1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

My router is hijacked...

Discussion in 'Networking & Security' started by jpierce55, Nov 20, 2011.

  1. jpierce55

    Joined:
    Oct 7, 2006
    Messages:
    1,335 (0.45/day)
    Thanks Received:
    91
    It happened after I was on Facebook. I received a virus last week, not exactly like the publicized one. It appears my router is hijacked as everything tests virus free now. One of my email accounts spammed everybody, and occasionally my page all the sudden goes to yahoo. Anybody know how to fix a hijacked router?

    My router page should be 192.168.2.1, and is identified so by cmd.exe, yet I can't access that.
     
  2. 1freedude

    1freedude

    Joined:
    Nov 16, 2007
    Messages:
    557 (0.22/day)
    Thanks Received:
    118
    reset it
     
  3. PVTCaboose1337

    PVTCaboose1337 Graphical Hacker

    Joined:
    Feb 1, 2006
    Messages:
    9,512 (2.95/day)
    Thanks Received:
    1,143
    Location:
    San Antonio, Texas
    If someone somehow got control of your router because you did not change the passwords from default you have a big advantage:

    YOU HAVE PHYSICAL CONTROL OF THE ROUTER. Best thing you can do is to hard reset all settings in the router, don't connect it to the web, and set a secure password / user.
     
  4. streetfighter 2

    streetfighter 2 New Member

    Joined:
    Jul 26, 2010
    Messages:
    1,658 (1.04/day)
    Thanks Received:
    732
    Location:
    Philly
    Sounds more like a virus modified your hosts file then hacked your router . . .

    If you're afraid your router was hijacked, which it vary likely isn't, just reset it by holding in the reset button and singing the first half of Tosca :rolleyes:. Also disable UPnP so viruses on your network aren't able to open ports for themselves.

    On the other hand you could post your HJT, and start running antivirus software like it was going out of style. :D
     
    Jetster and jpierce55 say thanks.
  5. oinkypig

    oinkypig

    Joined:
    Dec 17, 2005
    Messages:
    262 (0.08/day)
    Thanks Received:
    10
    run cmd, check up on what IP their accessing you on. They probably are getting access to your pc too through the network. Even if they hijacked the router they probably got into your network auditing settings that would allow them to access your pc. Even if you reset the router there may still be a chance of them being able to access your pc without you even knowing it. If you can figure it out and they actually have changed your domain's settings then you actually could gain access to their pc as well. It may only take their MAC address to gain access. Ehh. maybe a little more work then that, but its definitely possible.
    create you own netbios profile. use cmd and run ipconfig, netstat, net view, and nbtstat. Those will help you find out whos tracking you. also check on event viewer security settings. Itll tell you what IP they do run under. They don't need to have access to your router to access you computer over the network. May also wanta check your auditing settings and make sure they havent switched over to your administrator domain and privileges. You can do that by searching for your pcs group policies and then edit them back to their default values.
    -Theres workaround and access your pcs workgroup/domain through other computers on your network, using their domains as a way to disguise their own and gain access to your pc.
     
    Last edited: May 1, 2014
    jpierce55 and 1freedude say thanks.
  6. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,139 (6.11/day)
    Thanks Received:
    6,196
    I highly doubt it is your router that is hijacked. More than likely you have two things going on.

    1.) Your email account was compromised when you got the original virus. Now they can send emails to everyone in your address book from your address, they don't even need access to your email account anymore to do this(though changing your password would be wise anyway), it is extremely easy to spoof an email address.

    2.) You still have a piece of malware infecting your computer that is redirecting your browser to yahoo.

    What have you done to clean the virus, and make sure your PC is virus free?
     
    Crunching for Team TPU 50 Million points folded for TPU
  7. micropage7

    micropage7

    Joined:
    Mar 26, 2010
    Messages:
    6,099 (3.57/day)
    Thanks Received:
    1,418
    Location:
    Jakarta, Indonesia
    yeah i agree try reset it then check your pc, i guess your pc got hijacked or virus or something like that.
    since router/switch has no storage capability i guess the err come from your pc
     
  8. jpierce55

    Joined:
    Oct 7, 2006
    Messages:
    1,335 (0.45/day)
    Thanks Received:
    91
    I ran tdss root kill. Hijack this. I ran Malware Malbytes. I installed MS security essentials. I also ran the Microsoft Tool that boots up in ISO, that is what cleaned the virus.

    My email is web only, not sure if that matters.

    Edit: I also clean my browsers with bleachbit
     
    Last edited: Nov 20, 2011
  9. jpierce55

    Joined:
    Oct 7, 2006
    Messages:
    1,335 (0.45/day)
    Thanks Received:
    91
    Perhaps, I don't know what is going on. I don't know why I can't access the router settings page. I did try resetting the router, so it is probably something else.
     
  10. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,442 (1.98/day)
    Thanks Received:
    1,623
    Location:
    στο άλφα έως ωμέγα
    Run a few other virus tools, it does not take that long and may be worth the peace of mind.

    Emsisoft Anti-Malware 6.0

    Emsisoft Emergency Kit 1.0

    Superantispyware

    Then you need to re-set a few things, like, others in previous posts mentioned.

    And, maybe, these free software tools will help.
    You may get a false positive with some A/V or anti-malware packages, as these software packages are made to changes settings, some A/V and anti-malware don't like that.
    Feel free to run them through Virus-total, if you have doubts.

    Rizonesoft's WinSock Repair - still good and works, has been replaced with Rizonesoft's Complete Internet Repair - this is the best at ease of use for me.
    Then there is Tweaking.com's - Windows Repair all-in-one repair tool - which is ok, has a lot, but the gui is so-so for me.

    Try them (not all at once). You will, more than likely, need to re-boot after using them.
    Hope they help. Goodluck there.:)

    EDIT: Another tool to run, is the system file checker that is built into windows. Does what it says.

    Open a administrative command prompt, type "sfc /scannow" (without the quotes and put a space between the "c" and "/"), hit enter and let it do an integrity scan on the system files.
     
    Last edited: Nov 20, 2011
  11. v12dock

    v12dock

    Joined:
    Dec 18, 2008
    Messages:
    1,611 (0.74/day)
    Thanks Received:
    321
  12. theJesus

    theJesus

    Joined:
    Jul 20, 2008
    Messages:
    3,974 (1.71/day)
    Thanks Received:
    864
    Location:
    Ohio
    Yeah, check your hosts file for anything suspicious or out of place. Also check msconfig for any startup programs and services that look suspicious and disable them. You might want to do this in safe-mode since some viruses can detect you trying to disable them and just make a different file, etc.

    edit: Oh, and if you have another PC that you can toss the drive into, then it would be a good idea to run scans like that so there's no chance of viruses loading and interfering with the scan. You could also try using a boot-disk for the same purpose, like UBCD 4 Windows.
     
  13. oinkypig

    oinkypig

    Joined:
    Dec 17, 2005
    Messages:
    262 (0.08/day)
    Thanks Received:
    10
    If you cant access the router through the default gateway and you are wirelessly connected to it, then maybe the router has those connections set to a different IP range other then 192.168.2.x, that makes it so. That way you wouldn't be able to access it unless you had a direct link to the router. I'm fairly certain that can only be done manually though. make sure your IP falls within the default range of the router or just keep resetting it until it does. It has to properly reset eventually.
     
  14. erixx

    erixx

    Joined:
    Mar 24, 2010
    Messages:
    3,469 (2.03/day)
    Thanks Received:
    494
    WOW, AND ALL THIS SH*IT because you visitied Facebook? .... omg!

    apart from all the gloriouse tips from above, you can also install (download from official website) the software of the router, it should have a proggie that lets you config and RESET it.

    Then we have the phisical buton to RESET it on the router itself.

    good luck!
     
  15. jpierce55

    Joined:
    Oct 7, 2006
    Messages:
    1,335 (0.45/day)
    Thanks Received:
    91
    Yeah, and it was not the virus that made news last week. I seen a friend posted a new photo, when I clicked on that wham. The virus was attached to that photo. :(

    Resetting the router did not work. I find nothing on startup or system processes showing a virus. I'll keep digging.

    I tried 3 root kill softwares and still nothing :( I did the MS boot scan again and it found nothing. After I did all 4 I started typing an email (Firefox) and again it tried to redirect me to Yahoo. I might see if uninstalling and reinstalling the browser works.
     
    Last edited: Nov 20, 2011
  16. theJesus

    theJesus

    Joined:
    Jul 20, 2008
    Messages:
    3,974 (1.71/day)
    Thanks Received:
    864
    Location:
    Ohio
    That actually did work for me once on somebody's PC. Also, you might want to change your e-mail password.
     
  17. johnspack

    johnspack

    Joined:
    Oct 6, 2007
    Messages:
    4,382 (1.68/day)
    Thanks Received:
    865
    Location:
    Nelson B.C. Canada
    I would try running the Kaspersky rescue disk: http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/
    Also, to fully reset your router, use the 30/30/30 rule, hold the reset button for 30secs, while still holding in, unplug power from router and hold another 30secs, then plug the power back in and hold for 30secs more.
     
  18. jpierce55

    Joined:
    Oct 7, 2006
    Messages:
    1,335 (0.45/day)
    Thanks Received:
    91
    I have pounded and pounded. I MAY have succeeded. I had to reset all of my network settings, clean out IE explorer/Firefox again. For a little while I could not access some websites. Hopefully it is good now.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page