Virus in DSL Modem

[Guest]

[chappy846]

I think I have a virus ,trojan  controlling my PC  Dell OS Vista Home Premium SP2Dual Core 2.40Ghz each 283 HHD lots of memory . my computer has remained infected  after clean installs .No spyware ever caught a clue , re; the bot ,virus ,Etc,. searched the web for possibility of infections in BIOS, and DSL modems . The modems made more sense than a BIOS . There are worms trojans that target modems . Any help on this ? Chappy846

[Ronny]

Hi chappy846,

Can you first explain what the problem is and why you think it's a virus?
It's a bit hard to understand what's going on on your system(s)...

[chappy846]

Early on when i first found out I had a virus,bug of some kind , I did a clean install and , the virus , bug seemed to have been taken care of .Things went along and I began to notice that wierd things happened , one was as I clicked on the spyware button to load it , a momentary flash of the command screen would appear. It was so fast that if I blinked ,I may not have seen it. The cursor would tremble as I clicked on some files and not on others .

I ran several High Jack this scans as welll as others , I bgan  to see iyems that had been deleted were back on the next scan .

I just purchased another pc , this one .  Purchased at a good discount but still boxed ,no dust inside .when I got all the needed stuff done , plugged into DSL modem ,went on the net .when the first connection was made ,familliar things happened ,the same kind of things happened with the old PC.

 I  thought at the time thats weird . I went on with doing the web thing setting up browsers reinstalling programs used before.  I did not transfer anything from thr old computer at that time .

Then the same old things began to occur as  with the old PC . I knew it should not be possible for thiis to be . . On the web i searched for and found items related to problem . I am beginning to repest my self

Would you if possible ask me direct questions ,it would be easier  for me to reply . I am alittle old and slowiing down in thought processes.  Any thing you or others could do to lead me out of this pickle would help a lot . Chappy846
 

[Ronny]

We can ask direct questions but therefor we needed a little background information.
Based on your story I think there are two options.

One a rootkit on the system or two your Modem/Routers DNS servers are changed and you might not be browsing to what seems legit.
For rootkit detections can you please run the following tools to see if they detect anything?

TDSS Killer
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

HitmanPro
http://www.surfright.nl/en/downloads/

Both free.
for your DNS settings, can you open a command-box (Start -> Run -> cmd  (Press ENTER)).
And then type

ipconfig /all

Please send me a PM with the output, it might contain information not to be exposed in the public here.

[chappy846]

sorry to be so obtuse , how do i message you ?

[Ronny]

sorry to be so obtuse , how do i message you ?

If you click on my name there is an option on the left below Actions "Send Personal Message".

[chappy846]

here is attachments as per request . the Kaspersky report was too big to sent this is a synopsys in stead


============================================================
07:57:21.0299 3764   Detected object count: 0
07:57:21.0299 3764   Actual detected object count: 0

no hitman attacment? I will do i it again TU Chappy846

[Chiron]

If you like you can also follow the advice I give in How to Know If Your Computer Is Infected.

It's a little more work, but I think it's worth it.

[chappy846]

I did all that . Killswitch gave everything a safe designation the other two were the same , no malware on pC.I think the bug is in the DSL modem .no scans of any type find nothing but tracking cookies on the PC

That left the BIOS , too much for my knowledge to try .

I web searched virus on DSL modems and got hits .About 4 years ago a new type of virus was hacking modems . It had to be a certain type of software on the modem to allow virus to take over . I went to my service provider and talked to them r; subject . They were kind enough to check operation of the modem .when all was over , the said thay are sending me a new modem ,and please return the old one .
No reasons given just replace modem . So I don't know for  sure if it was infected or not

I am hoping that without the support of the control in the modem , the virus on the PC can be deleted. ..

Thamks for the heads up  chappy5718

[Chiron]

So just to be clear, there were not even any unknown files on the computer after following the methods I describe in my article?

[chappy846]

When the new modem is installed I will have to scan, with CISPRO, PC..I don't think the virus,bug will go away on its own. Thanks again                   

[5718Dewey]

I still dont have new modem as yet . BUT! with the new settings on old modem I was able to run cce . There were 15 threats that were taken care of . The system , Comodo works as long as it has proper acess to computer . I thank all of you for putting up with me .
I don't trust the download that came with tdsskiller , it came with malware . I will scan with cis pro later just to see whathappens there Thanks again 5718Dewey

[Chiron]

I don't trust the download that came with tdsskiller , it came with malware .

What do you mean? What makes you think that there was malware with the download?

[chappy846]

It showed up on the cce scan as crried a virus .Google the tdsskiller and you will see some posts re; same. By the way you may mark my part in this as solved. I rcvd a new modem snd bought a new computer . Thanks for all your help.

Chappy846

[Ronny]

It showed up on the cce scan as crried a virus .Google the tdsskiller and you will see some posts re; same. By the way you may mark my part in this as solved. I rcvd a new modem snd bought a new computer . Thanks for all your help.

Chappy846

Well I'm willing to bet that was a so called False Positive, Comodo Flags TDSSKiller every new release because of the behaviors it has.
I keep reporting them as FP... unless you downloaded it from somewhere else I wouldn't be to afraid about that.
Probably rescanning now will no longer flag it.

[Tags:]