FIOS Router Virus problem
For the last year or so we've had all sorts of computer problems.
A redirect virus that affected search engines every time we clicked on a search result we got redirected to another page
the Control C copy function stopped working
A few web pages we couldn't get to (Kodak pictures was one)
Every now and them for no reason web page loading got extremely slow
Sometimes while reading one page the computer would spontaneously jump to some random page
I've re-imaged my computer, tried 3 antivirus programs, 2 spy ware programs, 2 computer "cleaners", and still we had the same problems!
Then I discovered the redirect problem also occurred on my IPhone, but only when I used the FIOS wireless connection at home. This indicated it wasn't a problem with my computer but with the Verizon FIOS Router.
Sure enough I got a new router from Verizon yesterday and all the problems are gone.
So be on the look out for a virus if you have a broadband router.
Solved! Go to Solution.
It sounds like someone or something messed with your router (DNS settings?) before Verizon reset the router passwords this summer to something a bit harder. A factory reset of the router would have solved that, since it's rather hard to infect a router without having the code it was built with available. What code there is out there for building firmware for the FiOS router is quite limited and won't flash onto it. Considering at the time the FiOS routers had one of four possible passwords if a user didn't change it, I imagine it wouldn't be too hard for a piece of software to do this. I saw similar behavior in the past with people running Linksys routers, for example and not being able to visit some websites such as Microsoft Update. A piece of malware installed on a PC used a default password and pushed some settings to their router. I took care of that by factory resetting the router, updating the firmware and setting some rediculously long password on it.
As soon as we installed FIOS and hooked up our laptop, it started shutting down, giving error codes, windows restore failed to work, and now won't even start up at all. I've talked to 3 different computer repair shops and they all said it was the FIOS router virus. All you have to do is a simple search and you see all the people posting problems with FIOS router virus. I called Verizon FIOS and spoke to technical service and they told me they never heard of this, and assured me it was not their problem and they were not the cause. I now have a melted hard drive in a laptop only two years old, and lost all the pictures of our daughter from 6 months old to 18 months old. Thanks Verizon - we'll be cancelling service now.
Router "viruses" don't melt down hard disks. There's a lot of things to consider and if the computer shops are saying a newly supplied router from Verizon broke your PC, they are not a true computer shop. I fix computers all the time both as a hobby and as a job, and also deal with servers in a datacenter and the worst I have ever seen for a virus exploiting a home router left at FACTORY settings was a changed DNS server preventing Windows Update from working or a machine set up to run with a botnet. I've never seen a hard drive failure caused from such nonsense.
I've seen plenty of new machines have failed disk drives due to a defect in the drive or due to the machine being dropped constantly, and I have also seen new machines suffer from overheating issues from day one needing some surgery to fix. It happens, and that's why you take backups of backups of files. I'm working on a Netbook right now for someone and the netbook will not even detect the drive, but I can boot it through a USB Drive or PXE boot. I'm investigating whether the drive is the problem or if it's something deeper and more expensive to repair. Recently I also worked on a netbook that also had a bad keyboard AND Power Supply which both stopped working after the month-long warranty ran out for the machine. They don't build laptops as they used to.
With all due respect ... you folks need to find better computer repair shops because the have their head up their ... well, let's just say they don't know what they're talking about.
There is no "FiOS Router Virus" ... what there is are infected computers on your home network which did two things:
- Installed a search engine redirect virus on your system. These are notoriusly difficult to remove and even some of the best tools such as Malwarebytes can't deal with them effectively. In addition, these redirect Malware often change the DNS settings on the local system to use Malware infected machines to redirect you to bad sites (there was an article recently on CNN and elsewhere titled something about large numbers of computers set to "fail" in early may due to a DNS redirection infection that hasn't been properly remediated on a number of machines).
- Leveraged a poor security practice on the part of Verizon (initially) and subsequently by users to reprogram the settings on the FiOS router to have it give out and use DNS addresses associated with a compromised DNS server which directed requests to Malware sites, etc.
The latter relates to the fact that Verizon initially had the practice of setting the "admin" password for the routers to "admin"/"admin" or "admin"/"admin1" or osme other combination of easily guessable values. Malware knowing this common practice, would interface with the devices (which are almost always at 192.168.1.1 or the default router off the network) and simply reprogrammed the settings.
The fix for the redirect virus is to use a good set of disinfection tools and online guides to remve the reidrect (there are several detailed instruction sets online, but it varies by infection type) or get a reputable computer repair person to help you (or completely rebuild the machine -- although that's a bit drastic).
The fix for the router is to simply "reset" it by holding the reset switch on the back of the router for 30 seconds which will cause it to default back to the proper settings -- and then to login into the router immediate from an uninfected machine and change the router userid/password to a suitably complex combination (and no, a userid of "admin" and a password of "admin" is not secure) and then to not access it from any potentially infected machine which may be able to keylog the new password information.
Verizon has since stopped using the admin/admin process and now uses a password associated with the serial number of the router (something they can readily find in their database but which can't be obtained other than via physical inspection by the customer). In fact, there are several threads on the forums when Verizon made the switch and found any routers which had bad settings and changed the userid/password for the user to prevent this DNS redirection attack from occurring.
As a point of clarification, the router redirection attack is not a "virus" in and of itself. It is the result of an attack by a virus/malware on a local machine. So calling it a Fios Router Virus -- which would imply the firmware was somehow altered on the router -- is not correct.
Boot in safe mode with networking. Get a copy of IE RKILL. install and run it. Download and install Malwarebytes run it. Do both in safe mode before rebooting. If you can not get both programs, get them on a disc from a known CLEAN machine and run the install from the disc. If Malwarebytes will launch you may not need RKILL. But if you are getting errors and redirects and false information that your machine is is infected, you might need that program. I have seen a run of these issues lately. Someone telling you your router is infected and infected your harddrive, or caused it to go bad, is just selling you a bill of goods. Unless your router is Microsoft Internet Connection Sharing.Has anything asked you for a credit card number?
Avast Anti Virus Free Version Or Microsoft Security Essentials BOTH FREE.
Oh yea. If your machine is protected, it can stll get infected if you are not running Vista or Windows 7 with User Account Control. Some sites may be infected and load malware and or viruses that can bypass your protection without you knowing it. That is why UAC asks if you wan't to let these changes be made. I also run a program called Spybot Search and Destroy from Safer Networking. It has a resident program called TeaTimer.exe that will watch for changes on your machine, and do the same thing as UAC. MS added UAC in Vista and all people did were complain or disable it. I think it is one of the most important features. I want to know when changes to my OS are being made,
All these programs have free versions that I use.
Read some of these solutions before you unload your money on someone that says a router is your problem. RKILL
Choose Free Version. Malwarebytes
What the OP describes sounds like a rootkit to me. Rootkits are not viruses per se, but instead are something much different.
A rootkit modifies the Master Boot Record (MBR) on your boot drive. The MBR is not accessible from a running system unless you have special disk repair software. A rootkit causes separate code to be loaded into your system before the OS loads. Thismeans the system is totally unaware of the rootkit code. The rootkit also installs some different links in your OS so that when you do something like a web searc the code links to the rootkit code first.
Because rootkits are invisible to running software they are very difficult to identify and fix. Just determining that a rootkit is installed is hard to do. Several years ago Sony included a rootkit on a number of it's music CD's. This rootkit prevented anyone who ever played one of the CD's from copying any of the songs from it to another place. Ultimately Sony was sued in a class-action lawsuit and was ordered to release code to remove the rootkit from infected systems.
The best rootkit fixer I've come across is called ComboFix. It is a very scary program and takes a long time to run. But it does seem to find and fix even the worst rootkits. Just Google ComboFix and read about it first. If you need it the best approach is to download and run it; just sit back and wait while it goes through all its tests. It reboots your system a few times and generates many cryptic messages (along with a huge log file.) When it finishes your system should be clean.
Love ComboFix. Just need to be careful with it under cirtain settings but it is very powerful. Failing that, if the OS doesn't even boot or for safe measure I usually have a bootable BartPE disk or a Linux disk handy to further disinfect the drive.