Reply
New Member
Posts: 23
Registered: ‎08-10-2013
Accepted Solution

CureMalware Patch How do you run this?

Last night I got kicked off my Router and couldn't log back in.  It also shut the (phone) modem down.  What I mean by that is our Internet service is bundled and our Modem is one of those that has the telephone line running into it.

 

I reset the router and the modem and it came back on and I had to start over from scratch.  I then saw the messages in the Forum about the Virus and want to check and see if my Router is infected so I downloaded the ubnt-CureMalware. 

 

I'm having problems though.  First off - when I went to the Ubnt login page it said the certificate was not valid.  So I had to make an exception just to let me log in. 

 

Then running the bat file as Admin 192.168.1.1   I get through the SSH port and I enter 22 (since I Googled that) and I go to USER NAME and I've tried it both ways, either the default UBNT or my Admin name and there it stops.  It won't let me enter a Password

 

So I have to exit. 

 

 


Accepted Solutions
SuperUser
Posts: 16,538
Registered: ‎06-18-2010
Kudos: 5291
Solutions: 1761

Re: CureMalware Patch How do you run this?

[ Edited ]

Did you hit <enter>?

 

Capture.PNG

Where the red curled arrow is <enter key>

 

Edit: When you enter the password, there is no feedback/echo on the screen...you just carefully type it in and hit <enter>.

I did it my way .... Man Happy

View solution in original post


All Replies
SuperUser
Posts: 16,538
Registered: ‎06-18-2010
Kudos: 5291
Solutions: 1761

Re: CureMalware Patch How do you run this?

[ Edited ]

Did you try the virus username/password combos given in the article where you got CureMalware?

I had a pair of Nanostations that got hit; I couldn't get through with the usual username/password combos, but the suggested virus combo worked.

 

http://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/b...

I did it my way .... Man Happy
New Member
Posts: 23
Registered: ‎08-10-2013

Re: CureMalware Patch How do you run this?

[ Edited ]

I'm ready to throw this thing in the garbage.  I can not run that bat file.  I have NO IDEA what I'm doing. 

 

When I put in the other username I can do that.  I finally figured out to just click through on the password and then it gets me the option of Reuse Password <y : n> so I click n  and that takes me to password for moth3r

 

And there we sit.  It won't let me enter a password or a command. 

 

I went on chat and they sent me to the video and they are running it from the command line.  And that's way over my head. 

 

I am running Windows 7 64 if that makes any difference.  I've tried this on 2 different computers.  And yes, my Java is up to date. 

 

Port 22 checking on the web is not open.  Would that make a difference? 

 

Can't I just flash this and start over?  Is that an option?  

 

 

SuperUser
Posts: 4,663
Registered: ‎12-16-2008
Kudos: 1936
Solutions: 393

Re: CureMalware Patch How do you run this?

If you want to "start over" try with --> https://help.ubnt.com/hc/en-us/articles/204911324-airMAX-How-to-reset-your-device-with-TFTP-firmware...


Muestra tu agradecimiento, a quienes te ayudaron, con un Kudo

Si el post de un compañero te ayudó a resolver el problema, márcalo/acéptalo como solución.
New Member
Posts: 23
Registered: ‎08-10-2013

Re: CureMalware Patch How do you run this?

Yes I just got that link from Chat.  But all that does is download the latest version of the software which I have already installed.  "Upload firmware image file"

 

I have no idea if my router is infected or not.  I don't feel safe using it anymore since I can not run the CureMalware thing on it.  I've NEVER heard of a Router getting a Virus before.  I only discovered it when I got a Invalid Certificate when I tried to logon to the default 192.168.1.1 router page and I Googled it and it led me back here to the forum.

 

This is my second Ubiquiti router.  I thought they were the best one to use because it was so uncommon.  Not like Linksys or something where anyone could hack it.  And now?  I am just so disappointed to find that this has happened. 

 

I would just like an answer as to why I can't run the Malware and why I can't put in the password.  Is it because Port 22 is blocked?  Is it because I am running  Windows 64 bit?  Is it because I don't know how to run a command line?  I'm willing to learn! 

 

 

SuperUser
Posts: 16,538
Registered: ‎06-18-2010
Kudos: 5291
Solutions: 1761

Re: CureMalware Patch How do you run this?

[ Edited ]

CureMalware.bat is meant to be run from a command line prompt. It is not a Windows GUI application. (It actually opens up the command window when you double click on 'windows-CureMalware.bat').

 

No, you don't need Port 22 open to the web. You're running this locally to your router, from the LAN side.


Do you know which version of firmware you were running?

 

Capture.PNG

 

Pretty straightforward to run: Double click windows-CureMalware.bat (red circle), then black command window opens up (red arrow). Follow the prompts. If you're stuck, post back here.

 

For AirRouter, IP should be 192.168.1.1

 

Use the virus username and password given in this post:

 

http://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/b...

 

(Username is moth3r)

 

 

I did it my way .... Man Happy
New Member
Posts: 23
Registered: ‎08-10-2013

Re: CureMalware Patch How do you run this?

(Username is moth3r)

 

I can enter the Username.  But then it stops there.  I can't enter the password. 

SuperUser
Posts: 16,538
Registered: ‎06-18-2010
Kudos: 5291
Solutions: 1761

Re: CureMalware Patch How do you run this?

[ Edited ]

Did you hit <enter>?

 

Capture.PNG

Where the red curled arrow is <enter key>

 

Edit: When you enter the password, there is no feedback/echo on the screen...you just carefully type it in and hit <enter>.

I did it my way .... Man Happy
New Member
Posts: 23
Registered: ‎08-10-2013

Re: CureMalware Patch How do you run this?

That WORKED!   Thank you!  Does everyone know to do that but me? 

 

I finally had to reset the Router to the default ubnt ubnt mode to run it.  And just to be on the safe side I did it from Safe Mode with wireless just so my Eset wasn't running. 

 

The only (of course) password and username that worked was ubnt and everything is clear and updated. 

 

Smiley Happy

 

 

 

SuperUser
Posts: 16,538
Registered: ‎06-18-2010
Kudos: 5291
Solutions: 1761

Re: CureMalware Patch How do you run this?

Glad you got everything sorted out! What version are you running on the AirRouter now? Anything prior to 5.6.2 (or 5.5.10u2) is vulnerable.
I did it my way .... Man Happy
New Member
Posts: 23
Registered: ‎08-10-2013

Re: CureMalware Patch How do you run this?

 

5.6.8

SuperUser
Posts: 16,538
Registered: ‎06-18-2010
Kudos: 5291
Solutions: 1761

Re: CureMalware Patch How do you run this?

You're all set then! Man Happy
I did it my way .... Man Happy
New Member
Posts: 23
Registered: ‎08-10-2013

Re: CureMalware Patch How do you run this?

I still haven't figured out the Invalid Certificate error that I'm getting on 192.168.1.1 when I go to that page. 

 

So I am just going to format my computer and hope that solves that error.  I like to clean things up every now and then anyway and start fresh. 

 

 

Highlighted
SuperUser
Posts: 16,538
Registered: ‎06-18-2010
Kudos: 5291
Solutions: 1761

Re: CureMalware Patch How do you run this?

Open the page with Firefox, accept the warnings, and store the exception, and you won't get the error anymore.
I did it my way .... Man Happy
Reply