Hacker installed openWrt.lan and owns my computer

How can I delete openWrt.lan if my computer is owned by the hacker (the tree is \Network then my computer name). My ISP is Telmex in Mexico and the router is an Infinitum, but the router management page gives me different information on the router. BTW, when I look at the name of the network (shows as Telmex), one of the function pages allows me to see that the actual name is a long one on prodigyweb.com.mx. I am totally over my head here. Anyone care to tell me how to disentangle myself from this hacker's VPN? He has our two laptops and two phones under his control and everywhere we go, we are still hacked.

Why do you think you are hacked?

Are you not simply on your neighbours network?

I have been the victim of a hacker since March. He is an employee of the Department of Homeland Security in their cyber division, so he has every tool known to man available to him at taxpayers' cost. He always uses a VPN to control all of my devices, including my router and (in the case of where I lived previously) all of the routers and computers in the immediate range, which included the house and the neighbor's house. When I came to the new house, the router was fine, everything looked good until I attached my computer. Then the router software showed a different (hidden but I can see it briefly and know what it is) name for the ISP of Telmex...the ISP is a long string of letters and numbers followed by prodigyweb.com.mx. When I use my Avast software to run an internet check, it shows me that the name of the router is OpenWrt.lan, so I know that this software has been installed on my computer to hijack my router. It has a Unix opsys and the hardware shown is the same as my router. The IP address shown for my computer is geolocated about 60 miles away from my location and it has been in or near that location at my current address and my former address across town.

OpenWrt is not installed on a computer in the manner you describe. Please clearly explain where you see the phrase "OpenWrt.lan" appear.


Step 1:

Step 2:

Buy new computer.

Step 3:

Buy new router.

Step 4:

Never use old computer again.

Step 5:

Highly consider performing Step 1 on old computer.

Step 6:

Highly consider performing Step 1 to all electronic devices you own before connecting to the new router.

Prodigy is one of the companies that Telmex bought up in the 1990s, and they still own the brand name in Mexico. It would not be nefarious to find many internal Telmex routers and servers named "prodigy."

1 Like

Sorry, but I am afraid that nothing of what you are saying makes any sense at all... I think you should provide details of what tests you are performing and what results you are getting, preferably with screenshots. But I think you are miss-interpreting what your tools are displaying.

1 Like

Thanks for the laugh :joy: This is hilarious! Anyway, if this was true, I guarantee you wouldn't be able to detect said hacker. :wink:

1 Like

Just in case this is legit and he/she actually needs help:
If you have a stalker who works for the government, you can and should report them. They take things like cyber employees abusing their privileges very seriously.

Good luck!

1 Like

I don't think this applies for Mexico.
Also, to the OP: as mentioned before, ProdigyWeb is one of the many companies Telmex assimilated. If you're seeing an address like "CPE1234567890.prodigyweb.com.mx" or "MTA123456789.prodigiweb.com.mx" then everything is fine and there's no hacking involved here. This is just the address were the modem gets its configuration binary from, or the "pet name" given to it so Telmex can see its status.
If you still insist on being paranoid with this kind of evidence, then I suggest you get rid of you current router and all hard-drives in your computer. Replace them, give Telmex a call and ask them to replace your modem as well on the basis that it is no longer working.

1 Like

When I use the internet security program Avast's wifi inspector program, it identifies the name of my router as being OpenWRT.lan. It is actually a Telmex connection and it is named INFINITUMxxxxx, and the router is the brand Techniclor. So I do not actually know where the OpenWRT.lan name got applied to my router. I am just a workstation on a hacker's VPN, did you get that part??? I want to know where and how OpenWRT.lan might have gotten onto my computer (since I can't search for this...permissions are restricted, you know?) and how to trace who put it there. The further complication for me is that even though my Telmex connection is 198.xxxxxxx, I can't disable the PPP WAN which is 187.xxxx and still get on the internet. When I look at the further specs on the router management interface, I see a lot more stuff, like the port being reassigned to 8090. When I google that, it tells me that 8090 is a Unix or Linux thing that gets reassigned on the server to port 8080 or 81. I am in Mexico, recall please, so I don't know if that is country specific or not, but all of the server connections I see trace back via ip geolocation to Mexico City. That is reasonable. I am in the Guadalajara area, but most of the BIG servers in Mexico are in Mexico City. There is a lot more. When you discount whether I am telling the truth, it only helps me NOT get answers which will help me shake the VPN off my back, and to get the hackers' identies confirmed. I have several locations pinpointed, where they log on to my network. I am at the point of calling in the Federales, and in Mexico, they carry automatic weapons, not laptop bags.

I don't want to replace all of my hardware at the moment because I am TRYING to open investigations into who has hacked me and has a VPN on all of my devices. I am asking for help here, not dismissal.


  • if you can access the router, do a factory reset.
  • If you can access the router, take a screenshot of it.

That simple.

  • How the hell do you know this!?!?
  • If you see all these connections, can you see the VPN connection too???




Then you don't want help, you wanna play detective. If you really wanna track and have control of your router (which means the hacker doesn't control you BTW...)

  • Install softflowd
  • Track all IP connections in/out your router

Technicolor is well known to use openwrt as the basis for their firmware. There was a thread here about trying to get them to release the source as required by the license. Openwrt.lan is the default hostname an openwrt router gets if you don't change it. I don't see anything suspicious here

1 Like

OK, thank you for a real answer!! I am not suspicious of having a VPN on me, I KNOW that it is true. I am not a computer expert, but I go waay back to writing batch files in DOS, so I do know enough to read what is in the registry and to know how my devices and software are behaving. This is a big puzzle because I don’t know Linux and don’t know much about routers. And as well, I am in Mexico, where the Telmex guy knows jack sh”t about anything but how to creatively wire your broadband to the electric wires.

How about you show us some screenshots?!?

1 Like

OK, as soon as I find the really indicative registry entries, will do. Thanks for the suggestion.

What might be happening is that your machine is aware of a router on the network (especially as it is likely your default gateway) and performs a reverse-DNS lookup to get its name. If the hostname is the "default" OpenWrt, then the answer from its DNS may well be "OpenWrt.lan".


Thank you, Jeff. I am learning a lot about modems.