• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

My router is hijacked...

Joined
Oct 7, 2006
Messages
1,335 (0.32/day)
Likes
90
Processor e8200 3.93mhz@1.264v
Motherboard P5E3 Pro
Cooling Scythe Infinity
Memory 4gb of G.Skill Ripjaw 6-7-7-18@1404 and 1.62v
Video Card(s) HIS 5770 v2 940/1275mhz stock volts
Storage 1TB Hitachi
Display(s) Acer 22" Widescreen LCD
Case Blue Cooler Master Centurion
Audio Device(s) Onboard audio :(, and Klipsch 5.1 Pro Media's
Power Supply 650 Watt BFG
Software Vista 64 Ultimate
#1
It happened after I was on Facebook. I received a virus last week, not exactly like the publicized one. It appears my router is hijacked as everything tests virus free now. One of my email accounts spammed everybody, and occasionally my page all the sudden goes to yahoo. Anybody know how to fix a hijacked router?

My router page should be 192.168.2.1, and is identified so by cmd.exe, yet I can't access that.
 
Joined
Nov 16, 2007
Messages
557 (0.15/day)
Likes
118
Processor i7 920
Motherboard SABERTOOTH X58
Cooling Fans
Memory 24 GB Kingston HyperX 1600
Video Card(s) gtx460
Storage spinners
Display(s) Dell 2001F
Case Lian Li
Audio Device(s) onboard
Power Supply X750
Software win 7 x64 pro
Benchmark Scores fast...
#2
reset it
 

PVTCaboose1337

Graphical Hacker
Joined
Feb 1, 2006
Messages
9,501 (2.18/day)
Likes
1,097
Location
Dallas, Texas
System Name Whim
Processor Intel Core i5 2500k @ 4.4ghz
Motherboard Asus P8Z77-V LX
Cooling Cooler Master Hyper 212+
Memory 2 x 4GB G.Skill Ripjaws @ 1600mhz
Video Card(s) Gigabyte GTX 670 2gb
Storage Samsung 840 Pro 256gb, WD 2TB Black
Display(s) Shimian QH270 (1440p), Asus VE228 (1080p)
Case Cooler Master 430 Elite
Audio Device(s) Onboard > PA2V2 Amp > Senn 595's
Power Supply Corsair 750w
Software Windows 8.1 (Tweaked)
#3
If someone somehow got control of your router because you did not change the passwords from default you have a big advantage:

YOU HAVE PHYSICAL CONTROL OF THE ROUTER. Best thing you can do is to hard reset all settings in the router, don't connect it to the web, and set a secure password / user.
 
Joined
Jul 26, 2010
Messages
1,655 (0.61/day)
Likes
729
Location
Philly
System Name Primary Rig
Processor Phenom II X4 B50 @ 3.7GHz
Motherboard Biostar TA790GX 128M
Cooling Sunbeam CR-CCTF 120mm , 6x120mm, MOS-C1
Memory 2x2GB Kingston HyperX 1066 @ 800 4-4-4-12
Video Card(s) Sapphire HD 5830 800/1000 @ 885/1225
Storage 320GB, 400GB, 500GB, 1.5TB
Display(s) Hannspree HF259
Case CM 690
Power Supply OCZ 850W
Benchmark Scores 3Dmark06: 18545/5219 CPU Mark 7.0: 3911.2 Cinebench R10: 11826/3359 x264 HD 2.0: 75.6/23.9
#4
Sounds more like a virus modified your hosts file then hacked your router . . .

If you're afraid your router was hijacked, which it vary likely isn't, just reset it by holding in the reset button and singing the first half of Tosca :rolleyes:. Also disable UPnP so viruses on your network aren't able to open ports for themselves.

On the other hand you could post your HJT, and start running antivirus software like it was going out of style. :D
 
Joined
Dec 17, 2005
Messages
311 (0.07/day)
Likes
27
System Name The Green Lantern Core
Processor X5675@4.8Ghz|Intel Core i7 920 2.66 @ 4.48Ghz
Motherboard ASUS P6T Deluxe LGA 1366 Intel X58
Cooling Thermalright True Black Ultra-120 Extreme | pk-3
Memory 16Gb Trident DDR3 2400Mhz@2095Mhz | 10-9-10-20
Video Card(s) X1800xt | BFG GTX 280 Fact. O/C
Storage 3XVertex 4 128gb RAID 0
Display(s) 3xDell fpw 2005 20.1" 3150x1680
Case Tt Black Armor
Audio Device(s) Creative X-FI Fatality platinum | Extrememusic x-fi
Power Supply XION AXP Lan-Party Edition 1000w modular
Benchmark Scores 9260-8i blows
#5
run cmd, check up on what IP their accessing you on. They probably are getting access to your pc too through the network. Even if they hijacked the router they probably got into your network auditing settings that would allow them to access your pc. Even if you reset the router there may still be a chance of them being able to access your pc without you even knowing it. If you can figure it out and they actually have changed your domain's settings then you actually could gain access to their pc as well. It may only take their MAC address to gain access. Ehh. maybe a little more work then that, but its definitely possible.
create you own netbios profile. use cmd and run ipconfig, netstat, net view, and nbtstat. Those will help you find out whos tracking you. also check on event viewer security settings. Itll tell you what IP they do run under. They don't need to have access to your router to access you computer over the network. May also wanta check your auditing settings and make sure they havent switched over to your administrator domain and privileges. You can do that by searching for your pcs group policies and then edit them back to their default values.
-Theres workaround and access your pcs workgroup/domain through other computers on your network, using their domains as a way to disguise their own and gain access to your pc.
 
Last edited:

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
24,413 (5.50/day)
Likes
10,547
Location
Indiana, USA
Processor Intel Core i7 8700K@4.8GHz(Quick and dirty)
Motherboard AsRock Z370 Taichi
Cooling Corsair H110i GTX
Memory 32GB Corsair DDR4-3000
Video Card(s) PNY XLR8 GTX1060 6GB
Storage 480GB Crucial MX200 + 2TB Seagate Solid State Hybrid Drive with 128GB OCZ Synapse SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#6
I highly doubt it is your router that is hijacked. More than likely you have two things going on.

1.) Your email account was compromised when you got the original virus. Now they can send emails to everyone in your address book from your address, they don't even need access to your email account anymore to do this(though changing your password would be wise anyway), it is extremely easy to spoof an email address.

2.) You still have a piece of malware infecting your computer that is redirecting your browser to yahoo.

What have you done to clean the virus, and make sure your PC is virus free?
 
Joined
Mar 26, 2010
Messages
7,680 (2.69/day)
Likes
1,998
Location
Jakarta, Indonesia
System Name micropage7
Processor Intel G4400
Motherboard MSI B150M Bazooka D3
Cooling Stock ( Lapped )
Memory 16 Gb Team Xtreem DDR3
Video Card(s) Nvidia GTX460
Storage Seagate 1 TB, 5oo Gb and SSD A-Data 128 Gb
Display(s) LG 19 inch LCD Wide Screen
Case HP dx6120 MT
Audio Device(s) Stock
Power Supply Be Quiet 600 Watt
Software Windows 7 64-bit
Benchmark Scores Classified
#7
yeah i agree try reset it then check your pc, i guess your pc got hijacked or virus or something like that.
since router/switch has no storage capability i guess the err come from your pc
 
Joined
Oct 7, 2006
Messages
1,335 (0.32/day)
Likes
90
Processor e8200 3.93mhz@1.264v
Motherboard P5E3 Pro
Cooling Scythe Infinity
Memory 4gb of G.Skill Ripjaw 6-7-7-18@1404 and 1.62v
Video Card(s) HIS 5770 v2 940/1275mhz stock volts
Storage 1TB Hitachi
Display(s) Acer 22" Widescreen LCD
Case Blue Cooler Master Centurion
Audio Device(s) Onboard audio :(, and Klipsch 5.1 Pro Media's
Power Supply 650 Watt BFG
Software Vista 64 Ultimate
#8
I ran tdss root kill. Hijack this. I ran Malware Malbytes. I installed MS security essentials. I also ran the Microsoft Tool that boots up in ISO, that is what cleaned the virus.

My email is web only, not sure if that matters.

Edit: I also clean my browsers with bleachbit
 
Last edited:
Joined
Oct 7, 2006
Messages
1,335 (0.32/day)
Likes
90
Processor e8200 3.93mhz@1.264v
Motherboard P5E3 Pro
Cooling Scythe Infinity
Memory 4gb of G.Skill Ripjaw 6-7-7-18@1404 and 1.62v
Video Card(s) HIS 5770 v2 940/1275mhz stock volts
Storage 1TB Hitachi
Display(s) Acer 22" Widescreen LCD
Case Blue Cooler Master Centurion
Audio Device(s) Onboard audio :(, and Klipsch 5.1 Pro Media's
Power Supply 650 Watt BFG
Software Vista 64 Ultimate
#9
Sounds more like a virus modified your hosts file then hacked your router . . .

. :D
Perhaps, I don't know what is going on. I don't know why I can't access the router settings page. I did try resetting the router, so it is probably something else.
 
Joined
Oct 12, 2008
Messages
5,659 (1.67/day)
Likes
2,608
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
#10
Run a few other virus tools, it does not take that long and may be worth the peace of mind.

Emsisoft Anti-Malware 6.0

Emsisoft Emergency Kit 1.0

Superantispyware

Then you need to re-set a few things, like, others in previous posts mentioned.

And, maybe, these free software tools will help.
You may get a false positive with some A/V or anti-malware packages, as these software packages are made to changes settings, some A/V and anti-malware don't like that.
Feel free to run them through Virus-total, if you have doubts.

Rizonesoft's WinSock Repair - still good and works, has been replaced with Rizonesoft's Complete Internet Repair - this is the best at ease of use for me.
Then there is Tweaking.com's - Windows Repair all-in-one repair tool - which is ok, has a lot, but the gui is so-so for me.

Try them (not all at once). You will, more than likely, need to re-boot after using them.
Hope they help. Goodluck there.:)

EDIT: Another tool to run, is the system file checker that is built into windows. Does what it says.

Open a administrative command prompt, type "sfc /scannow" (without the quotes and put a space between the "c" and "/"), hit enter and let it do an integrity scan on the system files.
 
Last edited:
Joined
Dec 18, 2008
Messages
1,837 (0.55/day)
Likes
528
System Name Computer
Processor 1700X
Motherboard CH6
Cooling Custom Loop
Memory G.Skill 32GB
Video Card(s) GTX 1070
Storage 500GB Samsung 850 Evo Msata
Display(s) LG 23" IPS
Power Supply Seasonic 760 Platinum
Software Windows 8.1 64-Bit
#11
Joined
Jul 20, 2008
Messages
4,016 (1.16/day)
Likes
900
Location
Ohio
System Name Desktop|| Virtual Host 0
Processor Intel Core i5 2500-K @ 4.3ghz || 2x Xeon L5630 (total 8 cores, 16 threads)
Motherboard ASUS P8Z68-V || Dell PowerEdge R710 (Intel 5520 chipset)
Cooling Corsair Hydro H100 || Stock hotplug fans and passive heatsinks
Memory 4x4gb Corsair Vengeance DDR3 1600 || 12x4gb Hynix DDR3 1066 FB-DIMMs
Video Card(s) MSI GTX 760 Gaming Twin Frozr 4GB OC || Don't know, don't care
Storage Hitachi 7K3000 2TB || 6x300gb 15k rpm SAS internal hotswap, 12x3tb Seagate NAS drives in enclosure
Display(s) ViewSonic VA2349S || remote iDRAC KVM console
Case Antec P280 || Dell PowerEdge R710
Audio Device(s) HRT MusicStreamer II+ and Focusrite Scarlett 18i8 || Don't know, don't care
Power Supply SeaSonic X650 Gold || 2x870w hot-swappable
Mouse Logitech G500 || remote iDRAC KVM console
Keyboard Logitech G510 || remote iDRAC KVM console
Software Win7 Ultimate x64 || VMware vSphere 6.0 with vCenter Server 6.0
Benchmark Scores Over 9000 on the scouter
#12
Sounds more like a virus modified your hosts file then hacked your router . . .
Yeah, check your hosts file for anything suspicious or out of place. Also check msconfig for any startup programs and services that look suspicious and disable them. You might want to do this in safe-mode since some viruses can detect you trying to disable them and just make a different file, etc.

edit: Oh, and if you have another PC that you can toss the drive into, then it would be a good idea to run scans like that so there's no chance of viruses loading and interfering with the scan. You could also try using a boot-disk for the same purpose, like UBCD 4 Windows.
 
Joined
Dec 17, 2005
Messages
311 (0.07/day)
Likes
27
System Name The Green Lantern Core
Processor X5675@4.8Ghz|Intel Core i7 920 2.66 @ 4.48Ghz
Motherboard ASUS P6T Deluxe LGA 1366 Intel X58
Cooling Thermalright True Black Ultra-120 Extreme | pk-3
Memory 16Gb Trident DDR3 2400Mhz@2095Mhz | 10-9-10-20
Video Card(s) X1800xt | BFG GTX 280 Fact. O/C
Storage 3XVertex 4 128gb RAID 0
Display(s) 3xDell fpw 2005 20.1" 3150x1680
Case Tt Black Armor
Audio Device(s) Creative X-FI Fatality platinum | Extrememusic x-fi
Power Supply XION AXP Lan-Party Edition 1000w modular
Benchmark Scores 9260-8i blows
#13
If you cant access the router through the default gateway and you are wirelessly connected to it, then maybe the router has those connections set to a different IP range other then 192.168.2.x, that makes it so. That way you wouldn't be able to access it unless you had a direct link to the router. I'm fairly certain that can only be done manually though. make sure your IP falls within the default range of the router or just keep resetting it until it does. It has to properly reset eventually.
 
Joined
Mar 24, 2010
Messages
4,598 (1.61/day)
Likes
921
Location
Independent in Imperialistic
System Name Oh the name!
Processor i7 7700K
Motherboard MSI Z270 Xpower
Cooling EK 360 Extreme
Memory 16Gb G.Skill TridentZ 3866
Video Card(s) nVidia 1080 Ti Flanders Edition
Storage 1 Intel PCIE SSD750, 2 Sam 840Evo 1TB SSD, WD Black 2TB, Toshiba 3TB
Display(s) Acer Predator X1 (32")
Case Rajintek Paean
Audio Device(s) onboard
Power Supply Corsair AX860
Mouse Mad Catz Pro X
Keyboard Corsair K70
Software W10Pro
#14
WOW, AND ALL THIS SH*IT because you visitied Facebook? .... omg!

apart from all the gloriouse tips from above, you can also install (download from official website) the software of the router, it should have a proggie that lets you config and RESET it.

Then we have the phisical buton to RESET it on the router itself.

good luck!
 
Joined
Oct 7, 2006
Messages
1,335 (0.32/day)
Likes
90
Processor e8200 3.93mhz@1.264v
Motherboard P5E3 Pro
Cooling Scythe Infinity
Memory 4gb of G.Skill Ripjaw 6-7-7-18@1404 and 1.62v
Video Card(s) HIS 5770 v2 940/1275mhz stock volts
Storage 1TB Hitachi
Display(s) Acer 22" Widescreen LCD
Case Blue Cooler Master Centurion
Audio Device(s) Onboard audio :(, and Klipsch 5.1 Pro Media's
Power Supply 650 Watt BFG
Software Vista 64 Ultimate
#15
Yeah, and it was not the virus that made news last week. I seen a friend posted a new photo, when I clicked on that wham. The virus was attached to that photo. :(

Resetting the router did not work. I find nothing on startup or system processes showing a virus. I'll keep digging.

I tried 3 root kill softwares and still nothing :( I did the MS boot scan again and it found nothing. After I did all 4 I started typing an email (Firefox) and again it tried to redirect me to Yahoo. I might see if uninstalling and reinstalling the browser works.
 
Last edited:
Joined
Jul 20, 2008
Messages
4,016 (1.16/day)
Likes
900
Location
Ohio
System Name Desktop|| Virtual Host 0
Processor Intel Core i5 2500-K @ 4.3ghz || 2x Xeon L5630 (total 8 cores, 16 threads)
Motherboard ASUS P8Z68-V || Dell PowerEdge R710 (Intel 5520 chipset)
Cooling Corsair Hydro H100 || Stock hotplug fans and passive heatsinks
Memory 4x4gb Corsair Vengeance DDR3 1600 || 12x4gb Hynix DDR3 1066 FB-DIMMs
Video Card(s) MSI GTX 760 Gaming Twin Frozr 4GB OC || Don't know, don't care
Storage Hitachi 7K3000 2TB || 6x300gb 15k rpm SAS internal hotswap, 12x3tb Seagate NAS drives in enclosure
Display(s) ViewSonic VA2349S || remote iDRAC KVM console
Case Antec P280 || Dell PowerEdge R710
Audio Device(s) HRT MusicStreamer II+ and Focusrite Scarlett 18i8 || Don't know, don't care
Power Supply SeaSonic X650 Gold || 2x870w hot-swappable
Mouse Logitech G500 || remote iDRAC KVM console
Keyboard Logitech G510 || remote iDRAC KVM console
Software Win7 Ultimate x64 || VMware vSphere 6.0 with vCenter Server 6.0
Benchmark Scores Over 9000 on the scouter
#16
I might see if uninstalling and reinstalling the browser works.
That actually did work for me once on somebody's PC. Also, you might want to change your e-mail password.
 
Joined
Oct 6, 2007
Messages
5,154 (1.37/day)
Likes
1,219
Location
Nelson B.C. Canada
System Name Blacknet
Processor E5-1650 Xeon @ 4.7Ghz
Motherboard Asus P9X79 Pro
Cooling Noctua NH-D14/7case fans
Memory 32gb Gskill 1866 Cas9
Video Card(s) Asus Strix GTX970 OC
Storage 2x Toshiba 3TB, Seagate 2TB, 2x EVO 850 250GB
Display(s) 27" Asus VS278Q 1ms
Case Antec 1200
Audio Device(s) Soundblaster Z + AKG Q701 Studio Monitors
Power Supply XFX XTR 750 Gold
Mouse Corsair Vengeance M95
Keyboard Cheap Azio
Software Kubuntu 17.10, Win7 x64 SP1 Ultimate
Benchmark Scores Average....
#17
I would try running the Kaspersky rescue disk: http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/
Also, to fully reset your router, use the 30/30/30 rule, hold the reset button for 30secs, while still holding in, unplug power from router and hold another 30secs, then plug the power back in and hold for 30secs more.
 
Joined
Oct 7, 2006
Messages
1,335 (0.32/day)
Likes
90
Processor e8200 3.93mhz@1.264v
Motherboard P5E3 Pro
Cooling Scythe Infinity
Memory 4gb of G.Skill Ripjaw 6-7-7-18@1404 and 1.62v
Video Card(s) HIS 5770 v2 940/1275mhz stock volts
Storage 1TB Hitachi
Display(s) Acer 22" Widescreen LCD
Case Blue Cooler Master Centurion
Audio Device(s) Onboard audio :(, and Klipsch 5.1 Pro Media's
Power Supply 650 Watt BFG
Software Vista 64 Ultimate
#18
I have pounded and pounded. I MAY have succeeded. I had to reset all of my network settings, clean out IE explorer/Firefox again. For a little while I could not access some websites. Hopefully it is good now.