The first step is to identify the router that has been compromised. This can be done by using a variety of methods, such as:

- Looking for suspicious activity in the router's logs.

- Scanning the network for open ports or services that shouldn't be there.

- Checking the router's firmware for known vulnerabilities.

Step 2: Isolate the compromised router

Once the compromised router has been identified, it should be isolated from the rest of the network. This can be done by:

- Physically disconnecting the router from the network.

- Changing the router's IP address so that it is no longer accessible from the rest of the network.

Step 3: Investigate the compromised router

The next step is to investigate the compromised router to determine how it was compromised and what damage has been done. This can be done by:

- Examining the router's logs for suspicious activity.

- Scanning the router for malware or other malicious software.

- Checking the router's configuration for any changes that could have been made by a hacker.

Step 4: Clean the compromised router

Once the investigation is complete, the compromised router should be cleaned to remove any malware or other malicious software. This can be done by:

- Restoring the router to its factory default settings.

- Updating the router's firmware to the latest version.

- Enabling security features such as firewalls and intrusion detection systems.

Step 5: Monitor the network for further attacks

Finally, the network should be monitored for any further attacks. This can be done by using a variety of methods, such as:

- Setting up intrusion detection systems and firewalls.

- Regularly scanning the network for suspicious activity.

- Keeping the router's firmware up to date.