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
198.63.194.10 255.255.255.255 192.168.1.1 192.168.1.5 20
198.173.21.18 255.255.255.255 192.168.1.1 192.168.1.5 20
204.12.208.131 255.255.255.255 192.168.1.1 192.168.1.5 20
209.234.225.89 255.255.255.255 192.168.1.1 192.168.1.5 20
216.115.110.119 255.255.255.255 192.168.1.1 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

 

[Jack&Jill]

Hello Jack ,

Gather information

• Before we reset the modem, you will need to get the DNS server numbers from your Internet Service Provider (ISP).
• Alternatively, you can use OpenDNS.
• They will be used in the configuring the modem after we make a reset.
• Please access your modem and browse through the layout and contents.
• You may do so by typing 192.168.1.1 into the browser address bar and pressing Enter.
• If you do not have access, use the default username and password from here to access the modem or you can consult the source from which you got the modem from.
• Find the DNS settings and take note of the DNS numbers so that we will know if the reset is successful.
• The DNS may or may not be bad. Unless they are the same as what your ISP has provided, they should be omitted later.
• Please also note that if you have configured the security settings of the modem before, you will need to redo it after the reset.
• Exit the configuration interface of the modem.

Reset modem

• Please reset the modem by using a pen or paper clip to push a small recessed button at the back of the modem.
• Hold it pressed down until the lights of your modem blinks, usually about 10 seconds.
• Enter the modem configuration again and go to the DNS settings. Are they the same as previous?
• Key in the DNS servers that you acquired from either your ISP or OpenDNS. You will need to save or confirm the change for it to take effect.
• Also, please change the password of the modem from the default, and if possible set a new username.
• This is to prevent unauthorized access of the modem and hijacking after the reset.

Flush DNS

• Go to Start > Run.... Copy and paste the following text into the white box:
  

  cmd /c ipconfig /flushdns

• Click OK.

Let me know how it goes.

 

[Jack Fischer]

Redirect Problems in San Jose, CA

Jack and/or Jill,

Please do not close this thread. I can't work on resetting the modem until Monday.

Thanks!

jack

 

[Jack&Jill]

Hello Jack ,

Thanks for informing. I will wait a bit. Understand that sometimes we have other priorities.

 

[Jack Fischer]

Redirect Problems in San Jose, CA

Okay, I did as requested. I think my ISP dynamically assigns my DNS each time I log on. I did set a new password. I ran the code in the run window. It seemed to execute the command but it did not give back any results.

Next?

Thanks!

jack

 

[Jack&Jill]

Hello Jack ,

Good. Please run router.bat again and post back the result.

Check router / modem

• Open Notepad. Copy and paste the following text into it:
  

  @echo off
  >router.txt (
  ipconfig /all
  nslookup google.com
  nslookup yahoo.com
  ping -n 2 google.com
  ping -n 2 yahoo.com
  route print
  )
  start router.txt
  del %0

• Save it as router.bat on the desktop. Make sure the Save as type: is All Files (*.*).
• Double click on router.bat to run it. Allow if prompted by any security software.
• Post the contents of router.txt. It is found on your desktop.

--------------------

Please work the computer and your connection a bit to see if the redirect still occurs, and if yes, where do you get redirected to?

--------------------

Please post back:
1. router.txt
2. any more redirects?

 

[Jack Fischer]

Redirect Problems in San Jose, CA

Here's the new text from running the router.bat file:



Windows IP Configuration



Host Name . . . . . . . . . . . . : dell

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-05-5D-37-13-77

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, December 21, 2010 12:07:38 PM

Lease Expires . . . . . . . . . . : Wednesday, December 22, 2010 12:07:38 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.19.147, 74.125.19.103, 74.125.19.99, 74.125.19.104

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging google.com [74.125.224.18] with 32 bytes of data:



Reply from 74.125.224.18: bytes=32 time=51ms TTL=54

Reply from 74.125.224.18: bytes=32 time=48ms TTL=54



Ping statistics for 74.125.224.18:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 51ms, Average = 49ms



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=49ms TTL=53

Reply from 98.137.149.56: bytes=32 time=47ms TTL=53



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 49ms, Average = 48ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 05 5d 37 13 77 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
12.129.210.71 255.255.255.255 192.168.1.1 192.168.1.5 20
64.94.126.65 255.255.255.255 192.168.1.1 192.168.1.5 20
64.210.61.213 255.255.255.255 192.168.1.1 192.168.1.5 20
65.49.92.123 255.255.255.255 192.168.1.1 192.168.1.5 20
65.49.92.145 255.255.255.255 192.168.1.1 192.168.1.5 20
65.49.92.235 255.255.255.255 192.168.1.1 192.168.1.5 20
65.55.116.181 255.255.255.255 192.168.1.1 192.168.1.5 20
66.94.245.1 255.255.255.255 192.168.1.1 192.168.1.5 20
66.94.245.254 255.255.255.255 192.168.1.1 192.168.1.5 20
66.114.48.14 255.255.255.255 192.168.1.1 192.168.1.5 20
66.114.48.16 255.255.255.255 192.168.1.1 192.168.1.5 20
66.220.149.11 255.255.255.255 192.168.1.1 192.168.1.5 20
67.195.141.200 255.255.255.255 192.168.1.1 192.168.1.5 20
67.195.141.201 255.255.255.255 192.168.1.1 192.168.1.5 20
68.142.199.25 255.255.255.255 192.168.1.1 192.168.1.5 20
98.137.49.1 255.255.255.255 192.168.1.1 192.168.1.5 20
98.137.51.1 255.255.255.255 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.241.217.186 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.9 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.32 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.35 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.40 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.83 255.255.255.255 192.168.1.1 192.168.1.5 20
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
173.192.198.179 255.255.255.255 192.168.1.1 192.168.1.5 20
174.129.128.117 255.255.255.255 192.168.1.1 192.168.1.5 20
174.129.139.142 255.255.255.255 192.168.1.1 192.168.1.5 20
174.129.214.149 255.255.255.255 192.168.1.1 192.168.1.5 20
184.72.90.115 255.255.255.255 192.168.1.1 192.168.1.5 20
184.72.146.145 255.255.255.255 192.168.1.1 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
204.2.136.114 255.255.255.255 192.168.1.1 192.168.1.5 20
208.92.238.24 255.255.255.255 192.168.1.1 192.168.1.5 20
208.96.4.68 255.255.255.255 192.168.1.1 192.168.1.5 20
216.223.0.211 255.255.255.255 192.168.1.1 192.168.1.5 20
216.252.120.245 255.255.255.255 192.168.1.1 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

 

[Jack Fischer]

Redirect Problems in San Jose, CA

Oh and no re-directs yet today, but I haven't been on yet. I had some yesterday after the work with the router. I'll copy the url and let you know as soon at it happens.

Thanks,

jack

 

[Jack&Jill]

Hello Jack ,

Please try to use your computer for a few more days and let me know how it goes.

 

[Jack Fischer]

No redirects or extra windows opening so far, but the machine hasn't been used much because of he holidays. Let's give it another couple days. Meanwhile, do we need to go back and do something about some of the threats one of the utilities found, or you think that flushing the router fixed them?

Best,

jack

 

[Jack&Jill]

Hello Jack ,

Hope you are enjoying the holidays.

do something about some of the threats one of the utilities found

You are referring to? Only those files that I asked you to scan at VT are left and will be dealt with later.

Let's give it another couple days.

Agreed.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 7.0.7

• Go to the Adobe download page. Click here.
• If your OS is not the same as stated, click on Different language or operating system? link.
  • Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
  • Change the language if you want by clicking on English below the Select a language title.
  • Press Continue.
  • Uncheck (untick) Free McAfee Security Scan (optional).
  • Click the Download now button after selecting the latest version.
  • Allow if prompted and save the file to a convenient location.
  • Run the downloaded file to continue with the installation.
• If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
• Click Download to proceed. Allow if prompted and save the file to a convenient location.
• Run the downloaded file to continue with the installation.

--------------------

Do an online scan with Kaspersky Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

• Click here to go to Kaspersky Online Scanner page.
• Read through the requirements and privacy statement and click on the Accept button.
• Download and installation of the scanner and virus definitions will begin. If prompted to install from Kaspersky, please proceed.
• When the downloads have finished, click on Settings on the lower left of the window.
• Make sure all these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*]Archives
    [*]Mail databases
• Click on My Computer under Scan tab to start scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place as KasperskyScan.txt. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Post the contents of that report in your reply.

--------------------

Please post back:
1. any more redirects?
2. Kaspersky online scan result

 

[Jack Fischer]

jack/jill

Well, I don't think we've seen any redirect problems or unwanted windows openin on any of the machines. Great job! I never would have guessed the router. What now?

Happy new year.

Best,

jack

 

[Jack&Jill]

Hello Jack ,

Happy New Year to you too.

Have you updated Adobe Reader and did a Kaspersky online scan according to my previous instructions? Please post the result from the online scan.

 

[Jack&Jill]

Hello Jack ,

I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

We have a few more things to do before we are done.

If I do not get any response within the next 24 hours, this topic will be closed.

 

[Jack Fischer]

VERYsorry. I did not see this email becuse iI wasn't checking regularly over the holidays. I'll run Kaspersky right now and post.

I would like to finish up.

Cheers,

jack

 

[Jack Fischer]

Redirect Problems in San Jose CA

Well, not my best report. :red: I installed the new Adobe Reader before reading all of your instructions and did not first uninstall the earlier version. I tried to uninstall it afterward and received an error note and could not uninstall it. The new version DID say is was uninstalling all earlier versions as part of its install, but I found the 7.07 version in the program install/uninstall part of of control panel. Shall I uninstall the new version and start over?

When I tried to run Kaspersky, it spent a long time installing the database and then gave me an error message that said:

"Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]"

Please advise.

Thanks, cheers and Happy New Year,

Jack

 

[Jack&Jill]

Hello Jack ,

Shall I uninstall the new version and start over?

Yes, please give it a shot. Having the old version means your computer will be vulnerable.

--------------------

We will do the ESET scan.

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

• Click here to go to ESET Online Scanner page.
• Click on ESET Online Scanner. A new window will open.
  For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
• After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
• You will be prompted to install an ActiveX Control from ESET. Please install.
• At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
• Now, click on Advanced settings and make sure all these are checked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click on Scan to proceed.
• When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
• Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Rerun OTL

• Double click on OTL.exe to run it.
• Make sure all the Use SafeList options is checked (ticked). There are six of them.
• Check Scan All Users.
• At the lower right corner, check LOP Check and Purity Check.
• Click on Run Scan at the top left hand corner. This might take a while.
• When done, two Notepad files will open. Please post back OTL.txt.

--------------------

Please post back:
1. ESET online scan result
2. OTL.txt
3. any more problems?