Author Topic: RouterOS web login infection detected (Read 1451 times)

Koffee · « **on:** April 11, 2014, 07:36:12 AM »

Hi, when I tried to login my router via browser yesterday, AVAST shows the following message and not let me access to my router webpage:

Infection detected
Infection: JS:Agent-CYK [Expl]
URL: http://(RouterIP)/webfig/engine-731af2d3d448.js
File: engine.js

It seems this javascript is not stored in my pc or router. I have tried to reset my router to default but same issue happen.

I used to login my router via browser and it is fine. It just happened suddenly since yesterday. I do not want to add URL into exclude list, does someone know how to fix this?

Thank you.

Tondah · « **Reply #1 on:** April 11, 2014, 08:45:41 AM »

Hi Koffee, i am sorry for your trouble. It was false positive alert and it will be fixed with next VPS update.

Koffee · « **Reply #2 on:** April 11, 2014, 08:54:05 AM »

Good news! Thank you.

I am just worry this is a real malware or trojan and no clue to how fix this as this is not a file stored in my pc or router.

I will use another method (ssh) to login my router temporarily until next VPS update.

Thank you.

Author Topic: RouterOS web login infection detected (Read 1451 times)

Koffee

RouterOS web login infection detected

Tondah

Re: RouterOS web login infection detected

Koffee

Re: RouterOS web login infection detected