The tp link modem got a virus. How to check your router for viruses and remove them
To protect yourself from the Trojan.Rbrute Trojan that attacks TP-link modems/routers, you need to follow a few simple conditions. The virus is spread by brute-force scanning of IP addresses in the nth range, after which the brute force method begins to guess the password. Almost all popular models of Tp-link routers are subject to attack. Making its way into the device settings, the Trojan changes the DNS addresses of the provider to the addresses of the attackers.
Your router is infected if:
When trying to log out any website, be it remont-sro.ru or the Gmail.com service, a download site for fake Google Chrome or other suspicious resources opens. Initially, the redirect only worked for user requests containing the words Facebook or Google, but now the Trojan responds to any of them. The indication on the modem remains the same, “Internet” lights up steadily, the computer shows that the connection is complete, authorization has been completed, but the Internet itself does not work, it only redirects to advertising and/or fake download pages
Point 1. Reset. Reconfiguring the modem
The instructions were prepared by Maria Korchagina, a specialist from the GTP TsOO
If you cannot access the modem settings via 192.168.1.1, then try doing it via the address 192.168.42.1
On this page the settings are indicated only for Internet service. To set up IP-TV and WI-FI, download the full manuals
Russian version - http://yadi.sk/d/JC6l6FPVRbU9P
English version - http://yadi.sk/d/j6Ly7bA4RbU8r
1. To properly reset the settings on the modem, hold down the button with a needle/paste/toothpick Reset in a small recess. Hold for 5 to 15 seconds until the indication on the device disappears. The lights should go out just like after a normal router reboot.
2. To configure, the modem should be connected with a cable to any LAN port; do not configure via a Wi-Fi connection.
3. Go through the Internet Explorer browser to the router interface at the address: 192.168.1.1. A dialog box will open. In the “Username” and “Password” fields, enter admin/admin respectively. The router's home page will open (see below)
On this page you will see what settings already exist:
4. Before you start setting up the router, you need to delete all previously created settings; to do this, go to the section “Interface settings” -> “Internet”, select “Virtual channel” - PVC0, at the bottom of the page click the “delete” button. We do this with each virtual channel (there are 8 in total).
As a result, this is what should happen (go to the section again "State"):
5. Now go to the section "Interface settings", then select a subsection "Internet"(see screenshot below). We specify the parameters as in the screenshot below (user and password: rtk), then save all the parameters by clicking the “Save” button.
This completes the setup for PPPoE mode.
Point 2. Changing the router login password
To change your password, go to the section "Device Operation", then "Administration", where the password for logging into the router is actually changed (come up with a complex password) (see screenshot below). Then press the button "Save"
Clause 2.5 List of passwords that are not recommended for entering the router
111111
12345
123456
12345678
abc123
admin
Administrator
password
qwerty
root
tadpassword
trustno1
consumer
dragon
gizmodo
iqrquksm
letmein
The virus already “knows” all these passwords and guessing the password will take 1 second. The password should not only consist of numbers or letters. Special characters (hashes, asterisks, percentages, quotation marks) and letters of different case (uppercase and lowercase) MUST be present. The larger and more varied the password, the longer it will take to “brute” it (if at all).
Protecting your Wifi network from hacker attacks using the example of a TP-Link router
This article was written to protect ordinary users from malicious attacks by hackers, who often use other people’s Internet in this way and steal other people’s data over the network.
It is assumed that the routeralready configured and the Internet is working.
Chapter 1. Protection.
1) On a device connected to a wifi network, for example on a PC or laptop, launch any browser and enter the following combination in the address line: 192.168.0.1
if it doesn't work, you can try 192.168.1.1
If everything is in order, the browser will ask for a login and password to log into the interface of your TP-Link Wifi router.
Enter login: admin
Password: admin
Thus, we log into the router through a browser to manage the router settings.
2) “Status” tab. We copy via a screenshot or simply copy the text information stored on this page somewhere in the archive on the PC, because it will help restore the Internet connection with your provider if it suddenly disappears after some manipulations.
3) “WPS” tab: WPS status is disabled.
Let me explain. WPS is a standard PIN code or password that is required ONLY when setting up the router for the first time. If the router is already configured (network name and password), then WPS is no longer needed and is a weak link in protecting the router from hacker attacks, since finding a PIN code consisting of numbers is much easier than an encrypted password.
4) “Wireless Mode” tab.
Setting up wireless mode
Set the name of your Wifi network (network name) → save (if you are happy with the already set name, you don’t have to change it)
Wireless protection.
We set the password encryption method and the password itself, or change them (optional) if the password is already configured and working. Typically, you should set the recommended settings. Your own password (the longer and with different symbols, the better - for example, in one password it is advisable to use the Latin alphabet, numbers, symbols!"№;%:?*() and the like). - Save. (the main thing is not to forget this password later)
*!ATTENTION! Before completing the next step, you need to have a minimal understanding of what a MAC address is and where to get it. On any device with any operating system (Windows, Android, Linux), determining the device’s own Mac address (PC, smartphone, tablet) is not at all difficult, Google will help, I’ll just add one more way: BEFORE filtering Mac addresses on Page for managing the router as in this manual, connect to your Wifi network using those devices whose MAC addresses you want to know. All of them will be displayed on the tab: DHCP - List of DHCP clients. So, let's continue:
MAC address filtering. Well, we have finally come to the very important steps to protect your Wifi network.
First, add the MAC addresses of your devices that are connected or periodically connect to your wifi network. Here it is important not to confuse anything, enter Mac addresses separated by a colon, like XX:XX:XX:XX:XX:XX
Then the filtering rules: Allow stations specified in the included entries.
Then - Filtering by Mac addresses - enable.
**Tip: when adding or editing your Mac addresses, it is advisable to indicate the ownership of this device in the description (for example, PC-Andrey, Smartphone-Janna, LG-Tablet, etc. This will eliminate unnecessary questions in the future)
5) “Security” tab
Basic protection settings.
Enable everything, VPN - depending on the situation (if you have it, then enable the pass).
Advanced protection settings.
Protection against DoS attacks—enable.
Enable all types of filtering.
Local control
By analogy with the “Mac Address Filtering” item, we add here the devices from which you can access (and only from them) the router settings page.
Parental controls - disable (if you suddenly need this function, google it, but for security it does not matter, it only restricts access to the Internet).
6) Tab "System Tools"
Password.
We set our login and password to enter the router management page instead of the standard admin - admin. Naturally, we remember.
Backup and Restore
We save the settings you made (just in case they suddenly disappear) by clicking on the “Backup” button. Save the file with the extension .bin. In the future, it will be possible to recover from it by going to the same menu item.
Statistics.
Turn on.
This completes setting up the protection of your router and your wifi network. Of course, you cannot completely protect yourself from all threats from the Internet in this way (after all, they somehow hack the Pentagon, etc.), but you can believe that if the cost of the issue is less than a million dollars, then hacking your network and, accordingly, then your computer with such protection Few people will want to, because it involves too much labor and time.
Chapter 2. Viewing router statistics for signs of hacking.
1) “Wireless” tab
Wireless Statistics
All Mac addresses that are currently using your Wifi network are listed here. If at this point there is an unknown Mac address, this may be suggestive (although if you set everything up correctly according to the instructions in Chapter 1, then no creature will be able to get here so easily). It’s just that at this point you can monitor the clients of your wireless network for your own peace of mind.
2) “DHCP” tab
List of DHCP clients.
This shows devices that have logged on to the network using your password and to which the router has automatically assigned a temporary IP address. (Again, for your own peace of mind).
3) Tab "System Tools"
Statistics. (if it is of course enabled as indicated in Chapter 1)
Here you can see all the devices using your router.
Common to all types of statistics - look at the packets sent and received, the number of bytes sent and received. If these parameters are zero, then the device does not transmit any information using your router.
This concludes the article. Thanks to everybody, you're free. There is a special button for donation.)
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=U4MB96DDZLVGE
Added: Following reports of malicious attacks on routers from various manufacturers, TP-LINK has released a firmware update for routers to prevent possible threats.
(Shenzhen, China) -- TP-LINK, a global networking equipment manufacturer, said it has released firmware updates for its major router models to help prevent malicious attacks from hackers.
Following the publication of an official report from Team Cymru describing several vulnerabilities in home networking equipment, including TP-LINK's equipment, that make the equipment vulnerable to hacker attacks, TP-LINK has updated the firmware for all major home router models .
The firmware of the company's ADSL routers will be updated within a week. Team Cymru is an American non-profit 501(c)3 organization specializing in Internet security research and dedicated to improving Internet safety.
Instructions for updating the firmware of TP-LINK routers.
A new hacker attack on routers affected more than 300 thousand home and office devices from manufacturers such as D-Link, TP-Link, Micronet and Tenda. Having gained access to them, the attackers changed the DNS server settings. Researchers from Team Cymru reported this earlier this week.
Several methods were used to gain access to the routers. For example, the cross-site request forgery (CSRF) technique was used, when router web interface passwords are reset and DNS settings are changed. Configuration files were also accessed through unverified URLs.
All these attacks were made possible due to vulnerabilities in the routers' firmware. Most of the affected users are located in Vietnam, India and Italy, with the United States also affected. All routers' DNS settings were changed to 5.45.75.11 and 5.45.75.36, which allowed, for example, net banking traffic to be diverted to fake websites that collected users' financial data, or unwanted software to be installed on computers. Recently, similar attacks affected Polish residents and their banking information.
Let us remind you that not so long ago, routers from companies and .