Anti-Spyware Forums


Reply
Thread Tools Display Modes

Virus, modem, and router-switch

 
 
SL
Guest
Posts: n/a

 
      10-10-2010, 08:00 AM
What happened
----------------

One computer in the network was infected with 26 virus.

A few hours later the SMC router-switch went down (all lights were off
except power indicater).

Next day I plugged in a D-Link router switch; it worked.

Later a domain I was working on could be "ping", but could not accessed
through HTTP protocol. A little bit later, it could not be "ping".

I worked on another domain as well; this domain resides in the same web
server as the above mentioned domain. The domain was accessible all this
time.

And then an about hour later, I could reached the second domain.

Question
---------

Is this the sign of a virus infection ?


 
Reply With Quote
 
 
 
 
FromTheRafters
Guest
Posts: n/a

 
      10-10-2010, 12:23 PM
"SL" <(E-Mail Removed)> wrote in message
news:i8rrrg$9og$(E-Mail Removed)...
> What happened
> ----------------
>
> One computer in the network was infected with 26 virus.
>
> A few hours later the SMC router-switch went down (all lights were off
> except power indicater).
>
> Next day I plugged in a D-Link router switch; it worked.
>
> Later a domain I was working on could be "ping", but could not
> accessed through HTTP protocol. A little bit later, it could not be
> "ping".
>
> I worked on another domain as well; this domain resides in the same
> web server as the above mentioned domain. The domain was accessible
> all this time.
>
> And then an about hour later, I could reached the second domain.
>
> Question
> ---------
>
> Is this the sign of a virus infection ?


No.


 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a

 
      10-10-2010, 01:33 PM
From: "SL" <(E-Mail Removed)>

| What happened
| ----------------

| One computer in the network was infected with 26 virus.

| A few hours later the SMC router-switch went down (all lights were off
| except power indicater).

| Next day I plugged in a D-Link router switch; it worked.

| Later a domain I was working on could be "ping", but could not accessed
| through HTTP protocol. A little bit later, it could not be "ping".

| I worked on another domain as well; this domain resides in the same web
| server as the above mentioned domain. The domain was accessible all this
| time.

| And then an about hour later, I could reached the second domain.

| Question
| ---------

| Is this the sign of a virus infection ?


First off realize that viruses is the plural of virus and I can assure you that you have a
better chance of being hit by lightning than 26 viruses.
All viruses are malware but not all malware are viruses. That being said you had a
computer on your network that was infected with 25 pieces of malware.

However...
How do you KNOW it had 26 anything ?
You din't supply any information on what infected the computer (either by detection name
or what was deemed to be malware on the computer) or the anti malware solution that was
installed on the platform.

As for the problems you are having with a SOHIO Router.
The description is vague. I have seen Routers revert to factory settings due to a Brown
Out power condition and I have seen them die due to power surge power conditions or by
other causative factors. SOHO Routers are inexpensive and can die without notice.

Routers can become compromised by Malware. The Psyb0t worm targets a limited number of
Routers using embedded Linux and there is the DNSChanger trojan. The DNSChanger trojan
alters the DNS Server Table of a given Router such that nodes, who receive DNS servers via
DHCP, will use the Dirty list of DNS Server that the DNSChanger Trojan chane the Router
to.

To know if the SMC brand Router was compramised by the computer on the network that was
infected with 26 pieces of malware will depend on EXACTLY what the malware was identified
to be.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a

 
      10-10-2010, 01:36 PM
From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

< snip >

| As for the problems you are having with a SOHIO Router.

< snip >


SOHIO Router - LOL

That should have been "SOHO Router".




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a

 
      11-10-2010, 11:26 AM
"sl@exabyte" <(E-Mail Removed)> wrote in message
news:i8ug4b$ae$(E-Mail Removed)...
>
>
>> First off realize that viruses is the plural of virus and I can
>> assure you that you have a
>> better chance of being hit by lightning than 26 viruses.
>> All viruses are malware but not all malware are viruses. That being
>> said you had a
>> computer on your network that was infected with 25 pieces of malware.
>>
>> However...
>> How do you KNOW it had 26 anything ?
>> You din't supply any information on what infected the computer
>> (either by detection name
>> or what was deemed to be malware on the computer) or the anti malware
>> solution that was
>> installed on the platform.
>>
>> As for the problems you are having with a SOHIO Router.
>> The description is vague. I have seen Routers revert to factory
>> settings due to a Brown
>> Out power condition and I have seen them die due to power surge power
>> conditions or by
>> other causative factors. SOHO Routers are inexpensive and can die
>> without notice.
>>
>> Routers can become compromised by Malware. The Psyb0t worm targets a
>> limited number of
>> Routers using embedded Linux and there is the DNSChanger trojan. The
>> DNSChanger trojan
>> alters the DNS Server Table of a given Router such that nodes, who
>> receive DNS servers via
>> DHCP, will use the Dirty list of DNS Server that the DNSChanger
>> Trojan chane the Router
>> to.
>>
>> To know if the SMC brand Router was compramised by the computer on
>> the network that was
>> infected with 26 pieces of malware will depend on EXACTLY what the
>> malware was identified
>> to be.

[...]

> Thanks for the info.
>
> I am not sure the SMC is compromised by virus, it just so happened
> very shortly after a PC in LAN was infected by 26 virus (a pop-up
> dialog says so).


Yes, often antivirus programs will detect non-viral malware and refer to
them as "viruses" when alerting the user.

They are *wrong* to do so IMO.

> I shall find out more about the DNSChanger Trojan.


You may have a log file with the list of found malware on the PC in
question (or, rather, the machine that ran the scanner). You should get
a more detailed malware name for each instance (and evidence that *most*
were not actually viruses).


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a

 
      11-10-2010, 12:08 PM
From: "sl@exabyte" <(E-Mail Removed)>



| Thanks for the info.

| I am not sure the SMC is compromised by virus, it just so happened very
| shortly after a PC in LAN was infected by 26 virus (a pop-up dialog says
| so).

| I shall find out more about the DNSChanger Trojan.

You still haven't supplied any information on what infected the computer (either by
detection name or what was deemed to be malware on the computer) or the anti malware
solution that was
installed on the platform.


--
Dave
New, Multi-AV v7.03
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Etal
Guest
Posts: n/a

 
      11-10-2010, 05:49 PM
David H. Lipman wrote:

> SL wrote:
>
> | Thanks for the info.
>
> | I am not sure the SMC is compromised by virus, it just so
> happened very | shortly after a PC in LAN was infected by 26
> virus (a pop-up dialog says | so).
>
> | I shall find out more about the DNSChanger Trojan.
>
> You still haven't supplied any information on what infected
> the computer (either by detection name or what was deemed to
> be malware on the computer) or the anti malware solution that
> was installed on the platform.
>


In case the OP, SL, doesn't know what popped that message, the
description sounds like a pop-up dialog, popped by a single piece
of malware or a malicious website visited.
Then, the intent of that message-window would be to try to scare
the OP to download and install the actual malware.


--
Click on me!
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a

 
      11-10-2010, 07:37 PM
From: "Etal" <(E-Mail Removed)>

| David H. Lipman wrote:

>> SL wrote:


>> | Thanks for the info.


>> | I am not sure the SMC is compromised by virus, it just so
>> happened very | shortly after a PC in LAN was infected by 26
>> virus (a pop-up dialog says | so).


>> | I shall find out more about the DNSChanger Trojan.


>> You still haven't supplied any information on what infected
>> the computer (either by detection name or what was deemed to
>> be malware on the computer) or the anti malware solution that
>> was installed on the platform.



| In case the OP, SL, doesn't know what popped that message, the
| description sounds like a pop-up dialog, popped by a single piece
| of malware or a malicious website visited.
| Then, the intent of that message-window would be to try to scare
| the OP to download and install the actual malware.


That is a very possible scenerio but the OP needs to explain further. We shouln't have to
"guess".


--
Dave
New, Multi-AV v7.03
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
sl@exabyte
Guest
Posts: n/a

 
      11-10-2010, 11:16 PM


> First off realize that viruses is the plural of virus and I can assure you
> that you have a
> better chance of being hit by lightning than 26 viruses.
> All viruses are malware but not all malware are viruses. That being said
> you had a
> computer on your network that was infected with 25 pieces of malware.
>
> However...
> How do you KNOW it had 26 anything ?
> You din't supply any information on what infected the computer (either by
> detection name
> or what was deemed to be malware on the computer) or the anti malware
> solution that was
> installed on the platform.
>
> As for the problems you are having with a SOHIO Router.
> The description is vague. I have seen Routers revert to factory settings
> due to a Brown
> Out power condition and I have seen them die due to power surge power
> conditions or by
> other causative factors. SOHO Routers are inexpensive and can die without
> notice.
>
> Routers can become compromised by Malware. The Psyb0t worm targets a
> limited number of
> Routers using embedded Linux and there is the DNSChanger trojan. The
> DNSChanger trojan
> alters the DNS Server Table of a given Router such that nodes, who receive
> DNS servers via
> DHCP, will use the Dirty list of DNS Server that the DNSChanger Trojan
> chane the Router
> to.
>
> To know if the SMC brand Router was compramised by the computer on the
> network that was
> infected with 26 pieces of malware will depend on EXACTLY what the malware
> was identified
> to be.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>


Thanks for the info.

I am not sure the SMC is compromised by virus, it just so happened very
shortly after a PC in LAN was infected by 26 virus (a pop-up dialog says
so).

I shall find out more about the DNSChanger Trojan.



 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a

 
      12-10-2010, 03:31 AM
From: "sl@exabyte" <(E-Mail Removed)>

| Some names are:

| win32.Dripper
| win32.Anitigen.a
| HTML.RedBrowser.a
| HTML.Bayfraud.ra
| HTML.Citifraud
| win32.Delf.h
| win32.Anitv.a


| After doing some "google", I think the pop-up is virus (with a button
| "Remove All"). The PC user was fooled, I think.

Google was a waste of time.

While it is helpful, to some degree, to know the names of the malware it is insufficient
information.

What is needed is the name of the anti malware application that is installed and is THAT
the what declared the malware as well as the fully qualified names and paths to the files
deemed to be infected.

Without that information, I must conclude that this is the result of a FakeAv trojan
infection which is a con. The person gets infected with a trojan and it Pops-Up
indicating you are infected and to remove the malware and FakeAV application is suggested.
The motivation is money and personal information. The other possibility is the PC isn't
actually infected but a well crafted web page is shown that LOOKS LIKE a standard window
Pop-Up indicating that the PC is infected.


--
Dave
New, Multi-AV v7.03
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT. The time now is 11:22 PM.