Warning! Adobe Flash Outdated. Security Risks. Please Update Now.

I'm was using an Asus RT-N16, but I've unplugged that and am connecting directly to the At&t 3801HGV router/modem, which I cannot change the dns for. I've also changed the DNS on each machine to point to google's public dns servers and flushed the DNS cache but am still getting the pop up.

jrbooth wrote:

How do I find out what the DNS settings should be?

They should be whatever your ISP uses, but we have no way of knowing.

Tell us what they are and we can tell you if they are OK.

From the article it would appear that 66.66.66.66 is bad.

Cezary Wojtkowski wrote:

I'm was using an Asus RT-N16, but I've unplugged that and am connecting directly to the At&t 3801HGV router/modem, which I cannot change the dns for.

So you were using two routers? I see the 3801HGV is only 802.11b/g, so I take it you wanted 802.11n Wi-Fi?

What's the DNS on the 3801?

BTW, I saw in one of those articles that the ASUS RT-N16 was also vulnerable to hacking and probably needs a firmware update.

I've also changed the DNS on each machine to point to google's public dns servers and flushed the DNS cache but am still getting the pop up.

So this really doesn't sound like it could be either a router or DNS issue.

What extensions do you have installed in each of your browsers?

jrbooth wrote:

The DNS for my router is 93.171.216.59.

If you live in the Czech Republic, then this might be correct, but I seriously doubt it.

inetnum: 93.171.216.0 - 93.171.217.255

netname: BREEZLE1-NET

descr: BREEZLE LLC

remarks: ---------------------------------------------------

remarks: This IP subnet is mainly used for VPS hosting purposes.

remarks: Please contact our abuse department if there are any complaints.

remarks: SPAM and Abuse issues: abuse-general@breezle.net

remarks: General information: info@breezle.net

remarks: DMCA and Subpoenas: http://breezle.net/legal/

remarks: ---------------------------------------------------

country: EU

admin-c: IP2364-RIPE

tech-c: ATCZ-RIPE

status: ASSIGNED PA

mnt-by: MNT-ALFATELECOM

mnt-lower: MNT-ALFATELECOM

mnt-routes: MNT-ALFATELECOM

source: RIPE # Filtered

role: Alfa Telecom Staff

address: Rehorova 997/12, Prague, Czech Republic

abuse-mailbox: abuse@alfatelecom.cz

admin-c: AK1065-RIPE

tech-c: AK1065-RIPE

tech-c: MK7820-RIPE

nic-hdl: ATCZ-RIPE

mnt-by: MNT-ALFATELECOM

source: RIPE # Filtered

person: Igor Potapov

phone: +17742161566

address: P.O. Box 51950, Boston, MA, 02205

mnt-by: MNT-ALFATELECOM

nic-hdl: IP2364-RIPE

source: RIPE # Filtered

route: 93.171.216.0/23

descr: BREEZLE LLC

origin: AS50245

mnt-by: SERVEREL-MNT

source: RIPE # Filtered

Primary dns is 68.94.156.1, secondary is 68.94.157.1. I've tried disabling all plugins and extensions for Chrome, but the problem persists across browsers (firefox and safari) and devices (chrome on an iphone 4s) so it doesn't look like that could be the issue.

Cezary Wojtkowski wrote:

Primary dns is 68.94.156.1, secondary is 68.94.157.1.

Those are both registered to AT&T outside of Wichita Kansas, USA, so they look to be legitimate, not related to jrbooth's problem, so you need to start a new thread to get the best advise on how to proceed.

jrbooth wrote:

I do not live in the Czech Republic. I live in Ohio.

I figured as much.

So, what do I change it to and do I need to do it on all my devices?

Best to discuss that with your ISP, assuming they own the ASUS. They should also update the firmware to prevent it from being hijacked again while they're at it. You can change it on each device, but I find that to be a PITA, so I just make changes to my router. I do this relatively frequently in order to take advantage of new technologies, but that's not always a good thing so I suspect you should stick with whatever your ISP recommends.

You'll see recommendations to use OpenDNS or Google Public DNS. They sometimes can provide you with faster service, but don't believe all the hype about protecting you from malware, etc. They want your business (for free) so that they can track your browsing habits and sell it to services that want you to buy their stuff, so there is always a price for all the "free" stuff you find on the Internet.

jrbooth wrote:

The ASUS is mine. I have a modem from the cable company, TWC. I have no idea how to view/change the DNS on that. They have an office right around the corner. Should I take the modem in and exchange it for a new one?

No, the modem doesn't know or care about DNS, that's the router's job.

So since the ASUS is yours, I assume you have the manual and:

- Updated the firmware to hopefully prevent this from happening again.

- Changed the default userID and password so that only you can make changes.

- Disabled the ability to configure it over the WAN.

- Deleted the current DNS addresses so that they will automatically default to whatever your ISP assigns.

Now unplug both the modem and the ASUS.

Plug the modem in and wait for it to reboot and the lights are at a steady state (perhaps all green or not blinking) except for the "link" light.

Now plug the ASUS back in and wait for it to fully boot up.

Also, what about the fact that the "warning" pops up on the devices when using different networks? Any thoughts there?

Probably because those devices are using DNS cache which will eventually clear by itself. It can be manually flushed on your Mac, but I don't know of a way to do that with iOS.

don't know if this will she's any light on this issue, but I had an asus router when I was infected with this problem...I then proceeded to switch out this router with a Cisco one. worked for about a day, but today, the pop-up has resurfaced...

Jpannnn wrote:

I had an asus router when I was infected with this problem...I then proceeded to switch out this router with a Cisco one. worked for about a day, but today, the pop-up has resurfaced...

Some of the Linksys models have been found to be vulnerable to attack as well as a few D-Link models. I beleive there are firmware patches available for them now.

Again, make sure you change any default UserID/Password combinations and disable WAN side configuration changes. Make sure you protect your local network with a strong WPA2 password to prevent your neighbors kid from checking out your network.