Answered

My Sonos has a virus. Factory reset doesn't help

  • 24 February 2023
  • 11 replies
  • 583 views

My Sonos Playbar has a virus. The router I use is picking up fedapush spam traffic coming from that device. (See attachment.)

I have tried to do a factory reset (holding play/pause/mute) while connecting the cable. This reset the settings for the device’s connection to the network, but did not stop the spam.

How can I do a full reset of my device? Or is there another way to remove this virus?

icon

Best answer by Stanley_4 26 February 2023, 18:05

View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

11 replies

Never heard of ‘fedapush spam traffic’ before. Nor is there an attachment. 

The factory reset is the full reset of the device. Have you tried calling Sonos Support directly to discuss it? I’m wondering if this ‘spam’ is the normal data of Sonos checking in to the Sonos servers. 

Userlevel 7
Badge +22

What router?

How is identifying the traffic as spam?

Only fedapush things I’m seeing look to be Android related, have you checked your Controller’s device?

My Sonos Playbar has a virus. The router I use is picking up fedapush spam traffic coming from that device. (See attachment.)

 

 

Fedapush is known spam traffic.

The device is identified using its MAC

 

In 10 years on the Community I have never heard of a Sonos device “having a virus”.  I am not sure I even know what that would mean.  Sonos devices are continually communicating with other Sonos devices and with controllers.  Maybe your router is mistaking this for signs that there is a virus.

Or maybe you have the first ever Sonos speaker to catch a cold.

Userlevel 7
Badge +17

That would be very bad indeed. I’d contact Sonos asap.

I regularly receive loud, urgent, “helpful” messages warning me about this, that, or the other malware that has infected my systems, pad/phone, or credit accounts. They often offer a link that will fix everything for me. One crew keeps telling me about nasty things that they’ve discovered on my systems and, for a fee in Bitcoin, they will remove the malware and forget the nasty data that they discovered.

I’m both annoyed and amused by these messages -- and I never reply because there is no nasty data.

I’ve even received phone calls informing me that they have access to my computer and discovered some malware. They ask me to go to a website to receive help. It was interesting when I asked them to give me the IP address that they were using to access my computer. It was obvious that they didn’t seem to understand what an IP address is all about. One company called again (I recognized the voice) and gave my IP address as 192.168.1.1. As I recall, the computer was not powered at that time and anyone with a minimum of network knowledge would scoff at this. Besides, I wasn’t using that subnet.

Fortunately, my personal account receives relatively few of these messages. I need to use an aggressive spam filter on my business account and bounce stray emails. There seems to be some “quality control” used by the perpetrators because I find that they grow bored after receiving multiple machine generated rejection notices and none of their transmissions have been read by a human. Many of these spammers use trackers that confirm you’ve opened the email -- even if you have not replied or clicked on a link.

While likely to be “influencers”, I searched for “fedapush.net” and quickly found a couple sites with unfavorable comments and offered removal suggestions.

 

Userlevel 7
Badge +22

I just pulled up my security logs for the last week and fedapush is not in them so it likely isn’t Sonos related unless it is something voice related.

What router?

I just pulled up my security logs for the last week and fedapush is not in them so it likely isn’t Sonos related unless it is something voice related.

What router?

The router I use is a Deco (M5).

Yeah, I doubt that this is anything ‘reasonable’. Will try to contact support directy as soon as it is feasible.

Userlevel 7
Badge +22

Not really a lot of info out there on the Deco intrusion protection system but I’d be interested to hear what Sonos support has on the fedapush issue.

Userlevel 7
Badge +23

If the Playbar is a SonosNet node, and a device is hard-wired into its Ethernet port, it would be easy for a network scanner to be confused as to the source of some suspicious data.

If the Playbar is a SonosNet node, and a device is hard-wired into its Ethernet port, it would be easy for a network scanner to be confused as to the source of some suspicious data.

That is a great point. Not the case in my system as nothing is connected to the Ethernet port, but a good thing to check if someone else is looking for a solution in the future