Solved: Can a Linksys router be infected?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Aggy

Thread Starter
Joined
Feb 18, 2005
Messages
106
I've unplugged my infected computer and I have a clean computer I'm ready to connect through my router. Do routers get infected or am I safe to connect my clean computer up?
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
It's very rare but it can happen. It doesn't get infected from the computer, it would be more like if you didn't change the default username/password and have admin control allowable from the internet.
Then malware can be installed into the router allowing the remote user to gain access to the internal network.
 

Stoner

Banned
Joined
Oct 26, 2002
Messages
44,931
Just for information, I don't have a problem.
How would you determine a router is infected?
Can an infected router be 'cleaned' and if so, how?
 

Aggy

Thread Starter
Joined
Feb 18, 2005
Messages
106
Stoner I have the same question. I have successfully connected through this router, but the software tells me I'm not connected, even though I am, I'm using it now. I've changed the password again, but I am uneasy. I tried to call technical support only to be told I'm beyond warranty and have to pay to get support, then given a sales pitch for a new router and some kind of maintenance agreement to boot. wtf??
 
Joined
Aug 8, 2009
Messages
361
If you think your router is compromised, hit the reset button, which will clear any user settings. Then load the latest firmware, if you feel competent there. You will also have to reset your Wifi password/settings and redo the admin password.

Routers provide your PC with DNS addresses. These are the nameserver computers on the Internet that translate a techguy.org to its IP address (209.183.226.152). If the DNS address were changed to a hacked nameserver, they could give you the IP for a fake website. Some articles say we need to be wary when using public WIFI for example. The router could be using suspect DNS addresses. How do you know? You don't. So you can change the DNS address in Windows on a temporary or permanent basis. For people that want to do this, one place is OpenDNS.org. Bythe way, if you can set a DNS in windows, so can a virus.

Getting back to routers, some do allow user input of the DNS addresses. Others get them from the ISP. I have a Linksys WRT54G and I cannot see a way to change the DNS. I think the firmware would need to be hacked. You have to cooperate by having no passwords or a simple one that can be easily cracked. It seems pretty far fetched that someone would hack one user's home router, but an airport or hotel wifi network would be an inviting target.
 

Aggy

Thread Starter
Joined
Feb 18, 2005
Messages
106
Thank you very much. Mine too is WRT54G. I am loathe to reset it because my husband has his laptop configured to be online through this thing and I'm scared to mess up his connection. I might end up doing it anyway.
 

Aggy

Thread Starter
Joined
Feb 18, 2005
Messages
106
Rant on:

Forget this POS wireless router. I unplugged it and hooked up my old D-Link. I never wanted the wireless router in the first place; my husband made me get it so he could use his laptop in the den while he watches TV and it's been squirrelly all along. Maybe it has a virus and maybe it doesn't but I don't have time to screw around anymore. I've got to be packed up and out of this house in two weeks. I've already wasted way too much time on this amazing technology I'm despising more by the minute. Thank GOD I didn't throw out my D-Link. I just need a clean computer and a reasonably safe router so I can check my bank accounts to make sure they haven't all been emptied because of my infected main computer. Then I'm going to pack the whole sorry mess up and take it to the new house where I will either repair the infected computer or take it out back and empty a few dozen 9mm rounds into it.

Rant off

Now I will go take a Valium, eat some chocolate, and watch my soap opera.
 
Joined
Apr 9, 2010
Messages
10
I read some where that the linksys 54gl can get infected , theres plug some where to fix i'll have to re read and get back here
 
Joined
Mar 22, 2010
Messages
39
I have not, in ten years of residential and business IT support, seen an actual case of a malware infected router. I am not saying that it cannot happen. Your BIOS could get infected with a virus and still allow the computer to boot too (again, never seen it).

I have, however, seen spurious information entered into routers. It is usually my conclusion that the router has been compromised either via an externally accessible remote control panel (a "feature" of the router) or that the wireless network has been compromised because it is either not secured or someone cracked the WEP.

If we are referring to the Zlob trojan, then it would be a misnomer to say the router is infected. The Zlob trojan will alter the DNS settings of the router, but this is easily fixed by resetting the router or changing the DNS settings back (once the Zlob infection has been removed, of course).

In April of 2009, a botnet named psyb0t was identified that would attack external remote control "features" of router with weak passwords. Again, the router itself doesn't not become infected, merely compromised. To fix this, reset the router and disable remote access. Also, this attack did not utilize an exploit in the router firmware, but rather the fact that the passwords were weak.

And then there is the Chuck Norris botnet... Well, this, I suppose you could call an infection of a router. And what do you know, it is caused by the remote access "feature." It also only affects D-Link routers. Reset the router and disable remote access.
 
Joined
Mar 22, 2010
Messages
39
Just for information, I don't have a problem.
How would you determine a router is infected?
Can an infected router be 'cleaned' and if so, how?
To determine if your router has been tampered with, log in to the configuration and validate all of your settings. Really if you find any settings that are not what you set them to, your router has likely been compromised (if you have kids, they probably did it).

To date, I am not aware of any problems that cannot be "cleaned" by doing a factory reset on the device. The worst of the infections is the Chuck Norris botnet which actually runs as a memory-resident program in the router's RAM. This can be cleaned by power cycling the router.
 

Aggy

Thread Starter
Joined
Feb 18, 2005
Messages
106
Thanks for these replies. This is very helpful. The information does appear to be normal. I doubt the router has been compromised. I'm learning stuff in this thread I didn't know. :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top