2

I'm using d-link 2600U router (updated to latest firmware). My router's DNS setting keep changing and my browser redirects to adult websites and fake ads.

I scanned my computer with this softwares:
- BitDefender anti virus free
- Hitman Pro
- Kaspersky tdsskiller
- windows defender

Also scanned my mobile phone with bitdefender mobile security free
None of this softwares found any malware.

I tried factory resetting router, changed my router's password, default ip, disabled Upnp, but the problem isn't solved.

Can it be a problem with my ISP? or my PC is infected?
What should I do next?

UPDATE:
I tested the router on another computer. Problem is still there! So there is something wrong with the router. Can a router be infected with malwares?

Behnam Maboudi
  • 123
  • 4
  • 2
    Try computer on another network and try another device in your home network. If problem is your computer, format and reinstall. If it's your modem, trash it and replace. – Neil Smithline Mar 26 '16 at 05:22
  • "My router's DNS setting keeps changing" if that's true, then it has nothing to do with your computer. Can you confirm that the router's settings are changing? – schroeder Mar 27 '16 at 01:47
  • @schroeder♦Yes , i can confirm it. DNS configuration in windows is correct. So if it isn't my computer , what is the cause of the problem? –  Mar 27 '16 at 12:05
  • @GPX The other's comments of "replace your router" seem correct. If nothing else, borrow or use another router temporarily to confirm. – schroeder Mar 27 '16 at 13:47
  • @schroeder♦ but why my router act like this? Is it infected with a virus? Or maybe problem is from ISP? –  Mar 27 '16 at 14:55
  • p.s. Thanks for editing my question , it's better now :) –  Mar 27 '16 at 15:07
  • https://blog.malwarebytes.org/online-security/2014/04/sality-malware-now-features-dns-changer/ – DavidPostill Mar 27 '16 at 18:57
  • https://news.drweb.com/show/?i=4271&lng=en – DavidPostill Mar 27 '16 at 18:58
  • 1
    Yes, [routers can definitely be infected with Malware](http://superuser.com/questions/923825/how-can-malware-affect-a-router). – davidgo Mar 28 '16 at 04:20

2 Answers2

4

How you should approach the problem:

  1. Try to check with another PC and see if it happens again.

If it happens again then is a router problem and not a PC problem if not your pc is infected (it could be a zero day and all your antiviruses can't figure out) you should format and reinstall.

  1. If it's a router try first changing the password of Wi-Fi and of the management system.

Maybe someone is playing with you ;)

  1. If it still happen again (warning paranoia enabled) are you sure someone doesn't perform a MITM on you network at Wi-Fi/router level?

  2. Is your network straight from the ISP? if not unplug any other router on the network isolate this one and monitor activity.

  3. Try replacing the router. Sorry mate.

  4. If all this then me ... no ideea ... then that in my case a while ago someone tried a MITM on my network on the ethernet cable (Physical laptop)

Nitescu Lucian
  • 176
  • 1
  • 2
  • 13
  • 1- I will try it 2- i have done this thousand time! :) 3- i don't think so 4- yes my network is isolated already 5- :( Thank you for help. I will try this steps and tell you the results later. –  Mar 26 '16 at 10:10
  • Feel free to share your experience with me! –  Mar 26 '16 at 19:27
0

Try ccleaner and reg clean function in it. It is simple but effective.

bantandor
  • 111
  • 4
  • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - [From Review](/review/low-quality-posts/72474) – Benoit Esnard Mar 26 '16 at 10:59
  • 1
    Actually this is not a comment, it is an answer including the solution for the question. The answer is not supposed to be long to be called an answer. – bantandor Mar 26 '16 at 13:39
  • 1
    No there are supposed to be straight to the point while answerer. As you may know ccleaner is a good tool but for this problem it is not an option. Ccleaner is not for routers in the first place and in case of a virus it will not be of help anyway :) –  Mar 26 '16 at 21:51
  • You can not tell that the problem is the router (by the way it may be). I think there is a problem in the registry and ccleaner does the work. – bantandor Mar 28 '16 at 06:53