Your router's not infected but your network is. It runs through the file sharing service on port 445.
Restarting your machines may stop the double pulsar but payloads may have been downloaded so run many scans / re-image machines, whatever it takes.
When infecting a VBox system your host should always be Linux based, not Windows based. You should also make sure drag n drop is not enabled be it bidirectional or guest-to-host.
I used dariks boot and nuke with the dod method on the machine that i had the virtual box on. yeah ill make sure to run a bunch of scans. If it comes down to it ill wipe the hard drives of all computers i have with 3 passes lol
DBAN? Wow that's harsh, I'd make that a last resort if I were you, a re-image would've been better and easier in this case.
Double Pulsar resides in RAM and is removed upon reboot, the issue comes from a payload that's been downloaded from a C & C server.
smirk24 well you got to remove it and you make sure the NSA can't find anything on hard drive
@smirk24 If you're DBAN'ing you might as well wipe the HPA (if it exists) and reset the DCO using a Linux Live CD.
DBAN is way over kill and will shorten the life of the drive not to mention it will take days to finish a large drive.
So would i have to go into the firewall and block port 445 after a few rootkit scans to get it out of there?
Blocking the port won't get rid of it, 445 is where the exploit is made. It should've been blocked well in advance.
If you're using file sharing 445 will be used but if testing malware your machine should be standalone and not in a multi-pc network for these very issues.
A little light reading for you;
https://www.grc.com/port_445.htm