Does your router have a virus?

You know you have a computer virus



So you have a redirect virus in your Windows computer, but no matter what you do, you can't get rid of it. You may have even wiped out your hard drive and reinstalled your operating system, confident that would fix it. It's like that Halloween kids' song about the cat that came back the very next day. "We thought he was a goner..."

Did you know that the virus could be in your router? That could be why it keeps coming back. That’s why no amount of extra anti-anything ever makes a difference. Not even combofix.

Google Redirect Virus and its alternative names

The virus is often referred to as the Google Redirect Virus. It also goes by “search redirect,” “browser redirect,” “tdss rootkit” and probably some others. It infected all of our computers. These could actually be separate viruses. Remember that once you’re infected with a virus, the door opens for other infections.

Withe the redirect virus, you go to a web page, either by means of search or directly, and you see the web page, but then it redirects somewhere else, or to a blank page. Sometimes you see a message about google analytics loading. Other times you might see an inappropriate site or an advertising site.

It turns out that a router can be hacked

The hacker creates a false DNS (domain name server) out on the web, and then stuffs the IP of their fake DNS into your router. How did the hacker get into your router? Well, did you ever change the default password when you got the router? It turns out that's what we did wrong. We had never changed the password.


Note that the router password is for changing router settings. It’s not the same as the WEP or WPA key. So we looked at the IP addresses in our router, and looked them up on the web. We learned that they are Russian IP addressed, and they are malware. (The IP addresses we found were 213.109.65.40 and 213.109.75.90.)

Fixing the Router 

The answer is to do a hardware reset of your router to factory settings, followed by a change in password. The reset is easy.  It's done with a paper clip.

1. Get a backup of all your router settings (usually you can do that from within the router admin page pretty easily)
2. Turn off all the computers in your house
3.  Shove a paper clip into the reset button and hold it for a few seconds
4. Password your router
5. Now that your router is reset to factory settings, make any changes you want, but do it by hand, rather than restoring your backed up settings because that would only put back the bad IP addresses
6. I heard a rumor that sometimes doing a hardware reset can burn out your router, so if your router is now failing, get a new router
7. Turn on one computer at a time, and run the conventional antivirus methods you've already tried, only now they will work. You probably won't need combofix. Then do the same for each computer.
8. The more modern routers are more secure. Consider getting a new router


See Google Redirect Virus Fix! for someone else's blog post about this.