Question

Router has been hijacked... what to do?

I have disconnected all computers from my router, run both antivirus and malware/spyware scans and all came up clean (using Trend Micro on 2 computers and Avast! on 2. Malwarebytes on all). I reset my router and have a new password. Yes, i previously had a password and only these 4 computers that we use have it. Still, the router is being hijacked and I have no clue what to do now. We get redirected every link we try to go to, certain programs will not work (getting unknown errors, or simply not running properly), viruses infect our computers as they please (specifically a fake windows security alert. Usually it renders everything useless and a system restore is required. Manually finding and eliminating it does not work), etc. But, this all does not happen when we go to another house and use a different router/internet connection. Please help, we are out of options.

Discussion is locked
Follow
Reply to: Router has been hijacked... what to do?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Router has been hijacked... what to do?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Clarification Request
What happens if you change ...

only one variable in stead of three: same house, same internet connection, different router.

Kees

- Collapse -
Unable to clarify

We don't have another router to try (my mom was against wireless for some reason until last year, which is when we bought it refurbished. Its a Netgear). and we don't have money for another, so we would rather get rid of whatever's on it. So, i can't really answer that question. Sorry =/

- Collapse -
Are you using WEP or WAP

What security are you using to protect the wireless connection. Wep is a old and weak method and you should use WAP which is the latest and greatest as they say. I am going to link 2 pages for you to read. The first is to explain the difference between the 2 methods of securing your wireless connection. Its a simple explanation and you can do more research if you like but WAP is the best way to secure your wireless connection. The second is a link to Netgear wireless router setup manual. Since you did not give a model number you should look at the second link as a generic setup manual and somethings might be different. You can type in your search bar Netgear and model number to find the exact manual for your router. I read that your router came with a CD and it should have a link to take you to the manual at Netgear website. It is in PDF form. Take a look at chapter 4 about setting up WAP. Also take a look at chapter 5 about how to restore setting back to factory not just reset the password.


http://www.home-wlan.com/WEP-vs-WPA.html

http://kbserver.netgear.com/pdf/rp614v3_setup_manual.pdf

- Collapse -
I'll try it

We use WAP. And, i'm pretty sure we did all of that, but it wont hurt to do it again following these instructions. Thank you. Will it fix my problem, though?

- Collapse -
Just make sure

Just make sure you do a restore to factory settings. That will make the router as if it came from the factory. Also make sure that you pick a good password for the router and that you do not leave it laying around for prying eyes to find. The link below will help you with a good random password, the problem with that link is the password is long and I do not know many who can remember a number that long so you have to store it somewhere just in case. To test the randomness of the page just click refresh and each time it will give 3 new passwords. Feel free to read about how the passwords are being generated. Kind of fascinating.

https://www.grc.com/passwords.htm

This should keep the router from being hijacked. Now you need to make sure all puters hooked to it are virus free. The statement " We get redirected every link we try to go to, certain programs will not
work (getting unknown errors, or simply not running properly), viruses
infect our computers as they please (specifically a fake windows
security alert. Usually it renders everything useless and a system
restore is required. Manually finding and eliminating it does not work, makes me think that you have more then just a router hijacking problem. After resetting the router and setting a new password make sure each puter is clean before connecting to the router.

The link below will help you determine the effectiveness of the 2 AV programs you have.

http://www.av-comparatives.org/en/comparativesreviews/detection-test

You want to look at Retrospective/Proactive Test May 2011 to determine how well the AV programs detect Malware not in the virus data base. That means, in my opinion, how well it stops malware that is new and not know to the data bases. This is something you should research if you suspect that. On-Demand Comparative test show how well they detect the know virus. If you compare the results you will see that all of them catch the known virus in the high 90% range. The unknown stuff detection will fall to the high 50% range and make a dramatic fall off as they compare AV programs. Refer to page 4 of the Retrospective/Proactive Test May 2011 for the chart. Making sure that your puters are clean is the key once you reset the router and install a new password. I would only connect one at a time and use it for a day or 2 before hooking up the next one to help narrow it down in case one still has an infection. The other thing I would question is does the DSL or Broadband modem have a built in firewall. That helps tremendously. Call your provider or go to their site and research that. If it does, that should be stopping all unsolicited attacks, meaning that someone is pinging your modem and attacking thru it. After that you have to make sure that you have a good firewall installed on each puter. I can not help you much there because there is not a good site to do comparisons. I judge the firewall on puters by how easy it is to see and modify the whitelist and blacklist. I also like to have the ability to tell the firewall that a program has to ask to access the internet. In other words. I can tell the firewall one of 3 things. A program is blocked from accessing the internet. A program must ask permission to access the internet. A program has permission to access the internet. On my puter only 3 programs has direct permission to access the internet, my browser, host process for windows services, my chat program. I have 4 that must ask before accessing the internet. I block over 60 from any access at all. The link below will tell you how good the modem firewall is if it has one. The final result should be stealth. You will see what I mean when you run the test.

https://www.grc.com/x/ne.dll?bh0bkyd2

I hope this is not to long worded, but you ask if that will fix it. This I can not answer, I do know that if you use WPA encryption and a good password, the only people who will crack the wireless connection are the super freak crackers and I do not know if any of them live near you. lol Also you might be fighting a 2 prong battle, that is why I suggested that you check your machines and the AV and firewall programs. In the end I can only make suggestions based on prior experiences and hope they help you dig thru it. I wish you luck.
One last thought might help you determine where and how the problem is occurring. Bypass the router and hook only one machine at a time to the modem thru the LAN port and use that way for a day or 2. If none of the puters have problems and then you hook up the router and they come back then something is really wrong.

- Collapse -
WAP is?
- Collapse -
LMOMBO you caught a typo

Thanks John for pointing out the typo, please note that I put a link in the post that describe the difference between WEP and WPA. Just to help you put I will repost the link below.

http://www.home-wlan.com/WEP-vs-WPA.html

- Collapse -
We must be careful and ask for the OP to tell.

I ran into an install where they insisted that since they were using a WAP that was secure since it was a known security that was hard to break. I had to count to 5 then begin the discussion.
Bob

- Collapse -
Answer
Regarding The Router Setup

First, make sure to reset the router to its default settings by using the reset button or by using the internal router settings options.. Once that's done, be sure to change all that.. First, change the router administrator name and password.. The default settings for such are well know and if you don't change them, anyone accessing the network can change those settings.

Next, most routers have an option to disable wireless changes to those settings.. This makes sure that only a "wired" computer on the network can make changes to the settings on the router.. Once that's done, then be sure to create a complex, long, WPA or WPA2 password for those wanting wireless acces..

Next, hopefully you know that fake security alert malware on computers is generally NOT caused by a hacked network.. Instead, it's caused by poor surfing habits and malware on the internet itself.. Better security habits ON THE COMPUTER will generally prevent such problems.. Harden your browser or use a different browser so ActiveX and scripting attacks are stopped.. Use a better antimalware program.. And most importantly, prevent users from automatically clicking on the "OK" button when they see a fake alert scan appear.. Simply close the browser and start again.. Most fake alert malware requires the user to click on something so it can install.

Hope this helps.

Grif

CNET Forums