# Cleaning a compromised Router

malwaremalware-removalrouterwireless-router

At the office I noticed malware symptoms on one of the computers. I tried cleaning it and found nothing. Then I noticed I got the same behavior on my phone and the other computer: occasional links would redirect to malware download pages.

I changed my phone to cellular data and the behavior went away. I figured it must be the router or cable modem. I power cycled them and checked for a proxy or any other strange settings. I didn't see any, and it worked normally for a while, only to return again later.

What am I missing? Where else could the malware be coming from?

If you are using default (ISP-assigned) DNS servers, consider changing them to an alternative, such as Google's 8.8.8.8 - if you observe this behaviour stopping, consider checking with other users of this ISP, or reporting the issue to them. It's possible (though unlikely) that your ISP was compromised. There's also the possibility that malware on your computer itself was designed to attempt common passwords on consumer routers and make this change, though that is unlikely.