Windows Phone and router viruses: A rarely told story

Difficulty level: Medium-High (Problem distancing), Very High (Full fix). — Dialogue level: Medium, many terms are explained.

So you’re browsing on your phone one day, and suddenly you see your Internet Explorer / Edge / Opera / UCBrowser constantly redirect to a bunch of hookus virus-filled ads? And then you look up “windows phone virus” on Google only to see the Windows Phone technicians high up on their horses, stating that viruses on the phone is impossible? Well, they’re technically right, but you still got yourself a pretty nasty virus even then.

Because, you see, that means the by far most likely scenario, is that you’ve got a virus on the router itself. If that happens, you’re in some deep trouble, but I’ll guide you through my own experience of what has been treated as a hush-hush topic by Windows Phone fans and slightly-out-of-date router experts.

Take a look around on your house’s other units, and see if they get at least some pop-ups on occasions. Remember that if they claim to have encountered zero problems, browse around for a minute or two on HTTP sites and see if anything pops up then. Sites that begin with HTTPS are usually much more ad-proofed, but many smaller sites do not have such a protection.

If you are able to log onto your router settings, check for some seriously important signs. First off, is your DNS numbers. They determine which server that your router will connect to, in order to transform IP addresses into viewable websites. Normally these numbers are determined by the internet provider. I do of course not have any full lists of which numbers that are legit and which ones that has been edited by a virus, but if it starts with 31.(…), then you have every reason in the world to panic.

In that case, you’ll need to try to insert your own DNS numbers. To do this, switch your DNS settings to “Static”, alternately “Do not auto-obtain”, and insert numbers from a largely trusted source. My preferred option is Norton ConnectSafe’s spam-protection numbers (no logon or purchase needed), which are 199.85.126.10 for primary and 199.85.127.10 for secondary. The secondary is usually optional.

If the problem disappears for a while, then we know what the problem is. If the problem returns after some hours or a day or so, log on to the router settings again and check if the DNS numbers have been changed back to the numbers that it had when all the popups appeared. If that has happened, you’re screwed and need to throw away your router immediately. No, really.

Trying to fix the router past this point will only lead to pain, and is likely to infect one or more computers as well. I decided to see what would happen if I connected my secondary laptop and my router to each other, and not to anything else, and then perform a router firmware upgrade. Through an effect of this that I am not fully sure about, my USB and SD ports were deactivated, and so were the Start menu, File Explorer and pretty much every Windows system function; except for the browsers, oddly enough. At this point, I had to do an OS reset with no files kept (This was on Windows 10. A Windows 7 or Vista PC would probably need a blank reformatting).

This whole ordeal happened to me with a pretty recent ASUS RT-N66U router, one of quite a few routers nowadays that run the ASUSWRT menus and system functions. For you see, with routers gaining more and more functions and more power, they are more or less functioning like a small PC on a very specific software. As you can predict, PCs can virtually always get viruses. Double so when there are zero known tools for removing viruses from a router. They have no antiviruses, and usually not even any file explorers! You need godly powers with the management functions (Command line skills will come in handy), which is unfortunately more than what I have.

This is a problem that could with high probability occur with many new routers, especially those with PC-like functions and menus and is not at all limited to ASUS. The concept of a full router takeover was proved as late as 2012 or so, but this is something that the technology world needs to treat and defeat, and hopefully pretty quickly.

There is also the problem that the factory reset functions on many routers and network units is actually, sorry for the language, downright pathetic. It doesn’t wipe the system files, and in at least one case involving a range extender (NETGEAR WN2000RPTv2), it just as well found the old settings for which network it was to connect to, making the factory reset function worthless, and in some cases it’s even a lie. It’s not a reset of anything else than the basic settings, and it’s not really close to how it was when it was fresh off the factory production mill.

The preferred solution? You could get a hold of your old router that you probably still have down in your basement, but then there is a reason why you bought that new router in the first place. Stay away from, from top-to-bottom priority order: 1) The brand of your infected router, 2) ASUSWRT, 3) Popular routers. The more obscure your router brand is, the higher is your chances to avoid viruses as of 24th of January 2016. ZyXEL sounded obscure enough for me, but take a look around for brands and see if you find a cheap replacement router with the functions you need, presumably a long Wi-Fi range, high Wi-Fi speeds (300 megabit on the 2.4GHz line is the lowest you could go; the 5GHz speeds are just a bonus), and probably also Gigabit Ethernet (Keep in mind that Fast Ethernet is not fast). Several new routers from several brands offer 3G sharing as well, despite that only ASUS are advertising with that function, so don’t follow the official bonus specs blindly on that point.

I really hope I have been of great help, and also hope to have shed some light on topics that are very rarely spoken of. Good luck fixing your problems!

Advertisements
Windows Phone and router viruses: A rarely told story

Write a reply...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s