Menu
What's new
By:
Filters Better Search

Router seems to have been hacked and I can't change it?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

mrmotivator

New Around Here
Hello,

I've got the RT-N66U router which I normally access via a static IP, however when I tried to access it using the h t t p : / / w w w .asusnetwork.net URL today, it tried redirecting me to this page (DO NOT CLICK THIS):

h t t p : / / fastrdr.com/us/65/index.php?s=220256201

This was detected as a thread and stopped by my antivirus:

tSIKXKj.png


It also seems to redirect to this page (ALSO DO NOT CLICK): http://ww1.asusnetwork.net/

Which looks like this:

SeGLoUC.png


The closest thing I can find about it is here: http://www.kb.cert.org/vuls/id/191750

However this is for a different router and just says to make sure I've got the most recent firmware, which I regularly check for and install as soon as it's available (I'm definitely on the most recent version, 3.0.0.4.374.5517).

I just have a few questions :)

  • How can I fix it?
  • What has caused it? (Is it machine or router based?)
  • How can I prevent it from happening again?
  • What effects will it have had other than the redirection?

Thanks for your help :)

(EDIT: Un-linked the malicious URL to avoid accidents and forum blacklisting. --RMerlin)
 
Last edited by a moderator:
Most likely reason is you have a DNS hijacker installed on your computer.

Download and run Malwarebytes Antimalware, and do a complete scan with it. Also double check that your computer is using your router's IP for DNS and not something else. Also check the content of C:\Windows\System32\drivers\etc\hosts for the presence of any suspicious IP (normally there's only one entry for the 127.0.0.1 loopback).

Also check what DNS are configured on your router, if you suspect that someone remotely accessed it and changed it.
 
Hi! Thanks for the reply :)

This seems to happen on any device connected to the router. If I do it on my phone I get redirected to a different site:

rNj0hLF.png


The router is set to Access Point mode from another router due to the layout of the building I'm in. DNS configuration looks like this (I'm not sure if this is right or not...):

N72kL5e.png


Thanks again!
 
Then look at your main router, as it is the one providing DNS services to your clients. The AP only bridges your clients with that main router.
 
Also note that the asusnetworks.com domain will only work properly if your main router is an Asus one, and is configured to handle DNS queries.
 
The bare a s u s n e t w o r k s . c o m domain seems to be vulnerable anyway.
The proper address should be the full: w w w . a s u s n e t w o r k s . c o m
The very best is to avoid those addresses and access the router by its IP address, by default 192.168.1.1
 
You must log in or register to reply here.

Similar threads

A
CloudFlare Proxied DNS, can't login to Asus router
Replies
10
Views
287
Crimliar
Crimliar
ddaenen1
Does it make sense to change my modem?
Replies
9
Views
803
coxhaus
C
B
Maximum number of concurrent DNS queries reached (max: 150)
Replies
5
Views
609
heysoundude
heysoundude
V
Flashed the wrong AX68U Firmware on your AX86U Mesh Router and Can't Reset? This is how I fixed it
Replies
4
Views
972
Tech9
Tech9
R
Has my ZenWifi XD5 (AX3000) router been compromised?
Replies
4
Views
709
L&LD
L&LD

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,317 (members: 24, guests: 1,293)
Top