D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-645 => Topic started by: DIR645 on May 13, 2016, 05:49:00 PM

Title: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: DIR645 on May 13, 2016, 05:49:00 PM

Hi,
sth really strange did just happen:

I own a DLINK DIR 645, Version A1, FW 1.06.

Set-up:   I have a cable modem (internet) and this is connected to the router's internet-port on its backside.
Everything worked fine until some hours ago:
I tried to log on to the router with my Admin password (tried it about 20 times and it said that the pw would be incorrect). Finally, i left the Admin-pw-field empty and I was able to login.  I am definitely sure that I did not perform a factory reset or sth like that (that is proved by the fact that only the Admin pw seems to be reseted to default and the protocols have been deleted (first entries I see in the logs are the ca. 20 failed logons where I tried to use my personal Admin pw which used to work until like 1 hour ago)

The only thing I changed on the setup today was to unplug the router from the internet (plugged out the ethernet cable that connected my cable modem and the router) in order to connect my PS4 directly to my cable modem for the reason that I had several internet disconnects (or wlan interferences) so that it was quite impossible to play GTA V online on the  PS4.

When I quitted my GTAV online session like 1 hour ago I repluged the ethernetcable from the modem to the internet port of the router and restarted the router and the modem.


Summary:

- Admin PW has been reseted (I did not perform a factory reset)
- Old Router logs / protocols have been deleted  (now they start about 1 hour ago with the failed logins)
- everything else (MAC filter, SSID; wlan pw etc. stayed as they have been before


Is there any logical explanation for having that issue besides a trojan / router has been hacked / virus or sth?


Thank you in advance

Excuse my poor English, Im a native German speaker.

Title: Re: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: DIR645 on May 14, 2016, 02:04:07 AM

So am I the first one who is experiencing this issue? :/
Is there a way to see who / what changed the Admin pw of the router and deleted the logs?

Title: Re: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: RYAT3 on May 14, 2016, 06:20:57 PM

Quote from: DIR645 on May 14, 2016, 02:04:07 AM

So am I the first one who is experiencing this issue? :/
Is there a way to see who / what changed the Admin pw of the router and deleted the logs?

This is really bizarre.  Has it happened again?

It sounds like something of a reset or power cycle happened.

Computers use little coin LithIon batteries (1.5v?) that go bad after years.... but usually the computer is dead after 6 years, so it never really gets replaced. I don't think routers use these.

How long have you had the router? 

Maybe unplug it again for an hour or so and see if it resets everything again?

Title: Re: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: RYAT3 on May 14, 2016, 07:38:45 PM

Have you read this post?   :o

http://forums.dlink.com/index.php?topic=56366.0

Title: Re: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: FurryNutz on May 14, 2016, 08:42:22 PM

Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)

• What region are you located?
• Has a Factory Reset (http://blog.dlink.com/what-is-a-reset-button-when-should-i-use-it) been performed?
• Was a Factory Reset performed before and after any firmware updates then set up from scratch?

  Link> >FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)

• Was the router working before any firmware updates?

Internet Service Provider and Modem Configurations

• What ISP Service do you have? Cable or DSL?
• What ISP Modem Mfr. and model # do you have?

PC Web Browser Configurations
What browser are you using?
Try Opera or FF? If IE 8, 9, 10 or 11, set compatibility mode and test again.

Quote from: DIR645 on May 13, 2016, 05:49:00 PM

Hi,
sth really strange did just happen:

I own a DLINK DIR 645, Version A1, FW 1.06.

Set-up:   I have a cable modem (internet) and this is connected to the router's internet-port on its backside.
Everything worked fine until some hours ago:
I tried to log on to the router with my Admin password (tried it about 20 times and it said that the pw would be incorrect). Finally, i left the Admin-pw-field empty and I was able to login.  I am definitely sure that I did not perform a factory reset or sth like that (that is proved by the fact that only the Admin pw seems to be reseted to default and the protocols have been deleted (first entries I see in the logs are the ca. 20 failed logons where I tried to use my personal Admin pw which used to work until like 1 hour ago)

The only thing I changed on the setup today was to unplug the router from the internet (plugged out the ethernet cable that connected my cable modem and the router) in order to connect my PS4 directly to my cable modem for the reason that I had several internet disconnects (or wlan interferences) so that it was quite impossible to play GTA V online on the  PS4.

When I quitted my GTAV online session like 1 hour ago I repluged the ethernetcable from the modem to the internet port of the router and restarted the router and the modem.


Summary:

- Admin PW has been reseted (I did not perform a factory reset)
- Old Router logs / protocols have been deleted  (now they start about 1 hour ago with the failed logins)
- everything else (MAC filter, SSID; wlan pw etc. stayed as they have been before


Is there any logical explanation for having that issue besides a trojan / router has been hacked / virus or sth?


Thank you in advance

Excuse my poor English, Im a native German speaker.

Title: Re: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: DIR645 on May 16, 2016, 12:07:29 PM

Hi Ryat, thanks for your answer.

I had read the post you mentioned before I started my thread. I started my own thread because the problem discussed in the thread you linked sounds similar but still different to my specific issue.

Yesterday I tried to reproduce the issue and did exactly the same thing that i had done before the issue became present (unplugged the modem from the router and connected the modem directly with my PS4, played online for some hours and then replugged and restarted everything)
This time only the protocols / logs were deleted, but not the Admin password.

Your presumption concerning the "batteries"  sounds plausible to me, I think the router is about 5 years old, could be 4 or 6 as well, though.

 ???

Title: Re: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: FurryNutz on May 16, 2016, 12:56:57 PM

Please give feed back and details on the questions presented.

I also have this router and have not experienced this particular issue.

Title: Re: VIRUS/ TROJAN ? DIR 645 RESETS ADMIN PW and PROTOCOLS!
Post by: FurryNutz on May 20, 2016, 07:34:33 AM

Any status on this?
 ???

Quote from: DIR645 on May 16, 2016, 12:07:29 PM

Hi Ryat, thanks for your answer.

I had read the post you mentioned before I started my thread. I started my own thread because the problem discussed in the thread you linked sounds similar but still different to my specific issue.

Yesterday I tried to reproduce the issue and did exactly the same thing that i had done before the issue became present (unplugged the modem from the router and connected the modem directly with my PS4, played online for some hours and then replugged and restarted everything)
This time only the protocols / logs were deleted, but not the Admin password.

Your presumption concerning the "batteries"  sounds plausible to me, I think the router is about 5 years old, could be 4 or 6 as well, though.

 ???