What's new

Malware damaging ASUS routers?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You perhaps realize >90% of the users run stock Asuswrt and are completely unaware of the issue.
 
You perhaps realize >90% of the users run stock Asuswrt and are completely unaware of the issue.
Yes sir, I do indeed.

However for those concerned about the issue and wanting a solution that is available now, folks that might have been considering but not taken the leap to ASUS Merlin FW, or do not know about it but are willing to give it a whirl, I do not think it unreasonable to make them aware of the options currently available.
 
Correct. @iFrogMac Check the /jffs/asd folder.
Thanks, I will need to enable SSH correct? I typically haven't done that after my Router capable running DD-WRT died, and that's pretty much why I decided to stick with Asus, because their stock firmware is the closest thing I've found to something like DD-WRT, compared to other brands.
 
Thanks, I will need to enable SSH correct? I typically haven't done that after my Router capable running DD-WRT died, and that's pretty much why I decided to stick with Asus, because their stock firmware is the closest thing I've found to something like DD-WRT, compared to other brands.

Yeah, you need to enable SSH, but ONLY for the LAN (LAN only, okay?) and please, for the love of tech, don’t use the standard port 22 - pick a random free port that’s not on the well-known ports list.

Once that’s done, fire up something like PuTTY and check if the signature files are chilling in the /jffs/asd folder.

Oh, and seriously, if you have no clue what any of this means, don’t even think about it - messing around with random commands is a fast track to disaster.
 
Yeah, you need to enable SSH, but ONLY for the LAN (LAN only, okay?) and please, for the love of tech, don’t use the standard port 22 - pick a random free port that’s not on the well-known ports list.

Once that’s done, fire up something like PuTTY and check if the signature files are chilling in the /jffs/asd folder.

Oh, and seriously, if you have no clue what any of this means, don’t even think about it - messing around with random commands is a fast track to disaster.
Thanks, and yes I understand all of this. I just haven't had to do it in a while. I mainly leave stuff like this disabled for security reasons unless I NEED it. Since I use macOS, or Linux most of the time, will just use the ssh command in terminal. I was mainly trying to decide if the RT-AX86U was even worth it at this point to patch since I got a new router with newer firmware, and it has the separate toggle for security updates in addition to firmware updates as @Tech9 mentioned. Thanks again. If I decide to use the 86U again for any length of time, I'll check the jfs directory mentioned.
 
@iFrogMac "I mainly leave stuff like this disabled for security reasons unless I NEED it." Wow, truly, reading that feels like a warm hug from common sense 💙.
Thank you. That's pretty much why I replaced the hardware too, that and wanting access to more than just one 2.5G ethernet port. I figured at this point, it wasn't safe long term as the main router anymore, but as a backup, it would be OK. Especially since I was looking for things that required an upgrade anyway. Either way, I'll keep an eye out and see if Asus does anymore official firmware updates for it. I did read an official article from Asus stating that the RT-AX86U was officially due to end support in 2025 (in Singapore ), so I wonder if the rest of the world will follow shortly after that. I couldn't find any additional info.
Edited to include the Link referenced: https://www.asus.com/support/faq/1051375/
 
Last edited:
So in my firmware upgrade tab there's no mention of the 'Security Update' or ASD version.

I'm assuming I've disabled this at some point, is there an easy way to re-enable it? It doesn't seem obvious?

Edit:
Enabled AI Protection, that prompted me to accept the terms. Signature update then appeared under the firmware upgrade tab. Last updated June of last year. Checked for update and bumped it to 2.430.

Disabled AI Protection, that signature update has now gone.

Is that for ASD, or purely for trend micro?
 
Last edited:
So in my firmware upgrade tab there's no mention of the 'Security Update' or ASD version.

I'm assuming i've disabled this at some point, is there an easy way to re-enable it? It doesn't seem obvious?
The impression I've gotten having the same question is the SSH method looking into the directory mentioned is the only way to see if it's been updated.
 
@Jbennett360, here is how RMerlin explains ASD:
It's not related to Trend Micro. It's a separate security daemon from Asus, that handle security-related issues on the router itself. They provide a special set of signature files specific to Asuswrt-Merlin that automatically gets downloaded from them.
It is running all the time. If it was able to be disabled then malware would target it and disable it in order to infect the router. The ASD service scans the router for malware.

Edit to add: And RMerlin also explains in another discussion that if you absolutely must try to manually update the ASD signature files (when using Asus-Merlin), if there is no option to update them through the router GUI, then delete the files (in the /jffs/asd/ directory) and they'll be redownloaded by the router firmware.
 
Last edited:
@Jbennett360, here is how RMerlin explains ASD:

It is running all the time. If it was able to be disabled then malware would target it and disable it in order to infect the router. The ASD service scans the router for malware.

Edit to add: And RMerlin also explains in another discussion that if you absolutely must try to manually update the ASD signature files (when using Asus-Merlin), if there is no option to update them through the router GUI, then delete the files (in the /jffs/asd/ directory) and they'll be redownloaded by the router firmware.
Thanks for the clarification.

So do we know what the Security Upgrade is that's mentioned here? - https://www.snbforums.com/threads/security-upgrade-option-on-rt-ax88u-pro.88714/

Rebadged signatures?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top