I think there is a virus in my router or cable modem

[Big-Smoot[H]]

So I have had some ongoing worm on my personal laptop that tries to reroute IE or firefox to various crap websites if you incorrectly type in a web address. I did a TON of clean up with various spyware removal software, and I think I have killed 99% of the problem. Eventually I will backup all my important info and reformat my laptop. Now here is where it gets interesting...

I connected my work laptop to my home wireless network, to get some work done. I never ever would go to an inappropriate website with a work laptop. Somehow my work laptop was infected with the same virus. I didnt realize it was infected until at work my laptop was trying to go to the other sites instead of the company intranet page. I had to have the IT guys image my machine and essentially got chewed out by the IT director about inappropriate use. With the way everything happened I thought maybe I picked up the worm at a starbucks or paneras where I usually connect when I visit my girlfriend.

A few months later my father connected his work laptop on my home network when I was gone one weekend. The following Monday at work his laptop had the exact same problem. All of a sudden, the pieces of the puzzle all came together at the same time. My router or cable is the only common component of all 3 machines getting infected.

Here is what I think is most likely. My personal laptop is pretty much an unsecured wireless network slut. It is has connected at free wifi spots from Philadelphia to Richmond . Somewhere my laptop picked up this worm, which was spread to my home router. Now any other machines that connects to my home network gets infected.

Any advice for moving forward is appreciated.

-Smooth

 

[XOR != OR]

What's the make/model of the router? Cable modem?

Also, what are your browsing habits? The only common denominator is not just the upstream equipment; It's your house and it's users. I know you don't think it's your browsing habits, but if I had to choose between a router aware virus and your browsing habits, which makes more sense?

 

[mnewxcv]

like father like son if ya know what i mean.

 

[XOR != OR]

like father like son if ya know what i mean.

Well yes, I was trying to be delicate.

 

[Spartacus]

Some time ago I read an article about malware that attempted to use default passwords to login to home routers and reprogram the DNS to point to rogue DNS servers. Once they can direct your machine to bad sites, they can further infect your machine.

That's the only way I can think of that your router could be compromised.

Verify the DNS on the router and reset the password.

Do full virus/spyware sweeps with different scanners.

 

[Big-Smoot[H]]

Some time ago I read an article about malware that attempted to use default passwords to login to home routers and reprogram the DNS to point to rogue DNS servers. Once they can direct your machine to bad sites, they can further infect your machine.

That's the only way I can think of that your router could be compromised.

Verify the DNS on the router and reset the password.

Do full virus/spyware sweeps with different scanners.

Well I'm pretty sure the primary and secondary DNS listed in my router are hijacked. I called comcast support ask what the correct DNS is for my county. She first told me that she couldn't support router issues, and that I needed to call the manufacture. Once I clarified that all I needed was the correct DNS number for the county I am in, she said ohhhh okay and gave me the telephone number for the local comcast branch, thinking that was the DNS number. After waiting for 20 minutes to get that out of her I am now out of time for lunch and will continue with this when I get home from work.

p.s. my prim & sec DNS are currently 85.255.114.99 & 85.255.112.229

 

[Met-AL]

Use the DNS servers from OpenDNS.

www.opendns.com


208.67.222.222
208.67.220.220

It's free, it's safer, and it often is faster.

 

[Eickst]

It's unlikely that your wireless router got infected. What's more likely, is that you have a virus on your home machine/laptop, and IT infects other machines when they come on the network. Having an infected machine on a LAN is a sure fire fast way to get other machines on the same LAN infected.

I highly doubt that your windows virus infected a proprietary OS or even linux based wireless router.


And I'll bet that these work laptops had Symantec AV on them instead of something that works.

 

[Spartacus]

It's unlikely that your wireless router got infected. What's more likely, is that you have a virus on your home machine/laptop, and IT infects other machines when they come on the network. Having an infected machine on a LAN is a sure fire fast way to get other machines on the same LAN infected.

I highly doubt that your windows virus infected a proprietary OS or even linux based wireless router.


And I'll bet that these work laptops had Symantec AV on them instead of something that works.

I agree that it's not likely that the router is "infected", but it doesn't need to be infected.
All the bad guys need to do is set their own DNS in the router to cause you problems.

Read here:

http://www.infoworld.com/article/07/02/15/HNdrivebywebattack_1.html

The bad guys are getting very creative these days. Even cell phones have been targeted.

A hacked router is maybe not likely, but certainly possible.

 

[ntba]

From the way you explain it, it seems to pas the "virus" through the LAN from the first infected PC. Look through your shared folders to see if there are any suspicious files haging out in there and then turn off file and printer sharing or even turn that computer off while conectiing a new computer and see if it infects it then