Is my router bugged or something?

Viruses and worms
1

Hello everyone.

Since the creation of this thread: https://forum.avast.com/index.php?topic=192260.0
I started to keep my eyes open for the reason of the (possible) account compromise.

I forgot that the router can also be culprit, so I check using Avast and F-Secure Router Checker: https://campaigns.f-secure.com/router-checker/en_global/

The results:

  • Avast: Told me that the router have an medium problem, called EDB-ID-15666, and to fix it, I must either update the firmware, or change the router, but unfortunately, there’s no new firmware, and right now I can’t change the router.
  • F-Secure Router Checker: the website returns 2 different answers: check incomplete and no issues wrere found (just keep testing using the same website and both answers will come, and it keep changing a lot). I remember that in the past, when the check was incomplete, it would tell em that the country was from US (no, I’m not from US).

I will upload 3 pictures showing those problems.

Do you guys think that the router could be the culprit?
Also, any reccomedations for me to do right now?

Thank you.

PS: the router checker from the mbile version of the Avast doesn’t show any problem. Kinda strange…

2

EDB-ID-15666 > https://www.exploit-db.com/exploits/15666/

http://www.computerworld.com/article/2876292/dns-hijacking-flaw-affects-d-link-dsl-router-possibly-other-devices.html

3

Well, i saw both links here, and maybe that’s the reason of why the DNS keeps changing?
Well, I don’t think I have clicked on any suspisious links to activate the exploit, it it’s still possible.

EDIT: Since the router is probably the culprit, I will be changing the router today. But to prevent further problems, can you guys check if both my PC and tablet have any type of problems? (maybe the problem is inside of a device).

4

Hi Nori-chan,

You can check with two tools: http://nirsoft.net/utils/wireless_network_watcher.html
from Nir Sofer (all his Windows utilities here: http://www.nirsoft.net/utils/index.html)
and dhcp find here: https://www.symantec.com/connect/sites/default/files/dhcpfind.zip

Now you can detect what is on your router really like:
IP address - Device Name - MAC address - Network Adapter Company - Device Information - User Text

polonus

5

I didn’t run them, but the first tool looks like it checks what devices are connected (which is nice), but I’m the only person who uses this router, so that wouldn’t be so useful (I normally check in the router itselft for anything bad)

In a few hours, I will change my router to another one to see if that fix the issues.
I will also ask (if it’s possible) for someone to check the logs I will post here from my computer and tablet, just to check if the problem isn’t in the devices.

If I’m asking too much, I’m sorry for that, and I will just change my router.

At leats it took ~3 years for something bad to happen. Thank you Avast.

6

This IP tries to download various files and asks for permission, see: http://toolbar.netcraft.com/site_report?url=http://177.47.27.152
Netcraft risk rating 9 red out of 10
It is your avast protection, it is known as - sao85-002.ff.avast.com - but local time not given, as NaN/aN/aN aN:aN (undefined)
root avast dot com Rio de Janeiro.
The other one is a CLARO IP: http://toolbar.netcraft.com/site_report?url=189.7.50.22 known as bd073216.virtua.com.br -
that host appears down to me or cannot be scanned as protected.

With a configuration like that nothing to worry. You are behind avast and secure.

polonus

7

Thank you for telling me those information. It looks like that my router wasn’t the culprit.
I will still change to another router, since this one has some vulnerabilities.

So, the culprit must be one of those 3:

  • Laptop
  • Tablet
  • Phone (Android)

I think I will ask for help to check my devices here in this forums.
Should I create a new thread?

Also, thank you for the help.

8

Did you also perform this free scan here: http://iotscanner.bullguard.com/

polonus

9

Sorry, I haven’t tested it.
I will be away from home froa few days, so I can’1t test it now.
Here where am I, I tested on a router that Avast! doesn’t find anything wrong, it happens the same thing in the F-Secure website, as you said before, it must be normal.

Well then, I think I will make some testes on my devices to check if anything is wrong.

Thank you for the help!