Do you still have the problem ?
Yes, the problem is still there.
Essexboy,
I will try to use windows restore function, then check whether the issue is still there.
Do you think it helpful?
Thanks,
David
You will need to use a restore point at a time before the problems appeared. This seems very random as it should have blocked the AVP download if it was malware
Hi, Essexboy,
It turns out more weird now. One of my notebook is thinkpad, I restore it to factory default but the issue is still there.
I carefully turn other computers off during the test. Only two Ios devices are shown in attached device list of my router.
Any suggestion? I am exausted.
Thanks,
David
If the=is occured after a factory reset then all I can envisage it being is a router infection. Have you reset the router to defaults ?
I am sure that’s not a router infection now. I connected my factory default PC to ADSL modem directly and the issue is the same.
I am contacting my ISP. But I really don’t know how the access router can do this for a particular user. Previously days (w/o reset PC), I checked the log of router when I download, it seems normal.
Routers can be hijacked, whether you use a wireless or cable it will make no difference if it is infected…
One more question, I searched in internet and found there is one kind of malware as MBR rootkit. Can MBR rootkit be removed by restore my computer to factory default? Or I still need to run certain fix MBR software?
Thanks,
David
There are tools that can deal with MBR rootkit infections and restore the default MBR, one such tool is the avast aswMBR.exe.
These tools however should only be used under guidance from an experienced user (so beware) as incorrectly fixing the MBR could in certain cases convert your system into an expensive paperweight without a functioning MBR.
Whilst it may be possible to recover from this if it is your only system it will be extremely hard to access the internet get the help and tools/information/instructions to do it. So the use of these tools is not to be taken lightly.
Either aswMBR, Combofix or AVP tool would have reported any MBR infection - so I feel that you can assume your MBR to be safe. There is one other tool if you wish to try it
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.