C6300 Router, READYSHARE, ReadyDLNA:C6300 (Hacker Control Questions)
C6300 Router, READYSHARE, ReadyDLNA:C6300 (Hacker Control Questions)
I will start by stating that I have a hacker on my network who is making use of my Netgear router and related hardware. This has been going on for over three months. This has been a SEVERE hack...he has taken out THREE computers so far, and severely corrupting a 4th and 5th we have recently bought. We can't seem to get the hacker off despite trying numerous things suggested to us. All the usual things like cleaning the machines, running malware scans, changing password on router(did twice, no effect), etc. Hacker appears extremely knowledgeable and sophisticated. Right now we are trying to get an ethical hacker in here to look at this very serious situation. I will restrict my comments to what I have seen on my network and apps regarding Netgear products. I will have questions over what is happening to hopefully help me or a technician to stop my hacker.
First off, to me, he has somehow "taken over" my router and the READYSHARE and ReadyDLNA that comes with it. In my Network on my computer all three appear. Of course, the router is correct, but I HAVE NOT enabled either the READYSHARE nor the ReadyDLNA. My first question is since I have not enabled either the READYSHARE or ReadyDLNA why is it showing up in my network? I would think they would not be listed there, but I may be wrong about this. I feel the hacker enabled the READYSHARE and ReadyDLNA and that is why they are appearing in my network. I will continue by discussing each item and what I have noted:
1. The router itself model #C6300. In the properties section it says Model Number: 1 and the serial number is short by four characters at the end. I find a model number of "1" odd and the serial number not being complete as possible red flags.
2. ReadyDLNA:C6300. This is listed under "media devices" in my network. I can see that as I understand the ready DLNA to be a device to stream media to other devices. The Model is curious to me. It says "Windows Media Connect Compatible". I need you to tell me if this is normal or not for it to say this here. The model again is just a "1", which bothers me, and the serial number is very suspect. It is: 12345678. That CANNOT be right, and makes me think interference by my hacker.
3. READYSHARE. This is the strangest of the bunch. Again, I have not enabled this or the ReadyDLNA. When I try to "open" the READYSHARE on my computer I get "this file is empty" message. That doesn't seem right. There is an option to "connect to remote computer", which may be legitimate, but not sure. Now here is what floored me, and should floor you. I use McAfee anti-virus. In the Network section it is "abnormal". I won't go into the non-Netgear items that are "not right", just the READYSHARE. In the McAfee, under READYSHARE which is listed as part of the network, it says, "Device Type": LINUX COMPUTER!! I am NOT running ANY Linux equipment or devices in my home at all! This is very upsetting and I am glad McAfee picked this up, as I was unaware of this. This has GOT to be the hacker's remote computer...he is using a Linux Computer apparently, and somehow has got it hooked up to my Netgear READYSHARE. I have another network app. that says "unknown device" for the IP address of the READYSHARE/Linux Computer. So I have proof positive of being hacked(not that I need to prove this to anyone). I am writing to see if anyone can help me get this hacker out of my router and related equipment I have described. My ISP will not help me with the matter. They told me "hacking issues are out of their scope". I got very angry with them for not be willing to get involved with my network. I have talked to several savvy computer people who said the ISP is supposed to get involved with a customer if they are being hacked, because the service I am receiving(and paying good money for) is being seriously compromised. I have given them countless other proofs of the hack, but they show absolutely no interest or compassion. All they do is point me to their legal contract and the fine print regarding "hacking". Bottom line: they cannot help me. I have reported the matter to my local police and the FBI, but I don't expect much. People have just advised me to do this because I am a victim of a crime here. I do have one other ISP in town I am seriously considering switching to, and seeing if they can help with my networking problem. If not, I am going to have to get a certified ethical hacker in here to take care of this monumental problem. But since the scope here is Netgear, please try to help me on what I have reported, your thoughts, and if in my shoes, what you would do to get rid of the hacker. By the way cleaning the machines will not work, as he has put up a block, most downloads don't go through due to same, and he will not allow remote support connections either. He is evil, and is causing me and my wife a great deal of stress over the matter. I hope you people here at Netgear will have some advice for me on what I might try next. I also cannot get "into" the router, if you were thinking that. I put in the IP address for the router, and up pops a page "cannot be found" so obviously Mr. Hacker took it out because he knows if I can get into the router I might be able to stop him or limit him, or maybe even locate him. By the way, we are not using any wifi, never have. He is coming through the cable. We are not sure how he got in, but that doesn't really matter now, I've got to get him out or I might just be losing another computer soon. Thanks for all your help and reading this long post. Ask any questions for clarification, if necessary. My name is John.
Re: C6300 Router, READYSHARE, ReadyDLNA:C6300 (Hacker Control Questions)
Don't expect the ISP to help. You don't really want them mucking around with your devices. Their job is to transport bits to and from your home network.
Unfortunately, it's hard to tell what's going on, although I bet that one of your computers has been infected. If you have really been hacked, then you should shut down your Internet connection and work on cleaning up your network and machines. You may have to back up your personal data and reinstall Windows. That should get rid of most malware. Just hope that any malware hasn't embedded itself into your computer's BIOS or hard drive's boot sector.
As to your C6300, you should reset it to factory settings and proceed to set it up from scratch. Be sure to change the admin password. If you don't use Wi-Fi, then you should turn off the radios. Push the Wi-Fi button for 2 seconds or until the Wi-Fi light turns off. You should also turn off UPnP on the C6300. Hackers can sometimes get through ports opened with it by devices on your network.
For reference, here is the user manual:
Speaking of which, you didn't mention what other devices you have in your house, but if you have IoT devices such as IP cameras, they can be targets for hacking. You may want to temporarily turn them off until you have regained control of other things.