Post Reply

[Q] Virus/Malware: Download Flash Player on Google sites

11th April 2014, 11:52 AM   |  #1  
OP Junior Member
Thanks Meter: 1
 
5 posts
Join Date:Joined: Feb 2014
More
Hi,

I am on Android 4.0.4 Cyanogen Mod. Recently, whenever I open google.com or any google website, I get this popup that asks me to download Flash Player and redirect me to some website that has a link to download. It basically blocks all the routes to google related websites.

This is exactly the same issue described here: bleepingcomputer.com/forums/t/526069/warning-your-flash-player-may-be-out-of-date-redirect-on-both-pc-and-tablet but the solution is basically for a Windows machine.

After this started to happen, I:
1. cleared all applications cache data
2. Installed AVG antivirus and scanned the phone


This does not seem to be a problem with router because there I do not see the problems on computers and phones connected to the same router.

Can someone help me to solve this problem?

Attached is the screenshot.


Thanks

PS: I cannot post a link yet, so I removed the protocol and www prefix.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2014-04-11-13-44-01.png
Views:	45
Size:	26.2 KB
ID:	2679922  
Last edited by naishe; 11th April 2014 at 11:57 AM. Reason: typo
12th April 2014, 07:01 PM   |  #2  
Junior Member
Thanks Meter: 3
 
10 posts
Join Date:Joined: Oct 2012
Quote:
Originally Posted by naishe

Hi,

I am on Android 4.0.4 Cyanogen Mod. Recently, whenever I open google.com or any google website, I get this popup that asks me to download Flash Player and redirect me to some website that has a link to download. It basically blocks all the routes to google related websites.

This is exactly the same issue described here: bleepingcomputer.com/forums/t/526069/warning-your-flash-player-may-be-out-of-date-redirect-on-both-pc-and-tablet but the solution is basically for a Windows machine.

After this started to happen, I:
1. cleared all applications cache data
2. Installed AVG antivirus and scanned the phone


This does not seem to be a problem with router because there I do not see the problems on computers and phones connected to the same router.

Can someone help me to solve this problem?

Attached is the screenshot.


Thanks

PS: I cannot post a link yet, so I removed the protocol and www prefix.

I have the exact same issue as above. I am on 4.4.2 (CM v. 11-20140405-SNAPSHOT-M5-i9300)
What I observed is, when I am connected to my home wireless, neither the internet browsing works nor the play store. But when I shift to 3G, my play store works but with the browser I still get that flash warning.

I have not got any information from elsewhere how to fix it (on phone).
The Following User Says Thank You to IndianHacker For This Useful Post: [ View ]
12th April 2014, 07:26 PM   |  #3  
Member
Flag istanbul
Thanks Meter: 16
 
51 posts
Join Date:Joined: Jul 2013
More
Quote:
Originally Posted by naishe

Hi,

I am on Android 4.0.4 Cyanogen Mod. Recently, whenever I open google.com or any google website, I get this popup that asks me to download Flash Player and redirect me to some website that has a link to download. It basically blocks all the routes to google related websites.

This is exactly the same issue described here: bleepingcomputer.com/forums/t/526069/warning-your-flash-player-may-be-out-of-date-redirect-on-both-pc-and-tablet but the solution is basically for a Windows machine.

After this started to happen, I:
1. cleared all applications cache data
2. Installed AVG antivirus and scanned the phone


This does not seem to be a problem with router because there I do not see the problems on computers and phones connected to the same router.

Can someone help me to solve this problem?

Attached is the screenshot.


Thanks

PS: I cannot post a link yet, so I removed the protocol and www prefix.


I think it is a virüs and your system is effected. Maybe there is easy way to fix that problem but i suggest you to backup your datas and make full wipe (system, data, cache) and install your rom. For me it is definitely solution.
The Following User Says Thank You to was12 For This Useful Post: [ View ]
13th April 2014, 05:50 AM   |  #4  
OP Junior Member
Thanks Meter: 1
 
5 posts
Join Date:Joined: Feb 2014
More
I think I got the problem when another computer connected to the router got the same issue.

Basically, my modem/router was bugged. There is a virus that performs DNS injection. DNS of my network adapter had been changed to 68.168.98.196, which in turn was redirecting all the traffic from my devices to the attacker's website.

So, I called the phone company and got the modem reset. Updated the settings. The problem was fixed.

If you have the same problem,

1. Check the DNS setting in your modem/router. You may need to log into the router gateway like HTTP : / / 192.168.1.1 or something.
2. If it is 68.168.98.196, you will have to reset the router.
3. Note that if you are bugged, you might not log into the router though. So, you cannot see the DNS. Probably, you should probably check in your system. For example, I do this Ubuntu,

Code:
~$ nm-tool | grep DNS
    DNS:             192.168.1.1
    DNS:             125.22.47.125
    DNS:             125.22.47.100
    DNS:             8.8.8.8
4. Reset the router. Before you start doing that make sure you have all the information, id and password for your connection provided by the ISP.

Once this is done, you can see Google and sister websites load pretty well.
The Following User Says Thank You to naishe For This Useful Post: [ View ]
13th April 2014, 08:24 AM   |  #5  
Junior Member
Thanks Meter: 3
 
10 posts
Join Date:Joined: Oct 2012
Quote:
Originally Posted by naishe

I think I got the problem when another computer connected to the router got the same issue.

Basically, my modem/router was bugged. There is a virus that performs DNS injection. DNS of my network adapter had been changed to 68.168.98.196, which in turn was redirecting all the traffic from my devices to the attacker's website.

So, I called the phone company and got the modem reset. Updated the settings. The problem was fixed.

If you have the same problem,

1. Check the DNS setting in your modem/router. You may need to log into the router gateway like HTTP : / / 192.168.1.1 or something.
2. If it is 68.168.98.196, you will have to reset the router.
3. Note that if you are bugged, you might not log into the router though. So, you cannot see the DNS. Probably, you should probably check in your system. For example, I do this Ubuntu,

Code:
~$ nm-tool | grep DNS
    DNS:             192.168.1.1
    DNS:             125.22.47.125
    DNS:             125.22.47.100
    DNS:             8.8.8.8
4. Reset the router. Before you start doing that make sure you have all the information, id and password for your connection provided by the ISP.

Once this is done, you can see Google and sister websites load pretty well.

I think you nailed it down. Indeed my wireless router (which is physically connected to my ISP's modem) had one of the DNS set to 68.168.98.196. I now changed them manually to google DNS servers, had my phone forget the network and added it again. Looks like it is working for me too..

Thanks a lot for posting it! I will update here if I see the issue again or anything else indicating similar issue.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools
Display Modes


Top Threads in Android Q&A, Help & Troubleshooting by ThreadRank