Solved Popups in Chrome AND Steam AND Android! Router infected?

[AlienDave]

Is there some new variant of The Moon malware that affects Linksys routers? All the scans say my PC is clean, but the problems keep happening. And they're also happening on other PCs and Android tablets.

Popups are from codecpackplastic.eu, binarysystem4u.com, hstpnetwork.com, reduxmediia.com and others

 

[TwinHeadedEagle]

Try resetting your router.

 

[shodan]

Hi there,
I have been getting popups too, in chrome in steam browser and even on my phone !
And it started when I got here to spend the weekend at my parent's

I didn't suspect the router could get infected but that seems very plausible now !

The router in question is an ADSL2 modem SmartRG SR100. I am subscribed to acanac.ca DSL service and the modem came pre-configured by them.

Perhaps they have installed the ads injectors but I guess it is also possible they are doing it at the OS level.

 

[AlienDave]

Reset seems to have fixed it.
I would have thought powering off & on would be enough, but apparently not.

Shodan, check the manufacturer's website, or google the router name and malware.
I found that Linksys had a known malware risk, and they had instructions on how to fix it (which didn't include "reset" )

 

[shodan]

I did a full reset of the router. Return to manufacturer original configuration, not just reboot then I changed the passwords for the admin, support and user accounts then I disabled something called "TR-069 Client" which does remote configuration provisioning. Hopefully that will fix it.

The problem was that somehow an attacked replaced the DNS with compromised DNS which redirect to malware websites.