Spyware, Viruses, & Security forum


Router has been hijacked... what to do?

by Wolvenstrife / June 5, 2011 6:00 AM PDT

I have disconnected all computers from my router, run both antivirus and malware/spyware scans and all came up clean (using Trend Micro on 2 computers and Avast! on 2. Malwarebytes on all). I reset my router and have a new password. Yes, i previously had a password and only these 4 computers that we use have it. Still, the router is being hijacked and I have no clue what to do now. We get redirected every link we try to go to, certain programs will not work (getting unknown errors, or simply not running properly), viruses infect our computers as they please (specifically a fake windows security alert. Usually it renders everything useless and a system restore is required. Manually finding and eliminating it does not work), etc. But, this all does not happen when we go to another house and use a different router/internet connection. Please help, we are out of options.

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Router has been hijacked... what to do?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Router has been hijacked... what to do?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
What happens if you change ...
by Kees_B Forum moderator / June 5, 2011 6:13 AM PDT

only one variable in stead of three: same house, same internet connection, different router.


Collapse -
Unable to clarify
by Wolvenstrife / June 5, 2011 6:23 AM PDT

We don't have another router to try (my mom was against wireless for some reason until last year, which is when we bought it refurbished. Its a Netgear). and we don't have money for another, so we would rather get rid of whatever's on it. So, i can't really answer that question. Sorry =/

Collapse -
Are you using WEP or WAP
by TWB404 / June 5, 2011 7:22 AM PDT
In reply to: Unable to clarify

What security are you using to protect the wireless connection. Wep is a old and weak method and you should use WAP which is the latest and greatest as they say. I am going to link 2 pages for you to read. The first is to explain the difference between the 2 methods of securing your wireless connection. Its a simple explanation and you can do more research if you like but WAP is the best way to secure your wireless connection. The second is a link to Netgear wireless router setup manual. Since you did not give a model number you should look at the second link as a generic setup manual and somethings might be different. You can type in your search bar Netgear and model number to find the exact manual for your router. I read that your router came with a CD and it should have a link to take you to the manual at Netgear website. It is in PDF form. Take a look at chapter 4 about setting up WAP. Also take a look at chapter 5 about how to restore setting back to factory not just reset the password.



Collapse -
I'll try it
by Wolvenstrife / June 5, 2011 7:33 AM PDT

We use WAP. And, i'm pretty sure we did all of that, but it wont hurt to do it again following these instructions. Thank you. Will it fix my problem, though?

Collapse -
Just make sure
by TWB404 / June 5, 2011 8:53 AM PDT
In reply to: I'll try it

Just make sure you do a restore to factory settings. That will make the router as if it came from the factory. Also make sure that you pick a good password for the router and that you do not leave it laying around for prying eyes to find. The link below will help you with a good random password, the problem with that link is the password is long and I do not know many who can remember a number that long so you have to store it somewhere just in case. To test the randomness of the page just click refresh and each time it will give 3 new passwords. Feel free to read about how the passwords are being generated. Kind of fascinating.


This should keep the router from being hijacked. Now you need to make sure all puters hooked to it are virus free. The statement " We get redirected every link we try to go to, certain programs will not
work (getting unknown errors, or simply not running properly), viruses
infect our computers as they please (specifically a fake windows
security alert. Usually it renders everything useless and a system
restore is required. Manually finding and eliminating it does not work, makes me think that you have more then just a router hijacking problem. After resetting the router and setting a new password make sure each puter is clean before connecting to the router.

The link below will help you determine the effectiveness of the 2 AV programs you have.


You want to look at Retrospective/Proactive Test May 2011 to determine how well the AV programs detect Malware not in the virus data base. That means, in my opinion, how well it stops malware that is new and not know to the data bases. This is something you should research if you suspect that. On-Demand Comparative test show how well they detect the know virus. If you compare the results you will see that all of them catch the known virus in the high 90% range. The unknown stuff detection will fall to the high 50% range and make a dramatic fall off as they compare AV programs. Refer to page 4 of the Retrospective/Proactive Test May 2011 for the chart. Making sure that your puters are clean is the key once you reset the router and install a new password. I would only connect one at a time and use it for a day or 2 before hooking up the next one to help narrow it down in case one still has an infection. The other thing I would question is does the DSL or Broadband modem have a built in firewall. That helps tremendously. Call your provider or go to their site and research that. If it does, that should be stopping all unsolicited attacks, meaning that someone is pinging your modem and attacking thru it. After that you have to make sure that you have a good firewall installed on each puter. I can not help you much there because there is not a good site to do comparisons. I judge the firewall on puters by how easy it is to see and modify the whitelist and blacklist. I also like to have the ability to tell the firewall that a program has to ask to access the internet. In other words. I can tell the firewall one of 3 things. A program is blocked from accessing the internet. A program must ask permission to access the internet. A program has permission to access the internet. On my puter only 3 programs has direct permission to access the internet, my browser, host process for windows services, my chat program. I have 4 that must ask before accessing the internet. I block over 60 from any access at all. The link below will tell you how good the modem firewall is if it has one. The final result should be stealth. You will see what I mean when you run the test.


I hope this is not to long worded, but you ask if that will fix it. This I can not answer, I do know that if you use WPA encryption and a good password, the only people who will crack the wireless connection are the super freak crackers and I do not know if any of them live near you. lol Also you might be fighting a 2 prong battle, that is why I suggested that you check your machines and the AV and firewall programs. In the end I can only make suggestions based on prior experiences and hope they help you dig thru it. I wish you luck.
One last thought might help you determine where and how the problem is occurring. Bypass the router and hook only one machine at a time to the modem thru the LAN port and use that way for a day or 2. If none of the puters have problems and then you hook up the router and they come back then something is really wrong.

Collapse -
WAP is?
by R. Proffitt Forum moderator / June 5, 2011 2:11 PM PDT
In reply to: I'll try it
Collapse -
LMOMBO you caught a typo
by TWB404 / June 6, 2011 12:28 AM PDT
In reply to: WAP is?

Thanks John for pointing out the typo, please note that I put a link in the post that describe the difference between WEP and WPA. Just to help you put I will repost the link below.


Collapse -
We must be careful and ask for the OP to tell.
by R. Proffitt Forum moderator / June 6, 2011 12:58 AM PDT

I ran into an install where they insisted that since they were using a WAP that was secure since it was a known security that was hard to break. I had to count to 5 then begin the discussion.

All Answers

Collapse -
Regarding The Router Setup
by Grif Thomas Forum moderator / June 5, 2011 10:30 AM PDT

First, make sure to reset the router to its default settings by using the reset button or by using the internal router settings options.. Once that's done, be sure to change all that.. First, change the router administrator name and password.. The default settings for such are well know and if you don't change them, anyone accessing the network can change those settings.

Next, most routers have an option to disable wireless changes to those settings.. This makes sure that only a "wired" computer on the network can make changes to the settings on the router.. Once that's done, then be sure to create a complex, long, WPA or WPA2 password for those wanting wireless acces..

Next, hopefully you know that fake security alert malware on computers is generally NOT caused by a hacked network.. Instead, it's caused by poor surfing habits and malware on the internet itself.. Better security habits ON THE COMPUTER will generally prevent such problems.. Harden your browser or use a different browser so ActiveX and scripting attacks are stopped.. Use a better antimalware program.. And most importantly, prevent users from automatically clicking on the "OK" button when they see a fake alert scan appear.. Simply close the browser and start again.. Most fake alert malware requires the user to click on something so it can install.

Hope this helps.


Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.