Previously, we wrote about DNS substitution, as a result of which advertisements and ransomware banners appeared on the computer. In a number of cases, DNS servers were changed not only in Windows, but also on the router. To put it technically correctly, DNS substitution is, of course, not a virus in the classical sense of the word, but a malicious setting that nevertheless brings a lot of inconvenience.

What is the point of replacing DNS servers and what harm does it do?

The DNS server is responsible for mapping domain names to IP addresses. Fraudulent DNS servers are able to match the name of any decent website with another - incorrect address, and load substitute content instead of the real one. If you register such “wrong” DNS on the router, then All devices connected to it will be in danger.

It looks like this. While browsing the sites, a page suddenly opens asking you to update your flash player, java, install a free antivirus, download a program supposedly to speed up and optimize your PC, or any other seemingly harmless thing. It is important that the name of a familiar and trusted site may be displayed in the address bar. If the user downloads and runs the proposed file, then most likely in the near future he will begin to have big problems with his PC:

• Your computer may start displaying advertisements.
• Files may be encrypted.
• When you try to open any website, a request may appear.
• The desktop may be blocked by a Winlocker, again with a requirement to transfer money for unlocking.
• The computer can be used to carry out Internet attacks on websites and servers, hack other computers (botnet) and other bad things.

In this case, as a rule, the performance of the PC decreases, there are constant calls to the hard drive, and the processor load reaches 100% when idle.

How does a router become infected?

As a rule, one of the computers on the local network is first infected. The virus enters your computer when you download a file from the Internet. Then, it sends requests to addresses standard for network equipment, can scan cookies, download auxiliary malware (Trojan) and as a result gets into the settings of the router or ADSL modem.

Viruses and Trojans can change router settings (in particular, change DNS) if:

1. To log into the web interface, use standard details - IP, login and password (for example, 192.168.1.1, admin/admin)

2. The address, login and password of the router are saved in the browser.

Signs of a router infection

(can occur either all together or individual signs)

1. Ads pop up on devices connected to the router, left tabs/pop-up windows open in browsers on their own, and a ransomware banner may appear on the entire screen.

2. Some sites do not open. Instead, web pages with strange content or a “404” error are displayed.

3. There is no access to the Internet, although the WAN/Internet indicator is on.

4. The computer receives an IP address from the range 169.254.*.*

How to remove a virus from a router

How to protect your router from viruses

1. Update the firmware to the latest

Go to the manufacturer's website, enter your model, and download the latest firmware. Read on the example of TP-Link equipment.

2. Set a non-standard password for the web interface

Not all routers allow you to change your login. But if you set a complex password, it will be enough.

3. Deny access to the router interface from the Internet

4. Change the IP address of the router on the local network

Don’t even doubt that the first thing a router burglar virus will do is contact the most popular addresses: 192.168.0.1 and 192.168.1.1. Therefore, we advise you to change the third and fourth octets of the local IP address in the LAN settings. Specify for example:

192.168.83.254

After this, all devices on the network will receive IP from the range 192.168.83.*

After changing the local IP of the router, to enter the web interface you will need to enter http://[new address]

5. Install a reliable antivirus on your computer

Even if malware penetrates your computer, it will be neutralized and will not have time to infect the router.

6. Don't save passwords in your browser

I think you are able to remember the password for the router's web interface. Or at least write it down on paper.