In light of the increasing incidence of DNS spoofing malware on Internet users' devices, security issues arise Wi-Fi routers. How to check your router for viruses? How to remove a virus from a router? The question is complex and simple at the same time. There is a solution!


The virus itself cannot record itself on most modern routers due to the small space in the memory of the router itself, but it can zombify the router to participate in a botnet. As a rule, this is a botnet for attacking various servers, or for redirecting and analyzing the flow of information leaving you on the Internet.

Your passwords and personal correspondence could fall into the hands of attackers!

This needs to be fixed as quickly as possible.

  • Resetting the router
  • Router firmware
  • Resetting

Resetting the router

You can reset the router settings by pressing the reset button. Usually this button is located on the back of the router, where the LAN ports are. Usually the button is recessed into a hole to avoid accidental pressing, so you'll have to use a toothpick. This will delete the router settings changed by the virus and install the factory settings in their place. I must warn you that if you do not know how to configure a router, then reset its settings for you not worth it!

Router firmware

Sometimes the virus "floods" modified firmware to the router. To remove virus firmware from the router, you can flash the router again.

Connect the computer to the router with a LAN cable. LAN cable Comes with any router. Or via Wi-Fi if a cable connection is not possible. It's better to connect with a cable! Wireless connection is considered unstable and is not suitable for flashing router firmware.

After we have connected to the router, open the browser (Chrome, Opera, Mozilla, IE) and enter the address in the address bar ASUS router, for Asus it is 192.168.1.1, on the page that opens you will need to enter your login and password to enter the router settings. Login: admin, Password: admin. If the login and password do not match, then ask the person who set up the router for you, perhaps he changed them.

Download the firmware from the manufacturer's website and select the firmware on the disk using the router settings page. For the vast majority of routers, the firmware steps are the same.

Until recently, I didn't even know that Avast router scares its users with "scary" warnings regarding their routers. As it turns out, Avast antivirus scans Wi-Fi routers. It gives results that the router is not configured correctly, the device is vulnerable to attacks, or in general that the router is infected and infected, and attackers have already intercepted DNS addresses and are successfully redirecting you to malicious sites, stealing data credit cards and in general everything is very bad. All these warnings, of course, are seasoned with a dangerous red color and confusing instructions that even a good specialist without beer will not understand. I'm not even talking about ordinary users. This is what the problems found on the D-Link DIR-615 router look like:

The device is vulnerable to attacks:

The solution is, of course, updating the router firmware. Because what else 🙂 Avast can also display a message that your router is protected by a weak password, or the router is not protected from hacking.

In some cases, you may see a message that your router is infected, and connections are redirected to the malicious server. Avast antivirus explains this by saying that your router was hacked and its DNS addresses were changed to malicious ones. And there are instructions for solving this problem for different routers: ASUS, TP-Link, ZyXEL, D-Link, Huawei, Linksys/Cisco, NETGEAR, Sagem/Sagemco.

In short, all these recommendations are aimed at checking DNS addresses and DNS-related services. Through which attackers can change the DNS on your router and redirect you to their malicious sites. There is detailed instructions how to check everything on routers from different manufacturers.

How to respond to warnings from Avast about a router vulnerability?

I think this question interests everyone. Especially if you came to this page. If you are wondering how I would react to such warnings from the antivirus, then the answer is simple - not at all. I am sure that Avast would have found holes in my router through which I could be hacked. I just have Dr.Web. He doesn't do such checks.

Maybe I'm wrong, but no antivirus other than Avast checks the Wi-Fi routers you are connected to for various types of vulnerabilities. And this feature, called Home Network Security, appeared back in 2015. In Avast 2015 version.

Avast scans your router for device security issues. Although, I don't fully understand how he does it. For example, how does it check the same password for entering the router settings. Does it follow the user, or is it a selection method? If you guess it, the password is bad 🙂 Okay, I’m not a programmer.

Personally, I believe that all these warnings are nothing more than simple recommendations to strengthen the security of your router. This does not mean that someone has already hacked you and is stealing your data. What Avast offers:

  • Install good password and update the router firmware. They say otherwise you may be hacked. Ok, this is already clear. This doesn't have to be signaled as some kind of terrible vulnerability. Although again, I don’t understand how the antivirus determines that the router software version is outdated. It seems to me that this is impossible.
  • The router is not protected from connections from the Internet. Most likely, this warning appears after checking open ports. But by default, the “Access from WAN” function is disabled on all routers. I highly doubt that anyone will hack your router over the Internet.
  • Well, the worst thing is the substitution of DNS addresses. If any problems with DNS are detected, Avast directly writes that “Your router is infected!” But in 99% of cases this is not the case. Again, almost always the router automatically receives DNS from the provider. And all functions and services through which attackers can somehow spoof DNS are disabled by default. It seems to me that very often the antivirus misunderstands some user settings.

Something like that. Of course, you may disagree with me. It seems to me that it is much easier to access the computer directly and infect it than to do it with the router. If we are talking about an attack via the Internet. I will be glad to see your opinion on this matter in the comments.

How to protect your router and remove the warning from Avast?

Let's try to figure out each item that Avast most likely checks and issues warnings.

  • The router is protected with a weak password. No encryption. In the first case, the antivirus has a password that you must enter when entering the router settings. Typically, the default password is admin. Or not installed at all. And it turns out that everyone who is connected to your network can go into the router settings. Therefore, this password needs to be changed. I wrote how to do this in the article: . Regarding Wi-Fi password network, then it must also be reliable, and the WPA2 encryption type must be used. I always write about this in instructions for setting up routers.
  • The router is vulnerable due to old software. This is not entirely true. But, if your router model has new firmware, then it is advisable to update it. Not only to improve security, but also for more stable operation of the device and new functions. We have instructions on our website for updating software for routers from different manufacturers. You can find it through the search, or ask in the comments. Here it is for .
  • DNS settings have been changed. The router is hacked. To be honest, I have never seen such cases before. As I wrote above, all services through which this can happen are disabled by default. Most often, the router receives DNS from the provider automatically. The only thing I can advise is not to manually enter DNS addresses that you are not sure about. And if you manually specify addresses, it is better to use only DNS from Google, which: . This is also recommended in Avast recommendations, which can be viewed on the official website:. There are detailed instructions for solving DNS problems for almost all routers.

That's all. I hope I was able to at least a little clarify these warnings in Avast antivirus. Ask questions in the comments, and don't forget to share useful information on this topic. Best wishes!

When distributing the Internet via Wi-Fi through a router, various problems may appear. For example, braking and high ping may occur due to infection of the distributing equipment with viruses. Let's take a closer look at how to clean the router yourself.

Symptoms

The equipment may be infected with the following types of viruses:

  • slowing down the data transfer speed. For example, a virus can disrupt settings, there will be low speed, loss of signal, etc.;
  • replacing website addresses. It happens like this: a person goes to a resource, and the malware changes the DNS, and the user is redirected to a site with advertising or becomes visible to advertising blocks placed by site owners. This virus is also dangerous because it can redirect to a resource that contains other malicious content.


In any case, if the router is unstable, it is necessary to check it for viruses, which are quite easy to remove.

How does infection occur?

The router distributes the Internet to all gadgets connected to it. This means that all devices operate in the same local network. The virus uses this: it penetrates the computer through a website or a downloaded file, then through the network it gets to the router, where it performs malicious actions.

The severity of the situation depends on the version of the virus program; for example, some pests behave secretly and begin to act actively only once they are in the router, while others, on the contrary, can simultaneously damage the operating system.

Checking network equipment for infection

Before cleaning your equipment from viruses, you need to check the router for their presence. To do this, you need to connect the Internet cable to the computer port directly. Pull out the WLAN wire from the router and connect it to the computer, and then perform the following manipulations:

  • Launch your browser and open several sites. Make sure that they contain the correct content and that there is no substitution of sites or advertising blocks. For verification purposes, it is better to choose resources in which advertising cannot be present.
  • Run an antivirus program to scan your computer. This is necessary to determine the path of infection - from the computer or from the router. Keep in mind that there can be several viruses, and they can be present both in the system and in the network equipment.


Virus removal

Watch a video about a router becoming infected with viruses here:

To remove the malicious program, you need to reset the settings to their original settings. If a virus program has already harmed the firmware, it will need to be reinstalled.

Reset settings

To clean the router, you need to reset its settings:

  • Find the Reset button on the back of the device. She often stands out from others. Press and hold it until the router resets its settings and reboots. Remember that when you reboot, all settings will be lost, and the router will need to be configured again.


  • To configure the router, you need to connect it to your computer using a cable, then launch a browser and type the address 192.168.0.1. It may be different and is indicated on the router itself or in its documents or instructions. When entering the settings, the login admin is often entered, and the password is the same or 12345. If you can’t log in, then you should look at the instructions for the network equipment.


  • Find Quick Settings options. Select all that apply. You can also change the password and network name. After completing the setup process, save them and reboot the router.


After completing all the steps described, check if you managed to get rid of the problem. If it doesn't work, you'll need to reflash it network equipment.

How to perform a flashing?

It happens that a virus program changes the firmware on the router. You can neutralize the infected version by flashing it.

Connect your computer to the router via a LAN cable. It should be included with any router. If you don't have it, you can use WiFi connection. However, the cable connection method will be preferable.


After connecting to the router, launch the browser and enter the value 192.168.1.1 (or another specified on the device itself) in the address field, then you will need to enter a password and login to open the router settings. The default login and password is admin. If you can’t enter the settings, you need to find out the current login details, possibly after last installation they were replaced.

Download new version firmware from the manufacturer's website and, going to the router settings, select it on the computer disk. The firmware process for all routers is identical.


Protecting network equipment from viruses

To protect your router from infection, you can use the following recommendations:

  • Upgrade the firmware to latest version. Visit the manufacturer's website, enter your model in the search and download the latest firmware.
  • Set a multi-digit password value for the web interface. Not all routers allow you to change your login. However, if you put complex password, hacking the web interface will no longer be easy.
  • Set offline login in the router settings.
  • Change the IP address of the router in local access. During the hacking process, the virus will immediately contact addresses such as 192.168.0.1 and 192.168.1.1. Based on this, it is better to change the third and fourth octets of the local network IP address.
  • Provide a reliable antivirus program on PC. If a virus first tries to enter your computer, it will be removed immediately, preventing it from harming the router.
  • Don't store passwords in your browser.


As you can see, checking your router for viruses and cleaning it is not difficult. But it is better to follow simple tips to prevent infection. But if this happens, you know what to do.

In light of the increasing number of cases of DNS substitution by malware on Internet users’ devices, the question of the security of Wi-Fi routers arises. How to check your router for viruses? How to remove a virus from a router? The question is complex and simple at the same time. There is a solution!


The virus itself cannot record itself on most modern routers due to the small space in the memory of the router itself, but it can zombify the router to participate in a botnet. As a rule, this is a botnet for attacking various servers, or for redirecting and analyzing the flow of information leaving you on the Internet.

Your passwords and personal correspondence could fall into the hands of attackers!

This needs to be fixed as quickly as possible.

  • Resetting the router
  • Router firmware
  • Resetting

Resetting the router

You can reset the router settings by pressing the reset button. Usually this button is located on the back of the router, where the LAN ports are. Usually the button is recessed into a hole to avoid accidental pressing, so you have to use a toothpick. This will delete the router settings changed by the virus and install the factory settings in their place. I must warn you that if you do not know how to configure a router, then reset its settings for you not worth it!

Router firmware

Sometimes the virus "floods" modified firmware to the router. To remove virus firmware from the router, you can flash the router again.

Connect the computer to the router with a LAN cable. A LAN cable is included with any router. Or via Wi-Fi if a cable connection is not possible. It's better to connect with a cable! The wireless connection is considered unstable and is not suitable for updating the router firmware.

After we have connected to the router, open the browser (Chrome, Opera, Mozilla, IE) and enter the address of the ASUS router into the address bar, for Asus it is 192.168.1.1, on the page that opens you will need to enter your login and password to enter the router settings. Login: admin, Password: admin. If the login and password do not match, then ask the person who set up the router for you, perhaps he changed them.

Download the firmware from the manufacturer's website and select the firmware on the disk using the router settings page. For the vast majority of routers, the firmware steps are the same.

Problems with Wi-Fi distribution using a router occur for various reasons. One of them is infection of the distribution device with a virus, which you can get rid of yourself.

  • a virus that slows down the Internet speed in various ways. For example, such malicious software messes up the firmware settings or starts downloading some advertising virus content onto the computer;
  • a virus that replaces website addresses. It looks like this: a user goes to any known safe site, and the virus changes the DNS in such a way that the user ends up on an advertising site or sees advertising banners where the site owners did not place them. Such a virus is also dangerous because it can redirect you to a site containing other viruses.

In any case, if you notice that your router is not working correctly, you should check it for viruses, especially since it is very easy to get rid of them.

How does a virus get into a router?

The router provides the Internet to all devices connected to it. This means that all devices and the router itself are on the same home network. This is what the virus takes advantage of: it gets onto your computer from some website or downloaded file, and then it is transmitted over the network to the router, where it begins to play dirty tricks. The process depends on the model of the virus, for example, some malware does not specifically detect itself on the computer, but only begins to act once it gets into the router, while others manage to cause harm and operating system, and router firmware at the same time.

Checking the router

Before cleaning your router from viruses, you need to check if there are any on it. To find out the result, you need to use the Internet directly through your computer. That is, remove the WLAN cable or modem from the router and insert it into the computer port, and then follow these steps:

If you are having problems with speed, then follow these three steps.

  1. Check your internet speed. This needs to be done in order to find out in the future whether the speed is the same when using the network directly and through a router. For example, you can download a file or use the special online service Speedtest.

    We scan the Internet speed through the Speedtest website

  2. To more accurately determine the signal quality, you need to find out the ping indicator. Ping is the time it takes for a signal to be sent from your device, reach the server and return back. Naturally, the larger it is, the worse it is for you. Open command line, write the ping ip command and execute it. IP address of your connection, the default is usually 192.168.0.1, but may vary. Remember the result. A normal ping value of up to 40 ms is an excellent indicator, 40–110 ms is a normal average value, more than 110 ms is worth thinking about reconfiguring the network, improving the signal or changing the provider.

    Execute the ping ip command

  3. After the list of sent packages, you will see statistics. You are interested in the line “Packets”, it calculates how many packets were sent, lost, completed. If the number of lost packets exceeds 5%, you need to find out what the problem is. If large number packets will not reach the server or return, this will greatly affect the speed of the Internet.

    Let's see what percentage of packets are lost

After you have completed all the above steps, you will receive detailed information about ping, the number of lost packets and Internet speed, reconnect the WLAN cable or modem to the router and check the same indicators when connecting via Wi-Fi. If the parameters are approximately at the same level, then the problem does not lie in the router, perhaps the reason is on the operator’s side. Otherwise, if problems with the Internet occur only when using it through a router, you need to reset the settings and clean it from viruses.

Virus removal

To remove the virus, you need to reset the settings to default values. If the virus managed to damage the firmware, you will have to install it again yourself.

Reset settings

  1. Find the Reset button on the back of the router. It is usually smaller than all the others. It needs to be pressed for 10–15 seconds. When the router turns off and starts to reboot, you can release it. Rebooting the router will notify you that the settings have been reset. Please note set password will also disappear.

    Press the Reset button

  2. To reconfigure the router, you need to connect it to your computer via cable, and then open your browser and go to http://192.168.0.1. Perhaps the address will be different; you can find it on a sticker located on the router itself, or in the documentation that came with the router. You will be asked for a login and password, the default login is admin, and the password is admin or 12345. More details are described in the instructions for the router.
  3. Go to Quick Setup. Specify the options that suit you. If you want, set a password and change the network name. After completing the setup procedure, save the changes and reboot the router.

    Let's move on to the section " Quick setup"and set convenient settings

After completing all the above steps, check if you got rid of the error. If not, you will have to reflash the router manually.

Reflashing the router

Router firmware is only possible if the device is connected to the computer via a cable. You cannot update the firmware over Wi-Fi.

  1. There is a sticker on the back of the router. Find your router model on it. It also contains information about the firmware version installed initially. If its version is 7, then it is better to install the update for version 7 to avoid a conflict between too new firmware and the old hardware of the router.

    Find out the firmware version and router model

  2. Go to the manufacturer's website and use the search bar to find the correct version for your model. Download it to your computer.

    Find and download the required firmware version

  3. The downloaded file will be archived. Extract its contents to any convenient folder.

    Specify the path to the firmware

  4. Start the update procedure and wait until it finishes. Reboot your router. The firmware should be updated, and all problems and viruses will most likely be gone.

    Waiting for the installation to complete

Video: how to flash a router

How to protect your router from viruses in the future

The only way to protect your router from viruses is to prevent them from entering your computer. Your computer is protected using an antivirus. Install and under no circumstances disable any modern antivirus. It is almost impossible to catch malicious software with an activated antivirus. It is not even necessary to use paid security programs; nowadays, high-quality free analogues are sufficient.

What to do if nothing helps

If following all the above instructions did not bring the desired result, there are two options left: the problem arises due to a breakdown of the physical part of the router or errors on the provider’s side. First, you should call the company that provides you with the Internet and tell them about your problem and the methods that have not helped solve it. Secondly, the router should be taken to a special service so that it can be examined by specialists.

Infecting a router with a virus is a rare occurrence, but dangerous. There are two ways to get rid of the virus: by resetting the settings and updating the firmware. You also need to make sure that no malware remains on your computer.