Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[gcabaltica]

Running an  DIR685 w/XP SP3 32-bit Desktop connected via LAN (Primary), and two rarely WAN connected Win7Ult 64-bit Netbooks

Here is the sequence of events:

1. Got this 685 a few months back.
2. Immediately dropped a 500gb in it.
3. Suddenly, Comodo IS shows network activity like there's no tomorrow.
4. My ISP has turned me off "for spamming activity departing my IP address
5. Ran Microsoft Sec Essentials, Comodo IS, and Malwarebytes scans . . .nothing!
6. Reconnected the network cable to the 685.
7. ISP shut me off again! "Spamming Activity from IP Address"
8. Ran ESET online scan which Identified the Rootkit.Bubnix and an infected sys file (hglvxu.sys) in my windows\system32\drivers folder
9. Must have alerted it to the rest of the system cause Malwarebytes all the sudden found it too . . .but could not delete it!
10. Finally used Hirens Boot CD and deleted the Infected hglvxu.SYS!
11. Now, while running a Panda Advanced Online Scan V2.0, Comodo flags something in my c:\system volume information\restore calling it emailworm.w32.jolee.

MY ISP has a 3-strike Rule and will not re-activate an account thereafter. All of this started when I Got this 685 with a Hard Drive! PLEASE HELP!!

[ph0enix]

On default the D-Link Dir-685 Wireless Security is off, should
SETUP> Wireless Setup> Manual Wireless Connection Setup> Security Mode (Select Enable WPA2 only Wireless security)

Cipher type: AES
PSK/EAP:PSK
Network Key: Enter your own......

Also change default Admin Passwordfor the router Router
TOOLS> Admin>

The router is not for blame for this, the HDD you have placed in would be fully wiped clean to use EXT3 file structure (Linux Base). There is no way it could auto-run or inject other computers. Just that your system is infected to begin with........

Recommend a full system wipe, this would avoid anything hiding in the background.