Menu
What's new
By:
Filters Better Search

I think my routers been compromised

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

yarr said:
What do I do in this situation? Please have a look at this log
Click to expand...

There is no log attached.

Immediately disconnect from the internet. Do a full reset to factory defaults. Clear the NVRAM via the WPS method, format on next boot the jffs.

I would consider any file on the router not worth saving at this point.

Do a full minimal and manual configuration to secure your router and connect to your ISP.

I would repeat all the above after downloading the latest firmware again (even if it is only the same firmware you currently have installed) and flash the router and do the above steps again.
 
I had a similar situation and I suspect the hacking affected the ability to re-flash the router, it only worked with a smaller firmware (Merlin 378.55_0 ~28MB), and after that reflash, it worked with larger firmware.
Maybe that helps to save some days of struggle :)
 
Complete wipe and reflash as suggested already. Or, it’s a good excuse to buy a new router [emoji846]


Sent from my iPhone using Tapatalk
 
I bought a new router only to find out that the computers were infected with some kind of rootkit that survives using active kill disk. I just wasnt confident enough that I would pull off a proper reset/risk felt too high. I appreciate you all trying to help. Now it's time to figure out how to fix my other problem :(
 
Be sure that if/when you can remove the rootkits from the computers, that the router wasn't re-infected again too.

I'm positive you can do a proper reset to factory defaults. You can follow the steps in the links in my signature below.

Which router did you end up buying?
 
This sounds kind of funny but I'm afraid because it's a GT-AC5300 and all the bells and whistles give the sucker a better place to try and hide. The replacement is just an ASUS 1900 but now that I think about it maybe I should have got a different company this time around. Also, do you mean to say that it might be possible that the router could be infected again even if it hasn't been connected to a PC? Malware creators are buttheads. This is stressful
 
yarr said:
This sounds kind of funny but I'm afraid because it's a GT-AC5300 and all the bells and whistles give the sucker a better place to try and hide. The replacement is just an ASUS 1900 but now that I think about it maybe I should have got a different company this time around. Also, do you mean to say that it might be possible that the router could be infected again even if it hasn't been connected to a PC? Malware creators are buttheads. This is stressful
Click to expand...
From the limited information you have provided it sounds like your problems are entirely to do with your PC's and nothing to do with the router. So whilst it's not impossible that you have some malware that infected your router as well as your PC's IMHO it's extremely unlikely. Just for peace of mind you might want to perform a standard factory reset on router the after removing the malware from your PC's, but it's probably not necessary.
 
Last edited:
yarr said:
This sounds kind of funny but I'm afraid because it's a GT-AC5300 and all the bells and whistles give the sucker a better place to try and hide. The replacement is just an ASUS 1900 but now that I think about it maybe I should have got a different company this time around. Also, do you mean to say that it might be possible that the router could be infected again even if it hasn't been connected to a PC? Malware creators are buttheads. This is stressful
Click to expand...

I agree with ColinTaylor, but yes, the router need not be connected directly to a PC. Malware, once inside a network, can re-infect any device within that network again. 'Direct' connection not required, but wired or wireless, it is effectively a direct connection in any case.

You would not be any less susceptible using another router brand.

Your best move forward would be to take your whole network offline (unplug power, Internet (ISP) and all other Ethernet cables), remove the remaining malware from the computers, reset your router to factory defaults including formatting the jffs partition and doing a WPS NVRAM erase.

After verifying that there are no more devices infected within your network (make sure to double check any backups, NAS, USB drives, CD's, etc. where malware might reside, then you can connect to your ISP with your fully reset router, and then start connecting your devices again.

It sounds like a lot, but it is simply a little time-consuming to be this thorough.
 
You must log in or register to reply here.

Similar threads

S
I think my ASUS router somehow "poisoned" my AT&T's fiber gateway...
Replies
10
Views
355
SolidSonicTH
S
M
How to prevent being hacked again - Router & devices? 😢
2
Replies
24
Views
3K
LeilaBD
LeilaBD
StanleeSPUDwowski
Test for reliability of router - Bench test - throughput - ping load etc
Replies
14
Views
695
fruitcornbread
F
B
Was able to pinpoint my AX58U V1 as the culprit of ping spikes during wired gaming. What to do? Spectrum Internet
Replies
9
Views
530
sfx2000
sfx2000
S
AX86U - Unrecognized system log entries
Replies
6
Views
516
stockman
S
Similar threads
Thread starter Title Forum Replies Date
TheLostSwede Microsoft to block access to routers with USB storage in Windows 11 24H2 Routers 13
B 2 Huawei H122-373 routers! Routers 1
C Using 2 routers (no bridge), DDNS configuration not working Routers 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 594 (members: 23, guests: 571)
Top