# Solved: Can a Linksys router be infected?



## Aggy (Feb 19, 2005)

I've unplugged my infected computer and I have a clean computer I'm ready to connect through my router. Do routers get infected or am I safe to connect my clean computer up?


----------



## Phantom010 (Mar 9, 2009)

Yes, routers can be infected.


----------



## Cheeseball81 (Mar 3, 2004)

It's very rare but it can happen. It doesn't get infected from the computer, it would be more like if you didn't change the default username/password and have admin control allowable from the internet.
Then malware can be installed into the router allowing the remote user to gain access to the internal network.


----------



## Aggy (Feb 19, 2005)

Okay, thank you!


----------



## Cheeseball81 (Mar 3, 2004)

:up:


----------



## alexcarlson (Mar 9, 2010)

Hi,
I think routers will be infected.
Thanks


----------



## Stoner (Oct 26, 2002)

Just for information, I don't have a problem.
How would you determine a router is infected? 
Can an infected router be 'cleaned' and if so, how?


----------



## Aggy (Feb 19, 2005)

Stoner I have the same question. I have successfully connected through this router, but the software tells me I'm not connected, even though I am, I'm using it now. I've changed the password again, but I am uneasy. I tried to call technical support only to be told I'm beyond warranty and have to pay to get support, then given a sales pitch for a new router and some kind of maintenance agreement to boot. wtf??


----------



## antimoth (Aug 8, 2009)

If you think your router is compromised, hit the reset button, which will clear any user settings. Then load the latest firmware, if you feel competent there. You will also have to reset your Wifi password/settings and redo the admin password.

Routers provide your PC with DNS addresses. These are the nameserver computers on the Internet that translate a techguy.org to its IP address (209.183.226.152). If the DNS address were changed to a hacked nameserver, they could give you the IP for a fake website. Some articles say we need to be wary when using public WIFI for example. The router could be using suspect DNS addresses. How do you know? You don't. So you can change the DNS address in Windows on a temporary or permanent basis. For people that want to do this, one place is OpenDNS.org. Bythe way, if you can set a DNS in windows, so can a virus.

Getting back to routers, some do allow user input of the DNS addresses. Others get them from the ISP. I have a Linksys WRT54G and I cannot see a way to change the DNS. I think the firmware would need to be hacked. You have to cooperate by having no passwords or a simple one that can be easily cracked. It seems pretty far fetched that someone would hack one user's home router, but an airport or hotel wifi network would be an inviting target.


----------



## Aggy (Feb 19, 2005)

Thank you very much. Mine too is WRT54G. I am loathe to reset it because my husband has his laptop configured to be online through this thing and I'm scared to mess up his connection. I might end up doing it anyway.


----------



## Aggy (Feb 19, 2005)

Rant on:

Forget this POS wireless router. I unplugged it and hooked up my old D-Link. I never wanted the wireless router in the first place; my husband made me get it so he could use his laptop in the den while he watches TV and it's been squirrelly all along. Maybe it has a virus and maybe it doesn't but I don't have time to screw around anymore. I've got to be packed up and out of this house in two weeks. I've already wasted way too much time on this amazing technology I'm despising more by the minute. Thank GOD I didn't throw out my D-Link. I just need a clean computer and a reasonably safe router so I can check my bank accounts to make sure they haven't all been emptied because of my infected main computer. Then I'm going to pack the whole sorry mess up and take it to the new house where I will either repair the infected computer or take it out back and empty a few dozen 9mm rounds into it.

Rant off

Now I will go take a Valium, eat some chocolate, and watch my soap opera.


----------



## KingZeus (Apr 9, 2010)

I read some where that the linksys 54gl can get infected , theres plug some where to fix i'll have to re read and get back here


----------



## phyrtech (Mar 22, 2010)

I have not, in ten years of residential and business IT support, seen an actual case of a malware infected router. I am not saying that it cannot happen. Your BIOS could get infected with a virus and still allow the computer to boot too (again, never seen it).

I have, however, seen spurious information entered into routers. It is usually my conclusion that the router has been compromised either via an externally accessible remote control panel (a "feature" of the router) or that the wireless network has been compromised because it is either not secured or someone cracked the WEP.

If we are referring to the Zlob trojan, then it would be a misnomer to say the router is infected. The Zlob trojan will alter the DNS settings of the router, but this is easily fixed by resetting the router or changing the DNS settings back (once the Zlob infection has been removed, of course).

In April of 2009, a botnet named psyb0t was identified that would attack external remote control "features" of router with weak passwords. Again, the router itself doesn't not become infected, merely compromised. To fix this, reset the router and disable remote access. Also, this attack did not utilize an exploit in the router firmware, but rather the fact that the passwords were weak.

And then there is the Chuck Norris botnet... Well, this, I suppose you could call an infection of a router. And what do you know, it is caused by the remote access "feature." It also only affects D-Link routers. Reset the router and disable remote access.


----------



## phyrtech (Mar 22, 2010)

Stoner said:


> Just for information, I don't have a problem.
> How would you determine a router is infected?
> Can an infected router be 'cleaned' and if so, how?


To determine if your router has been tampered with, log in to the configuration and validate all of your settings. Really if you find any settings that are not what you set them to, your router has likely been compromised (if you have kids, they probably did it).

To date, I am not aware of any problems that cannot be "cleaned" by doing a factory reset on the device. The worst of the infections is the Chuck Norris botnet which actually runs as a memory-resident program in the router's RAM. This can be cleaned by power cycling the router.


----------



## Aggy (Feb 19, 2005)

Thanks for these replies. This is very helpful. The information does appear to be normal. I doubt the router has been compromised. I'm learning stuff in this thread I didn't know.


----------



## aka Brett (Nov 25, 2008)

I have learned something today


----------

