I have already solved this problem, so I don't so much need advice but I would like to understand what happened. About 2 weeks ago, I received a nasty-gram from my ISP that I had an infected device on my network, and it was doing something that violated their TOS. I work with troubled kids and so this wasn't too shocking, though it's never happened before. I queried all the kids devices but couldn't find anything. About that same time, I noticed intermittent freezes on my home network, where no device could communicate either on home network or the internet. However, I didn't connect those two dots until the freezes got notably more frequent and longer in duration. It was then that I tried to log onto the webui of the router (Asus GT-AC 5300). I noticed that the traffic monitor utilities had all been turned off, (which I turned on to try to find the offending device). When I turned them on, they would be turned off again in a few minutes. I also noticed the CPU utilization of the router was high 90%, even if nobody was using the internet. Fairly obvious the infected device is the router itself, and it's probably being used to mine bitcoin or something. I attempted to reflash firmware, but that didn't seem to help. I know I used the webui to replace firmware. I think I also tried powering up the router while holding down the reset button, then connect with static IP. I wouldn't swear I did that; it was a long day. But I think I did. I replaced the router with a newer model that is still supported by firmware upgrades. So far everything looks normal. However, how common is this? Also any idea if there is a way to salvage this router? Maybe use it as an AIMesh node? OR better to just build a trebuchet and use this router for target practice? Thanks in advance for any knowledge you can impart.