My Sonos has a virus. Factory reset doesn't help

Never heard of ‘fedapush spam traffic’ before. Nor is there an attachment. 

The factory reset is the full reset of the device. Have you tried calling Sonos Support directly to discuss it? I’m wondering if this ‘spam’ is the normal data of Sonos checking in to the Sonos servers. 

What router?

How is identifying the traffic as spam?

Only fedapush things I’m seeing look to be Android related, have you checked your Controller’s device?

My Sonos Playbar has a virus. The router I use is picking up fedapush spam traffic coming from that device. (See attachment.)

 

Fedapush is known spam traffic.

The device is identified using its MAC

In 10 years on the Community I have never heard of a Sonos device “having a virus”.  I am not sure I even know what that would mean.  Sonos devices are continually communicating with other Sonos devices and with controllers.  Maybe your router is mistaking this for signs that there is a virus.

Or maybe you have the first ever Sonos speaker to catch a cold.

That would be very bad indeed. I’d contact Sonos asap.

I regularly receive loud, urgent, “helpful” messages warning me about this, that, or the other malware that has infected my systems, pad/phone, or credit accounts. They often offer a link that will fix everything for me. One crew keeps telling me about nasty things that they’ve discovered on my systems and, for a fee in Bitcoin, they will remove the malware and forget the nasty data that they discovered.

I’m both annoyed and amused by these messages -- and I never reply because there is no nasty data.

I’ve even received phone calls informing me that they have access to my computer and discovered some malware. They ask me to go to a website to receive help. It was interesting when I asked them to give me the IP address that they were using to access my computer. It was obvious that they didn’t seem to understand what an IP address is all about. One company called again (I recognized the voice) and gave my IP address as 192.168.1.1. As I recall, the computer was not powered at that time and anyone with a minimum of network knowledge would scoff at this. Besides, I wasn’t using that subnet.

Fortunately, my personal account receives relatively few of these messages. I need to use an aggressive spam filter on my business account and bounce stray emails. There seems to be some “quality control” used by the perpetrators because I find that they grow bored after receiving multiple machine generated rejection notices and none of their transmissions have been read by a human. Many of these spammers use trackers that confirm you’ve opened the email -- even if you have not replied or clicked on a link.

While likely to be “influencers”, I searched for “fedapush.net” and quickly found a couple sites with unfavorable comments and offered removal suggestions.

I just pulled up my security logs for the last week and fedapush is not in them so it likely isn’t Sonos related unless it is something voice related.

What router?

The router I use is a Deco (M5).

Yeah, I doubt that this is anything ‘reasonable’. Will try to contact support directy as soon as it is feasible.

If the Playbar is a SonosNet node, and a device is hard-wired into its Ethernet port, it would be easy for a network scanner to be confused as to the source of some suspicious data.

That is a great point. Not the case in my system as nothing is connected to the Ethernet port, but a good thing to check if someone else is looking for a solution in the future