Written by: Alex Popa
Just as your laptop or mobile can get infected with malware, your router is a prime target for attackers who want to monitor your internet activity or worse, whilst often remaining unidentified.
Antiviruses such as Avast are specifically made to detect these intrusions, warn you, and push them to quarantine.
In this article, we’ll be investigating Avast’s infected router warnings and how to deal with them.
We’ll take the necessary steps to fix the issue, and update your DNS settings to avoid future issues.
When Avast tells you that your router has been compromised and that your network connections are being routed through a malicious remote server, it will stop all connectivity and block the internet.
What can you do?
Firstly, you will need to check every connection that leads to the router and then perform a full factory reset. Change the admin password as well and never use the old one again.
After you finish doing this, you will need to go to the Internet Setup. Change the primary settings option from DNS 1 to 22.214.171.124. (Google’s public DNS) As for the secondary setting option, change it from DNS 2 to 126.96.36.199. Then, hit Save and Apply.
Click on Ok, and after a few moments, the changes will take effect. If you want to see if your router is still “infected”, run an Avast scan again.
The second solution is to buy the premium version of avast and update the app to get the SecureDNS feature.
This way, you’ll get rid of all false-positive alarms (I know, right?) and receive even more security features to safeguard your important data. If you want some serious protection, then you have to realize that free tools are not always the best.
If you have the SecureDNS feature activated and you’re still getting the warning that your router is infected, then disable your internet connection now.
Update your router firmware to get updates and counter this issue. You can even change it completely to make sure nothing like this will ever appear in the future. There were obvious chinks in the cyber-shield that the old version was using, so changing it could prove to be the best solution.
When the Avast Home Network Security tracks down an intrusive virus worming its way through your router, the notification you’ll receive will look something like this:
When Avast shows you this, it means your router is already infected. Your DNS settings have been changed so as to provide important data and unrestrained access to your device.
Usually, when cyber-thieves manage to override your internet security protocols and exploit your router vulnerabilities, they will modify the DNS settings and reroute your internet traffic to rogue servers.
This is called a man-in-the-middle attack.
Why it so dangerous?
Your DNS or Domain Name System carries your IP signature. It’s just like a phone book that lists your real identity, your credentials and confidential data that make up your online persona.
The DNS is responsible for the identification of all the computers, services, websites or pretty any other resource on the web.
You can be redirected to a corrupt version of the website you’re trying to access.
Every bit of information can be stolen at that moment, even your banking information, all your credentials you use, and other confidential data.
What’s more, this man-in-the-middle attack will spread its influence on the SSL and HTTPS security protocols. So, checking to see if a website is secure is actually useless because the virus can cut through this screening like hot knife cuts through butter.
One of the most probable causes of this infection is that many people don’t change their router’s default password. The factory credentials are very weak and are actually not intended to be used, merely to act as a default login access.
Solving this problem takes a bit of time but it’s nothing overly-complicated, and you can do this while sipping on the morning coffee.
Netgear routers have a few differences in terms of settings but the changes essentially remain the same. This is what you have to do:
As for Linksys/Cisco, ZyXEL, TP-LINK, Huawei, D-Link, and Sagem/Sagemcom routers, the changes remain essentially the same, so the instructions will have the same steps.
Furthermore, some users have said that the UPnP option has to be disabled and that you should do any port forwarding manually. Having this option enabled means that your device is made public for any other devices to notice, and this increases your chances of being hacked.
It’s better to keep your router as private as possible.