1

On checking recent web searches in my Tomato router log I found several from my computer that I did not make. I am on Windows 7 64-bit.

What could be the source of these searches?

Example searches:

Recent Web Searches      
Search Time                IP Address     Search Criteria
Tue May 19 2015, 21:47:52  192.168.1.123  info:vunpc.com
Tue May 19 2015, 21:48:45  192.168.1.123  info:weinisirenyulecheng8z.com
Tue May 19 2015, 21:49:16  192.168.1.123  info:whatareyoudoingtodo.com
Tue May 19 2015, 22:11:04  192.168.1.123  soul patrol american idol
Tue May 19 2015, 23:20:54  192.168.1.123  winter wolf snow plow
Tue May 19 2015, 23:58:21  192.168.1.123  Egypt Shark Attack Images
Tue May 19 2015, 23:58:32  192.168.1.123  Free Download Software Hp Deskjet F4185
Wed May 20 2015, 00:01:31  192.168.1.123  lsi clothing
Wed May 20 2015, 00:48:49  192.168.1.123  Netgear Wndr3700v2 Setup
Wed May 20 2015, 00:49:19  192.168.1.123  Job Description Of School Social Worker
Wed May 20 2015, 01:01:54  192.168.1.123  store site:freefoot.fr
Wed May 20 2015, 01:02:02  192.168.1.123  store site:librairiedialogues.fr
Wed May 20 2015, 01:02:19  192.168.1.123  store site:annonces-legales.fr
Wed May 20 2015, 01:02:42  192.168.1.123  store site:mooc-pole-emploi.fr
Wed May 20 2015, 01:03:16  192.168.1.123  store site:bcautoencheres.fr
Wed May 20 2015, 01:30:57  192.168.1.123  Jtc1 Collection Radio Frequency Identificatio...
Wed May 20 2015, 02:22:10  192.168.1.123  las cruces orthopedics
vilner
  • 13
  • 3

1 Answers1

3

Your system appears to be compromised with a spambot.

  • The activity your router is logging is indicative of a spambot running on your computer. These spambots post automated spam messages in various blog comment sections and forums to these sites in order to generate traffic and boost search engine rankings. The queries listed here are used to determine search engine rankings and performance of various spam online stores. (I've seen these kinds of requests on my server's logs, so I know what spam requests look like.)

  • You should consider using a program such as Malwarebytes Anti-Malware to find and remove the offending malware. MBAM is designed to detect and remove difficult-to-find malware, although a regular security suite such as Norton Security or Microsoft Security Essentials may also be able to remove the malware. (Note that on systems running Windows 8 or later, Windows Defender provides full malware protection.) See: How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

Community
  • 1
bwDraco
  • 45,747
  • 43
  • 165
  • 205
  • 1
    Thanks! Getting Malwarebytes now. Will come back after scan. – vilner May 20 '15 at 19:43
  • I already use MS Security Essentials and it has never reported anything. – vilner May 20 '15 at 19:52
  • Malwarebytes found 2 threats in files but nothing in memory: PUP.Optional.Conduit.A and PUP.Optional.OutBrowse. Have deleted these. No weird searches in the log in the past 14 hours ago so I will check back tomorrow and see if this had an effect, – vilner May 20 '15 at 20:33
  • Checked search log again and there is a new one... `Wed May 20 2015, 23:33:19 192.168.1.123 companion 5 bose`. Is it possible that another computer on the LAN is compromised and is using my computer's connection to make these searches and other evils? – vilner May 20 '15 at 20:44
  • I'd try running it on every system on the network. – bwDraco May 20 '15 at 20:48
  • Ok. Thanks for the advice, I will try that on Monday (and mark solved if it works). `Wed May 20 2015, 23:47:04 192.168.1.123 "User list" "Newest registered user" "Total n...` – vilner May 20 '15 at 20:57