Router infected? Seeking assistance with a fake tech support hijack
- Thread starter WCSWood
- Start date
- Status
Got my fingers crossed we keep on humming.
I'm going to list a couple of links to change the password for your router.
How do I change administrative password on TP-LINK ADSL router
http://www.tp-link.com/en/faq-191.html
How to Change a TP Link Wireless Password
http://www.wikihow.com/Change-a-TP-Link-Wireless-Password
How to find or change the wireless password on the TP-LINK products
Note: To find the password we need a computer physically connected to your TP-LINK’s LAN port.
http://www.tp-link.com/en/faq-399.html
Last edited:
Tech screen blocked the internet most of yesterday afternoon
and evening and I've been all out with work. Do you think there is
any justification for swapping out the modem with an new
one from the phone company? Also, I am wondering about
the mobile phone. It is a Samsung Galaxy and I only got it to use
with the wifi here at home and occasionally out on the road.
Anyway, I bought it second hand on e-bay. Could it have
come with a virus? I should have time this afternoon to see about
resetting the router password.
and evening and I've been all out with work. Do you think there is
any justification for swapping out the modem with an new
one from the phone company? Also, I am wondering about
the mobile phone. It is a Samsung Galaxy and I only got it to use
with the wifi here at home and occasionally out on the road.
Anyway, I bought it second hand on e-bay. Could it have
come with a virus? I should have time this afternoon to see about
resetting the router password.
Switching out the modem may or may not help I just don't know.
The phone may have been sold containing the virus but I have no idea if it did or not.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
~~~~~~~~~~~~~~~~~~~~~~~~~`
Download this free tool and save it to your desktop.
Avast Browser Cleanup
https://www.avast.com/en-us/browser-cleanup
(this will open in a new window)
You do not need to install the program. This portable scanner will run automatically once you double-click on the executable file avast-browser-cleanup.exe.
Once the download completes, double-click the file to install the program on the computer. It will update the database once installations has finished. Internet connection is required at this point.
3. After downloading necessary updates, Sophos Virus Removal Tool displays the welcome screen.
Click on Start Scanning button to begin checking the system for presence of rootkit and virus
When run, Avast Browser Cleanup performs a test on the browser. If unwanted entries were found, it will display a button ‘Remove all add-ons listed below and cleanup browser.’ You may remove all or delete one entry at a time.
Do the above then continue with the below.
In a situation like this, where scans are showing nothing and a reset did not resolve the issue, we need to do a clean reinstallation of the browser.
IF Google Chrome is already uninstall, skip to the next set4 of instructions.
Google Chrome Clean Reinstallation
http://www.wikihow.com/Export-Bookmarks-from-Chrome
Revo Uninstaller
~~~~~~~~~~~~
router reset
Router Power Cycle
Please read: Malware Silently Alters Wireless Router Settings
Consult Router Passwords to find out what default username and password for your brand of router and make a note of that for future reference. Alternatively, your may find the username/password written on the base of your router. If neither options are applicable, please contact the manufacturer of your router.
Reset Router to Factory Default Settings:
In a situation like this, where scans are showing nothing and a reset did not resolve the issue, we need to do a clean reinstallation of the browser.
IF Google Chrome is already uninstall, skip to the next set4 of instructions.
Google Chrome Clean Reinstallation
- Open Google Chrome.
- Click Customize and control Google Chrome in the top right corner.
- In the dropdown list click More tools, followed by Clear browsing data....
- In the Obliterate the following items from: dropdown list click the beginning of time.
- Ensure the following items are checked:
- Browsing history
- Download history
- Cookies and other site and plug-in data
- Cached images and files
- Click Clear browsing data.
http://www.wikihow.com/Export-Bookmarks-from-Chrome
- Please download and install Revo Uninstaller.
- Double-click Revo Uninstaller to run the programme.
- From the list of programmes, locate the following and carry out the steps below one at a time.
- Google Chrome
- Double-click the programme.
- When prompted if you want to uninstall click Yes.
- Ensure the Moderate option is selected and click Next.
- The programme uninstaller will run. If prompted again click Yes.
- Work your way through the uninstaller, ensuring you read each page thoroughly.
- Once the built-in uninstaller is finished click Next.
- Once the programme has searched for leftovers click Next.
- Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
- When prompted click Yes, followed by Next.
- Click Select all, followed by Delete.
- When prompted click Yes, followed by Next.
- Upon completion, click Finish.
- In your next reply, confirm you were successful in uninstalling all programmes listed above.
~~~~~~~~~~~~
router reset
- Switch your computer off.
- Turn your router/modem off.
- Unplug your router/modem and all cables from the wall.
- Wait 60 seconds.
- Plug your router/modem back in and turn on.
- Switch your computer on.
- Check for issues.
Please read: Malware Silently Alters Wireless Router Settings
Consult Router Passwords to find out what default username and password for your brand of router and make a note of that for future reference. Alternatively, your may find the username/password written on the base of your router. If neither options are applicable, please contact the manufacturer of your router.
Reset Router to Factory Default Settings:
- Typically a reset can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
- Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)
- In order to get to the router's server, type http:\\192.168.1.1 in the address bar and click Enter. You should see the log in window.
- Fill in the password you have already found and you will get the configuration page.
- Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard.
- If you do not have a setup wizard you have to fill in the log in password your ISP has initially given to you. You can also call your ISP if you don't have your initial password.
- Don't forget to change the routers default password and set a stronger, more complex password. Note down the password and keep it somewhere for future reference.
- Click Start, Control panel, then double-click Network and Sharing Center.
- In the left window select Manage Network Connection.
- In the right window right-click Local Area Connection and select Properties .
- Internet Protocol Version 6 (IP6v) should be checked. Double-click on it. Make sure of the following settings:
- The option Obtain an IP address automatically should be checked.
- The option Obtain DNS server address automatically should be checked.
- Click OK.
- Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
- The option Obtain an IP address automatically should be checked.
- The option Obtain DNS server address automatically should be checked.
- Click OK twice.
- If you need to change any of these settings you will need to reboot your computer.
Last edited:
Sorry for the delay. Neither Sophos nor the browser
cleanup found anything and unfortunately my internet
went down to the fake tech screen for most of yesterday
afternoon and evening. I did just change the wifi password
this moment. During the "blackout" yesterday, however,
I discovered that FB Messenger works on the phone and I was able to have
a vid conference as scheduled with a client. Probably meaningless,
but at this point I thought I'd mention it anyway.
If all of these scanners keep showing my new computer as
clean it seems to me this thing could be in the phone or the
modem. I'm thinking I should replace 'em both. The phone was
cheap the modem should be no charge.
cleanup found anything and unfortunately my internet
went down to the fake tech screen for most of yesterday
afternoon and evening. I did just change the wifi password
this moment. During the "blackout" yesterday, however,
I discovered that FB Messenger works on the phone and I was able to have
a vid conference as scheduled with a client. Probably meaningless,
but at this point I thought I'd mention it anyway.
If all of these scanners keep showing my new computer as
clean it seems to me this thing could be in the phone or the
modem. I'm thinking I should replace 'em both. The phone was
cheap the modem should be no charge.
2 things I can think of we haven't tried.
Try to use "Restore Windows to a previous state using System Restore" restore point to a time before this happened.
and
Boot into safe mode to use MSCONFIG (msconfig utility) to see if there is an item listed there that can be unchecked, my thought is this is scripted to start when windows loads.
While your computer is in Safe Mode with Command Prompt, type msconfig
Click on the Startup tab, then search for any suspicious or unknown entries (random numbers or letters, ctfmon.exe, and other suspicious or unknown entries), and uncheck them from startup, then click on OK.
Try to use "Restore Windows to a previous state using System Restore" restore point to a time before this happened.
and
Boot into safe mode to use MSCONFIG (msconfig utility) to see if there is an item listed there that can be unchecked, my thought is this is scripted to start when windows loads.
While your computer is in Safe Mode with Command Prompt, type msconfig
Click on the Startup tab, then search for any suspicious or unknown entries (random numbers or letters, ctfmon.exe, and other suspicious or unknown entries), and uncheck them from startup, then click on OK.
Hey there, so sorry to just drop off the planet.
Buried with too much too do. I conducted a small
experiment. After my last post I powered off the
phone and reset/power cycled/purged and scanned
everything and the computer and kept the phone off.
Yesterday afternoon I had to use the phone for a video
meet with a client so I unplugged the computer
and disconnected from the router. Used the phone
and then powered it down, reset the modem and
router, scanned the computer and have kept the
phone off. No problems, haven't lost internet, seen
a tech screen, or had any slow downs. A couple
days now....
Buried with too much too do. I conducted a small
experiment. After my last post I powered off the
phone and reset/power cycled/purged and scanned
everything and the computer and kept the phone off.
Yesterday afternoon I had to use the phone for a video
meet with a client so I unplugged the computer
and disconnected from the router. Used the phone
and then powered it down, reset the modem and
router, scanned the computer and have kept the
phone off. No problems, haven't lost internet, seen
a tech screen, or had any slow downs. A couple
days now....
I feel obligated to tell ya that I lost my internet
a couple of times in the last 24 hrs. The tech screen
showed up once but now it is just failing on a
screen that says the site was unable to establish
a secure connection.
For some reason, however, FB Messenger and the
video chat capabilities on my phone never go down when the
rest of the system seems paralized. This means that
my client sessions are not interrupted and yet with
the internet being so unreliable my productivity
has gone through the roof. I'm finally finishing a kitchen
cabinet that I started a month ago, my garden is hopping
along and I have not even logged into Facebook in a couple
weeks.
Anyway, I'm over this thing. I'm a woodworker and have
no tools that work on it. Thanks for all your help, but I think
I'll just bury my head in the sand for now and enjoy my
life. When the virus sees fit to let me send an email every now
and then I will.
Thanks again,
-Isaac
a couple of times in the last 24 hrs. The tech screen
showed up once but now it is just failing on a
screen that says the site was unable to establish
a secure connection.
For some reason, however, FB Messenger and the
video chat capabilities on my phone never go down when the
rest of the system seems paralized. This means that
my client sessions are not interrupted and yet with
the internet being so unreliable my productivity
has gone through the roof. I'm finally finishing a kitchen
cabinet that I started a month ago, my garden is hopping
along and I have not even logged into Facebook in a couple
weeks.
Anyway, I'm over this thing. I'm a woodworker and have
no tools that work on it. Thanks for all your help, but I think
I'll just bury my head in the sand for now and enjoy my
life. When the virus sees fit to let me send an email every now
and then I will.
Thanks again,
-Isaac
You have tons more done then I can get to.
This is a first for me but I think we're dealing with a phone that came to you in bad shape.
This may or may not help but I did find an article that does a virus scan on phones.... If you can give me the name of your phone I'll try to look up tech tips and see if we can reset this thing.
http://www.samsunggalaxysmanuals.co...-the-factory-samsung-galaxy-s6-virus-scanner/
Last edited:
- Status