Mac OS Big Sur

Your router does not, and never had a rootkit. None of them. Stop exchanging them for yet another replacement.

There are a couple of known viruses that affect routers. They come from infected Android devices, which are the most vulnerable smartphones out there. Google Play and other sources of apps for Android are loaded with malware. You couldn't pay me to own an Android phone.

If your router does happen to get infected by malware on your Android phone, resetting the router will get rid of it since that's what a reset does. It sets the router back to factory, out-of-the-box specs. If anything, it's your Android phone that keeps reinfecting the router.

Cleaning the Mac will do nothing to prevent the router from being reinfected by the phone. Either get rid of the phone, wipe it, or never let it connect to your router.

Disk Utility reports that small partition as DOS, but it's really the EFI partition table. Every single newer Mac drive has one. It's nothing unusual.

You wasted your money with the Fixit stick.

You have to assume the crooks already know the default admin password. Go to the settings admin page and give at least the login password a new, difficult to guess password. Something like SXCuefSe1YT6. Usually, the modem will restart and ask you to login. Enter the new password to get back in.

Next go back to wireless security, or whatever the page is named where you disable/enable wireless broadcasting and the password(s). You must change the passwords since you must assume crooks know what they are. If there are two (one for 2.4 GHz and another for 5 GHz), change both of them to new, hard to guess passwords. Write these down since you'll need to update all of your wireless devices to talk to your router. Make sure WPA2 is the security setting, or WPA2/WPA3 if it will only allow you to choose a combination. NEVER select any option that includes WEP. Re-enable wireless broadcasting and save the settings.

If your router only has WEP as the wireless security option, throw it in the trash. Like right now and get a new one. WEP can be cracked in less than a minute. A router should have WPA2 security at minimum.

Last is remote access. When you're at the part where you've disabled wireless broadcasting and changing passwords, it's very important to look for the remote access features. There are usually two on the same settings page. Remote Telnet and Remote Management (or something like that). Make sure those are both disabled. Having them on is probably how the crooks accessed your router in the first place.

Now the crooks will not be able to enter your router's settings, and they also will not know the new admin or wireless passwords.

If you know for certain the router has been hacked, it would be far simpler to reset the router. Also, if it is the router, then doing anything to the Mac, no matter what, won't help in the least.

It's a given that if a hacker has already gotten into your router, they also know admin name and password to get at all of rest of the configuration pages. Your main goal here is to keep them from getting back into your router once you've reset it.

Poorly configured routers (and there's a LOT of them) come with admin as the admin name, and no password (or visa versa, a blank admin name and "admin" as the password). This makes access much too easy for anyone who's taken the time to look up the default name and password for various makes and models of routers. Another thing that makes access easier are poor default settings in the router itself.

The following looks like a lot, but doesn't really take all that long to do. Less than 30 minutes.

The very first step with the router is to reset it to the factory defaults. This is usually accomplished by holding in a small, recessed button for about 10 seconds. When released, the router will reboot. Check your router's manual as different routers have different methods. For some, you turn the router off first (or unplug it if it has no power button), then hold the reset button in.

The reason for resetting the router to its defaults is the crooks may have bridged it to another router, or added other redirecting commands. That means even with new passwords (we'll get to that), they could still enter your network, or at least continue to watch what you're doing.

After the reset, the router will boot back up to the defaults. Open your browser and type in 192.168.0.1 as the address. This is the default IP address for nearly all routers. You should be prompted to enter the default admin name and password. Check the manual to see what these are. On newer routers, it's usually on a sticker on the router itself.

It's not enough to have the router on WPA2 or WPA3 if a crook can otherwise easily access it without even entering your home. Many router manufacturers have finally woken up and made the login name and password difficult to guess, but others still don't seem to get it. My oldest brother just got a new router/modem for his Internet connection, and it stupidly came with blank for the admin name, and "admin" as the password.

This is bad! All anyone within range or your router needs to do is type 192.168.0.1 into a web browser and see what responds. If it's your router, and if it has this same kind of useless login credentials, they can easily get into the router's settings and see your wireless password. From there, they can ride on your Internet account and see much of what you do. Including (if they have the skills), see what your devices are doing since they are now on the same side of the router's firewall as you are. And as your hackers did, add redirecting entries.

Once logged in to the router, open its setting pages. Go into wireless security, disable all wireless broadcasting and save the settings. You must do this first. Doing so will instantly kick anyone off of your network who shouldn't be there, and will prevent them from seeing what you're going to do next. Resetting the router will have already broken their connection, but you also want to make it difficult for them to get back in.