Wonderlandads Virus – the virus that almost beat me

Recently we had a customer who was experiencing major issues with pop-ups and websites being re-directed to random adverts, both on his PC and tablet the culprit was Wonderlandads Virus, I have seen this before (just not this bad) and set off to perform a full health and security check on the PC and tablet at our workshop (this is key to this story).

Once the virus removal we completed we stopped experiencing the issue and ask the customer to come and collect. Upon arriving at the workshop they proceeded to test the PC to ensure the virus was gone and they where happy, all was good so they paid and left. Half an hour later the phone rings and its the customer again; hes not happy, hes got home and its started happening again and he wants a refund… Oh god i thought, just what we need bad reviews.

After talking to the customer for half an hour we agreed that I would come to his house (free of charge) to investigate the issue further and see if we had missed anything (mistakes happen, its how you deal with them that matters).

The next day (a Sunday) I arrived at his house and set off to investigate the issue, upon opening up Google chrome and Microsoft Edge i was bombarded with re-directs… i started to perform another virus removal on the tablet and desktop PC but nothing was found (I tried Hitman pro, Malwarebytes and ADWcleaner)… it was safe to say i was confused.

I was just getting ready to admit defeat when all of a sudden I had a brain wave… What is its not the computers, what is its the router!!! This would explain why it wasn’t happening at our workshop, our router wasn’t compromised! I jumped on my laptop, connected to the customer WiFi and BOOM!!! re-direct after re-direct. I then dialled into the routers admin page and checked the DNS setting… i couldn’t believe it, one of the viruses we removed from the desktop must have altered the routers DNS setting (not that difficult as the routers admin details where the default ones).

After changing the DNS addressed to use Googles and then re-booting the router i jumped back on my laptop, the customer tablet and his PC and…NOTHING the Wonderlandads Virus re-directs had stopped, no matter what site i visited i was not receiving any pop-ups, re-directs or other strange occurrences.