Cyber-criminals have always been evolving when it comes to attacking computer systems. And what is worse is that your home router may also be a victim of such malware. In this instructive article, we are going to explain to you how to check your home router for malware infections and fix it for free, without using any type of software for it.
It has been established that cyber- crooks prefer to attack central devices more. It may be more difficult for them, but the results are very rewarding because they gain access to the bottleneck through which all of the web traffic is passing. This means that they can display fake web pages to any of the devices connected to the router, like:
- Fake Facebook and other social media login pages.
- Fake online payment pages.
- Phishing web pages that prompt the user to login with his e-mail address and password.
- Malicious URLs that may infect the device with even more malware, like Petya Ransomware, which locks you out of your computer, for example.
Satori Botnet Plagues Routers – Update February 2018
Recently this year the Satori botnet has been detected to exploit a flaw (CVE-2017-17215) in Huawei routers as well as a bug in Realtek SDK-based devices. The exploit code used to trigger the CVE-2017-17215 vulnerability allows attackers to compromise Huawei home routers. Attacks against Huawei devices were observed in several countries, including the USA, Germany, Italy, and Egypt. The new Satori variant aims to hack target rigs and then start mining for the Ethereum cryptocurrency.
Checking the Router for Malware
So, how to protect your router and how to neutralize this threat? This will happen effectively in case you follow the below-mentioned general instructions. They have been designed in general to help you check your home router’s settings and reset it.
Before starting, you should establish the default IP address and password of your router. This can happen via using two methods:
Method I: Checking the back of the router
In case you haven’t changed any settings on the router’s credentials, the information is usually visible on the back or below the router. Here is an example picture:
Method II(In case Method I is not working): Checking from a computer that is connected to the router.
1) Press + R.
2) Type “cmd” and then press Enter.
3) In the command prompt type the following command – “ipconfig” and press Enter.
4) Under “Wireless LAN adapter WiFi:” check the IP address on the field, called “Default Gateway”.
This is the IP address of your Router. If you do not have access to a command prompt, try entering the router using combinations of default IP addresses for routers.
5) Check your router model from the back of the device.
6) Go to the website Router Passwords and type your device to check the default user-name and password.
7) Go to your web browser after which type the IP address you discovered in 4) as the picture shows:
8) Type the admin username and password. If they are changed, go straight to resetting your router below
9) Login to your router and check the DNS settings. The usual location of the DNS settings is in the “Wireless Settings” category, but they may differ with different routers.
10) If your router has had a modified DNS, you should check the address using IP Whois and comparing the ISP (Internet Service Provider) if it is yours or not. You can also directly call your Internet provider to check the DNS for you.
Resetting Your Router
In case the router has been infected, you should immediately restart it. For that, you need to have the information provided above – default IP address of the router as well as default username and password. Here is how to reset your router.
1) Grab an object that is very thin and solid, such as a pen magazine or a hairpin.
2) Use it to reset your router by locating the reset button and pressing and holding it pushed with the object for 5~10 seconds similar to the picture below.
3) The router will restart, and everything will be set to default. You need to configure the router’s SSID and password because it will not be secured.
4) To reconfigure it, we advise using the quick setup otherwise known as setup wizard in your router. To do this, repeat the instructions in Step 7 from Method II.
5) After you click on it, the router will ask you to choose your connection type and security type:
6) Finally, you will be prompted to set the SSID, which is how your router appears to the public and of course your password. Make sure the password contains symbols, upper and lower case letters and at least 2 numbers, to make it more difficult to brute force.
Conclusion
After resetting the router, before connecting your devices to it, make sure you check all of your devices for malware, because some malware, like Jiton JavaScript Router Malware, infects router through the devices connected to it. This is why we recommend using the instructions below to remove any malware from the computers in your network. After the malware has been removed, you can safely connect to the router. As a finale of these instructions, we strongly recommend you to follow these tips on how to keep your network and devices safe and educate all of the users in the network how to use them as well. We hope this helps.
Extremely good material, thanks for providing the information.
I read the article routers and I was impressed and depressed at the same time, because I’m stuck with ATT Uverse which is DSL+VOIP. The new VOIP routers look like they’re not as good as these.