Skip to main content

Vktarget.ru / Traffstock / AdWizard / Stubborn Browser Hijacker

Comments

68 comments

  • Customer

    Hello!

     

    Please do such actions:

    • try to find and delete such key in registry:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000\Control

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme\Enum
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME\0000
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\catchme
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CATCHME\0000
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CATCHME
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\catchme
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme


    • Try to Delete a file:
      • C:\Users\windows7\AppData\Local\Temp\catchme.sys (if file could not be deleted - reboot the system and try again)


    • Uninstall "PxMergeModule"

    • If exist - try to delete files:


     

    Download and run TDSSKiller from here. Do a scan and share your results. Also you can try to run Firefox browser with turned off extensions https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode#w_how-to-start-firefox-in-safe-mode

     

     

     

     

    0
  • Customer

    Hi - Here are some more reports that I hope will assist you.

     

    Many thanks - Thanu

     

    Forum wouldn't allow upload of Ad-Aware Reports in XML.

    hijackthis.log

    startuplist.txt

    0
  • Customer

    Thanks so much - I'm working on it ...

     

    What do I do when Reg Keys won't delete? I'm just using regedit - don't know anything else.

     

    I'll carry on and let you know the results, etc.

     

    Cheers - Thanu

    0
  • Support

    Hi Thanu,

     


    Let us use FRST to delete registry keys instead since it's much safer, and I'll be back in a few minutes with an instruction.

    0
  • Customer

    OK thank you. I also don't know how to:

    • Uninstall "PxMergeModule"

    I ran Kapersky's TDSSKiller - no threats detected.

     

    Could not find: C:\Users\windows7\AppData\Local\Temp\catchme.sys (if file could not be deleted - reboot the system and try again) Perhaps an anti-malware program got rid of it, but it's not there.

     

    I uninstalled Firefox and deleted all the Mozilla files in Roaming folder.

     

    Thanks & regards, Thanu

    0
  • Support

    Hi again,

     

    1. Please, uninstall "Java 7 Update 71" and, if you really need Java (most people don't), install the latest version and that is version 8 Update 25.

     

     

    2. I can see that you recently added these add-ons to Chrome:

    CHR Extension: (Yappy) - C:\Users\windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajjoinbmogfgencngmnnndkkciben [2014-11-09]

    CHR Extension: (Yappy App) - C:\Users\windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmlflomkeommgpkchoflehmbkfplaeha [2014-11-24]

    Are they responsible for the ads?

    I know some add-ons display ads and I can't find much information about this add-on. You have other Chrome Add-ons that are rather unknown and I can't be sure that they aren't displaying ads. I think I never have seen a log with so many Chrome add-ons and you should go through them and check if you really need them.

     

     

    3. Do you want to use a DNS server located in Germany while you are using an IP address in Thailand?

    I'm asking since there are fake DNS servers, that intercepts the communication and injects ads.

     

     

    4. Please, start Notepad.

    Copy all text that is in the box:


    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3916589451-2365975154-121726412-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-3916589451-2365975154-121726412-1000 -> No Name - {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
    FF Extension: No Name - C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [Not Found]
    FF Extension: No Name - C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\faststartff@gmail.com [Not Found]
    FF Extension: No Name - C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\VJKPXI46039420@JMZUIOB85844870.com [Not Found]
    FF Extension: No Name - C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.com [Not Found]
    FF Extension: No Name - C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\ae44639e-43f2-4cd1-aa80-39d5d2e18fa9@gmail.com [Not Found]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll No File
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2014-12-14] ()
    S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
    S3 catchme; \??\C:\Users\windows7\AppData\Local\Temp\catchme.sys [X]
    2014-12-14 11:59 - 2014-12-14 16:01 - 00000000 ____D () C:\Users\windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2014-12-14 11:37 - 2014-12-14 11:37 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
    Task: {3386B2D1-085F-4158-8D38-35E43F1DDA37} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
    Task: {9CE9268B-3C64-44DF-A111-86D66825956C} - System32\Tasks\{19C05706-913D-4BFE-9FD7-5457E677C030} => pcalua.exe -a C:\Users\windows7\Downloads\skype4pidgin-installer.exe -d C:\Users\windows7\Downloads
    Task: {B8C5EB78-4BCE-41BD-89AA-2EA303D8FA8B} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
    Task: {BBE73669-76E3-40CB-8065-2B3F578AC99B} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
    CHR Extension: (No Name) - C:\Users\windows7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2012-12-04]

    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your answer.

     

     

    5. Please, attach C:\ComboFix.txt.

    I hope that you're aware of that using ComboFix in the wrong way can destroy Windows.

     

     

    6. Catchme is a part of ComboFix and it will be removed when ComboFix is properly uninstalled.

     

     

    7. Do you see the ads both in Internet Explorer and in Chrome?

    0
  • Customer

    Hello and thanks so much.

     

    I deleted most of my Chrome extensions - I only had a couple enabled, but the rest were still there I guess - I trashed them.

     

    I can't uninstall ComboFix, and didn't know it was dangerous, no. There is only the .exe file which I click to run it, and no programs or control panel list it so that it can be uninstalled - so I can't do that - or don't know how to get rid of those reg. entries, either.

     

    What do you mean by this? 3. Do you want to use a DNS server located in Germany while you are using an IP address in Thailand?

    I'm asking since there are fake DNS servers, that intercepts the communication and injects ads.

     

    I am in Thailand and know nothing about the fake DNS servers - are you saying I'm using one? If so, how to stop doing that?

     

    I'll do the other items now as best I can.

     

    Thanks for advising on this as well, esp. the DNS issue, which I have no idea about.

     

    I suppose I should test what's been done already as well, right? Though I'm afraid that being served these ads and redirections makes things worse - I guess it doesn't, though.

     

    Best regards, Thanu

    ComboFix.txt

    0
  • Customer


    Thanks so much - I'm working on it ...

     

    What do I do when Reg Keys won't delete? I'm just using regedit - don't know anything else.

     

    I'll carry on and let you know the results, etc.

     

    Cheers - Thanu


     

    For registry keys modification and direct file access you can use this tool. To see Advanced options you can click on ">>>" button.

    0
  • Customer


    Hello and thanks so much.

     

    I deleted most of my Chrome extensions - I only had a couple enabled, but the rest were still there I guess - I trashed them.

     

    I can't uninstall ComboFix, and didn't know it was dangerous, no. There is only the .exe file which I click to run it, and no programs or control panel list it so that it can be uninstalled - so I can't do that - or don't know how to get rid of those reg. entries, either.

     

    What do you mean by this? 3. Do you want to use a DNS server located in Germany while you are using an IP address in Thailand?

    I'm asking since there are fake DNS servers, that intercepts the communication and injects ads.

     

    I am in Thailand and know nothing about the fake DNS servers - are you saying I'm using one? If so, how to stop doing that?

     

    I'll do the other items now as best I can.

     

    Thanks for advising on this as well, esp. the DNS issue, which I have no idea about.

     

    I suppose I should test what's been done already as well, right? Though I'm afraid that being served these ads and redirections makes things worse - I guess it doesn't, though.

     

    Best regards, Thanu


    If you want to delete Combofix please open Command line (Start->Run) and promt a string in a dialog box " combofix /uninstall ". And please don't forget to clear browser cache!!!

    0
  • Customer

    I tried to uninstall via command line; said not recognized.

     

    I normally don't use IE - I just tried surfing & coincidentally or not (?) when I allowed Adobe Flash to run the Traffstock Ad Wizard popped up and the redirect page opened - vktarget.ru.

     

    Don't know if that's a possible culprit or not.

     

    More soon.

    0
  • Customer

    Here's the FRST log file.

    Fixlog.txt

    0
  • Support

    3. I'm not sure about the DNS server, but usually people use the DNS server of their internet service provider.

    When you have run FRST, as I wrote in #4, you change the DNS servers like this: http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html
    In item #7 write down the current settings and then change to "Obtain DNS server...".

    To clear the DNS cache:
    Start menu - Accessories
    Right-click on Command Prompt and select "Run as administrator".
    Enter this command (end with Enter key): ipconfig /flushdns

    Restart the computer.

    Test the browsers.

    If you can't reach web pages, please change DNS servers again to the values you wrote down.

    0
  • Customer

    The problem is persisting despite doing almost all the above.

     

    I tried using the tool from Gmer.com, opened it, found the registry items, but didn't know how to delete them. No delete button, right click doesn't provide delete option, etc.

     

    Flushed the DNS and it still loads pages OK; still has the ads and redirect issues also.

     

    I hope you will have more suggestions after looking at my logfile report or something else.

     

    Seems like a tricky bug to get rid of. Thanks for your help again very much - Thanu

    0
  • Customer


    I tried to uninstall via command line; said not recognized.

     

    I normally don't use IE - I just tried surfing & coincidentally or not (?) when I allowed Adobe Flash to run the Traffstock Ad Wizard popped up and the redirect page opened - vktarget.ru.

     

    Don't know if that's a possible culprit or not.

     

    More soon.


     

    Please read tutorial "How to use ComboFix" here. In the end you will find instructions how do remove a program. Next time don't allow to run suspicious Popups or keep from suspicios sites. First of all suspicious site can contain malicious flash applet, and the second normal site can be infected and include hidden iframes with malicious scripts.

    About IE - you used Google Chrome and Firefox, please continue use them - just clear the cahce from the browsers. Maliciuos scripts could be stored in cache of your browser.

    0
  • Customer


    The problem is persisting despite doing almost all the above.

     

    I tried using the tool from Gmer.com, opened it, found the registry items, but didn't know how to delete them. No delete button, right click doesn't provide delete option, etc.

     

    Flushed the DNS and it still loads pages OK; still has the ads and redirect issues also.

     

    I hope you will have more suggestions after looking at my logfile report or something else.

     

    Seems like a tricky bug to get rid of. Thanks for your help again very much - Thanu


     

    1. Gmer can only modify values in registry. You can erase (or left empty string ) a value and click save button.

    2. Please clarify your problem.


    • Is this issue happens in all browsers?

    • Is it happens only on some sites or all websites?

    • How do you launch your browser? (From icon on a desktop, etc)

    • Does antivirus is on when you are surfing?

    • Do you allow to run some objects on a site?


    0
  • Support

    1. You can post the log from Gmer with your reply and you'll get more detailed instructions.

     

    2. Please, scan with FRST and attach the new FRST.txt.

     

    3. Run an online scan with Eset to get a second opinion (easiest with Internet Explorer): http://www.eset.com/onlinescan/
    To shorten the scanning time disable your antivirus program while scanning.

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats.

    Select:
    Scan Archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your answer.

    0
  • Customer

    Hello - It's now morning in Thailand. The problem occurs on all browsers on random sites. I've used my current installation of Windows several years now with no issues. I guess I allow Javascript - I didn't turn anything off. I launch browsers from taskbar shortcuts.

     

    I may have been infected with a Filezilla update - I saw others complaining about malware in this regard.

     

    For now, here's the Gmer report - I will carry on with ESET a bit later in hopes we can resolve this today.

     

    Thanks again for your kind assistance - Thanu

     

     

     

     

    gmer.log

    0
  • Support

    Good morning Thanu,

     

    But here in Europe it's very very late.

     

    1. Did you exit Chrome before running Gmer?

    If not, please do that, but I can't see anything that seems to be malicious in the Gmer log, but let us see if Artem can.

     

    2. Can you paste the link to the Filezilla update in your reply?

    But please remove "http" from it.

     

    3. Please, try to start the browsers from their own program folders instead, sometimes malware changes the shortcuts.

    C:\Program Files\Internet Explorer\iexplore

    C:\Program FIles\Mozilla Firefox\firefox

     

    4. Do you have synchronization in Google Chrome or Firefox?

    If yes, the bad add-ons and/or settings can be restored.

     

    5. Is the DNS setting as you selected or has it been changed again?

     

    6. Do Ad-Aware or Malwarebytes Anti-Malware find anything during full scans?

     

     

    7. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Report button.
    A report will be displayed, copy its content and paste into your answer.
    If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[R0].txt.

    0
  • Customer

    Here are a few reports for now.

     

    I've been using IE the last hour and NO instance of problem / hijacker. Reckon it must be Chrome-related.

     

    I removed more extensions, leaving only one, LastPass, for the time being.

     

    No threats found by programs below.

     

    Closed Chrome this time for Gmer report.

     

    More later when Adaware finally finishes.

     

    Thanks again - Thanu

    gmer2-17Dec.log

    MBAM17Dec-1.txt

    AdwCleanerR13.txt

    0
  • Customer

    Hi Thanu and all the wizards here,

     

    First, let me ask you, Thanu; are you using ToT as your ISP?

     

    I'm a retired computer-engineer living in Thailand, and I've recently experienced the exact same trouble with vktarget.ru. Using all my skills to crack this Russian nut, I couldn't and still can't escape this, and are still in the same frustrating situation as you are in (even my smartphone are affected). But, it is my opinion, that it is the ISP (ToT) that has been infected, and here's how I came to that conclusion:

     

    1. Scanning with Ad-Aware and Spybot didn't come up with anything.

     

    2. Adding vktarget.ru (and all the redirections) to my hosts file, pointing them to local-host (127.0.0.1) did fix most of the redirections, but of cause not the ones with random subdomains (as hosts doesn't support wildcards).

     

    3. My DSL-router had my main DNS altered from the usual ToT (8.8.8.8) to a German GHOSTnet DNS-server (94.249.192.184). I suspected the router to be hacked, but I could change it back to 8.8.8.8, yet the problem persisted, which was the main tip pointing to ToT being infected.

     

    Then also noticed that vktarget.ru was gone if I used a VPN on the PC, or used my mobile ISP (TrueMove H) instead of WiFi on my smartphone, hence my conclusion.

     

    My skills are rusty, and I might be wrong - and I'd appreciate to be corrected by any of the wizards here.

     

    /Loke

    0
  • Customer

    Hi Loke - Great to see others joining in, though of course sorry to see you're likewise afflicted by this annoying pestilence.

     

    Now, is my ISP TOT? Yes - and No. It was when the problem started a few days ago, but it is not now. For unrelated reasons (speed), I just switched to 3BB up here in northeast Thailand.

     

    And so it seems the situation gets curiouser and curiouser – and we may come to a definitive verification of your hypotheses before too long, seeing as I don’t plan on plugging my TOT router back in anytime soon.

     

    But I haven’t been surfing much since I switched this morning, and so cannot give you any feedback yet. But I plan to start doing so shortly, and then we can continue this, and see what pops out.

     

    But wouldn’t many more folks here in Thailand be afflicted with this? Why aren’t we hearing more about this nasty hijacker?

     

    I must say I was very surprised when the Mod here mentioned Germany showing up as my DNS, but if what you say is true, then we’re – you’re – definitely on to something.

     

    I’ll post more soon – and hope my problem begins to fade away!

     

    And why haven’t you changed ISPs yet?

     

    - Thanu

    0
  • Customer

    I have a winter-residence on Koh Chang, and unfortunately here we are all stucked with ToT, while eagerly waiting for AirNet rolling their fiber out village by village. In Khon Kaen, where I do reside in the summer-months, there I'm using 3BB as well. Why not many have complained; well, not many foreigners are using ToT in Thailand - of reasons that are obvious (throttling international traffic being not the only but the main reason). This problem is quite new (14+ days), and last but not least; I guess most people have become somewhat used to having pop-ups interfere with their browsing, and the Adblock plus plug-in can get rid of many pop-ups, also vktarget.ru (if point'n'clicking on those manually).

    0
  • Customer

    FWIW, here's my full Adaware report. Again ZERO infections - no more threats or infections found by any of the major anti-malware programs, supporting Loke's theory above. (Changed extension so I could upload it.)

    Ad-Aware_Report_Full_Manual_2014-12-17T13-15-06.532670.txt

    0
  • Customer

    Good answers, though I don't get this: the Adblock plus plug-in can get rid of many pop-ups, also vktarget.ru (if point'n'clicking on those manually).

     

    What does it mean? You must click on them with AdBlock enabled to make them go away?

     

    Anyway, it's only been 15 minutes, but I'm hoping ... nothing yet.

     

    Will update you all in a bit.

     

    Hopefully, searchers can now find this topic if they use the terms I put in to the thread title - but I don't want to rush things and be disappointed.

     

    Thanu

    0
  • Customer

    If you click on ABP and then choose "Block element" then you click on the pop-up, and ABP will start blocking it.

    0
  • Customer

    I see - That's the Pro/paid version, I take it - you use it? Recommend it?

     

    Well, after surfing more and checking with my wife on her tablet, it appears that we are no longer a victim to the TOT's nasty Vktarget.ru browser hijacker, if that's what you call it - malware at any rate. This is a real discgrace and black mark on the Telephone Organization of Thailand it seems - not that they particularly care.

     

    Great to have you hear helping Loke and I hope you don't have to put up with them much longer - but should we do anything to get the word out? Post on ThaiVisa or something? I'm sure most people won't make it here to LavaSoft, unfortunately.

     

    And I do want to thank CeciliaB and LS Artem kindly for their donated technical skills - it's very upsetting and frustrating when problems like this distract us from work and the enjoyment of life.

     

    Now, knock on bamboo and be careful ... Cheers, Thanu

     

    PS: Are you doing any computer work, Loke? I am a writer, website promoter, and anthropologist in Udon-Nong Khai. Just curious. Sounds like you've got things made, other than this TOT fiasco.

    0
  • Customer

    Hi All,

    I, too, live in Thailand (central Bangkok) and have been annoyed to the core by this virus/hijacker. I noticed it about 2 weeks ago and have been applying my novice skills and getting nowhere!!!!

     

    When my wife's iphone & work laptop started showing the same Traffstock / cartoon-porn popups (at home only, thankfully!!!), i spent a sleepless night trying to get to the bottom of it - i suspected it was the router, since multiple machines, platforms were getting the popups, etc.

    i look forward to following this string and helping in whatever way I can!

     

    Thanks

    0
  • Customer

    PS - I have TOT as my ISP

    0
  • Customer

    Hello!

    Thank you guys for clarifying the situation. Because it was looking like we are catching the ghosts here

    So we can suspect that we have a deal with :


    1. Infected router
    2. Infected ISP
    3. Poisoned DNS
    4. Some harmful extension was installed in browser and was synchronized among other PCs (Chrome, FF, Opera).


    So you can try to:


    • Use another DNS as main (for example 8.8.8.8)

    • Try to web surf using Mobile Internet or another ISP

    • Launch your browser in safemode

    • Check launch parameters in all browser icons


    0
  • Support

    Hi all,

     

    I agree with Artem.

     

    It might be that someone has hacked into your routers, those of you have one, and you should start with checking if your router manufacturer has developed a new firmware (software inside the router) on the web site of that manufacturer. If you find a new version, please install it into the router, and if not, reinstall the current version if possible, since installing firmware version usually resets the router to the original settings. After that you need to go to the router configuration by entering its IP address, e.g. 192.168.0.1, in the browsers address field, and changing its login password to something else and make sure that remote login, that's being able to change its configuration from the internet, is turned off. Login password is the password you use in the browser and not the encryption key for its wireless connection (which should be configured as well).

     

    There are malware that from a computer logs in to the router and changes its settings. It's also possible that your router has vulnerabilities and can be exploited from the internet, and if there isn't a new firmware version that fixes the vulnerability you have to buy a new router to be sure nobody can hack into it.

     

    We recently had an outbreak of router hacking here in Sweden, since someone found that the ISP, which had sold the routers, had its own login with a very weak password that was used for doing remote reconfigurations. It got rather big in the news and the iSP had to to release a new firmware version within a few days.

     

    If you aren't sure that your router is safe, it's important that all computers and smartphones are set to use fixed DNS servers instead of automatic configuration. You can set them to use Googles, 8.8.8.8 and 8.8.4.4, or OpenDNS, 208.67.222.222 and 208.67.220.220.

    http://www.opendns.com/

     

    Please, tell us if these DNS server reconfigurations are enough. If not, the computer might be infected.

    0

Please sign in to leave a comment.