A few weeks ago I was being hit by frequent (not quite constant) random ads when browsing in Internet Explorer. Since it happened with two different computers running two different Windows operating systems and two different versions of IE it was puzzling. Eventually I discovered that my router (wireless, but that's not essential) had been compromised by a worm that reset the DNS from auto to manual with primary and secondary DNS server IP's plugged in for a site called onclickads.com. My fix was to restore auto DNS using the admin logon in the router and improve the strength of the admin logon password, then run boot-time full scans on both computers. So far this seems to have worked, but I remain vigilant because some threads I researched suggest that the admin password makes no difference since the route in is via a hardware exploit which bypasses the password entirely. Note that while the ads were annoying they were not damaging, but there is nothing to suggest that this exploit could not be used for much more serious theft or damage. For the time being I am content to manually recheck for auto DNS in my router now and then and keep my fingers crossed. The following link has interesting technical details about similar worms and recommends turning off Remote Management Access or the Home Network Administration Protocol (HNAP) in the router, a step which my ISP discourages but which I will take following any additional infectons.
http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/ .
