I have already solved this problem, so I don't so much need advice but I would like to understand what happened. About 2 weeks ago, I received a nasty-gram from my ISP that I had an infected device on my network, and it was doing something that violated their TOS. I work with troubled kids and so this wasn't too shocking, though it's never happened before. I queried all the kids devices but couldn't find anything. About that same time, I noticed intermittent freezes on my home network, where no device could communicate either on home network or the internet. However, I didn't connect those two dots until the freezes got notably more frequent and longer in duration. It was then that I tried to log onto the webui of the router (Asus GT-AC 5300). I noticed that the traffic monitor utilities had all been turned off, (which I turned on to try to find the offending device). When I turned them on, they would be turned off again in a few minutes. I also noticed the CPU utilization of the router was high 90%, even if nobody was using the internet. Fairly obvious the infected device is the router itself, and it's probably being used to mine bitcoin or something. I attempted to reflash firmware, but that didn't seem to help. I used the webui to replace firmware, which according to the dialog box suceeded but the same problems occured after the reflash. I also tried powering up the router while holding down the reset button, then flashing firmware from rescue mode. However, the router was unresponsive, and the blink rate is slower than what I've read here should be. I ended up replacing the GT-AC5300 with a newer model that is still supported by ASUS. So far everything looks normal. However, how common is this? Also any idea if there is a way to salvage this router? Maybe use it as an AIMesh node? OR better to just build a trebuchet and use this router for target practice? Thanks in advance for any knowledge you can impart.
Last edited: