What's new

Malware damaging ASUS routers?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You perhaps realize >90% of the users run stock Asuswrt and are completely unaware of the issue.
 
You perhaps realize >90% of the users run stock Asuswrt and are completely unaware of the issue.
Yes sir, I do indeed.

However for those concerned about the issue and wanting a solution that is available now, folks that might have been considering but not taken the leap to ASUS Merlin FW, or do not know about it but are willing to give it a whirl, I do not think it unreasonable to make them aware of the options currently available.
 
Correct. @iFrogMac Check the /jffs/asd folder.
Thanks, I will need to enable SSH correct? I typically haven't done that after my Router capable running DD-WRT died, and that's pretty much why I decided to stick with Asus, because their stock firmware is the closest thing I've found to something like DD-WRT, compared to other brands.
 
Thanks, I will need to enable SSH correct? I typically haven't done that after my Router capable running DD-WRT died, and that's pretty much why I decided to stick with Asus, because their stock firmware is the closest thing I've found to something like DD-WRT, compared to other brands.

Yeah, you need to enable SSH, but ONLY for the LAN (LAN only, okay?) and please, for the love of tech, don’t use the standard port 22 - pick a random free port that’s not on the well-known ports list.

Once that’s done, fire up something like PuTTY and check if the signature files are chilling in the /jffs/asd folder.

Oh, and seriously, if you have no clue what any of this means, don’t even think about it - messing around with random commands is a fast track to disaster.
 
Yeah, you need to enable SSH, but ONLY for the LAN (LAN only, okay?) and please, for the love of tech, don’t use the standard port 22 - pick a random free port that’s not on the well-known ports list.

Once that’s done, fire up something like PuTTY and check if the signature files are chilling in the /jffs/asd folder.

Oh, and seriously, if you have no clue what any of this means, don’t even think about it - messing around with random commands is a fast track to disaster.
Thanks, and yes I understand all of this. I just haven't had to do it in a while. I mainly leave stuff like this disabled for security reasons unless I NEED it. Since I use macOS, or Linux most of the time, will just use the ssh command in terminal. I was mainly trying to decide if the RT-AX86U was even worth it at this point to patch since I got a new router with newer firmware, and it has the separate toggle for security updates in addition to firmware updates as @Tech9 mentioned. Thanks again. If I decide to use the 86U again for any length of time, I'll check the jfs directory mentioned.
 
@iFrogMac "I mainly leave stuff like this disabled for security reasons unless I NEED it." Wow, truly, reading that feels like a warm hug from common sense 💙.
Thank you. That's pretty much why I replaced the hardware too, that and wanting access to more than just one 2.5G ethernet port. I figured at this point, it wasn't safe long term as the main router anymore, but as a backup, it would be OK. Especially since I was looking for things that required an upgrade anyway. Either way, I'll keep an eye out and see if Asus does anymore official firmware updates for it. I did read an official article from Asus stating that the RT-AX86U was officially due to end support in 2025 (in Singapore ), so I wonder if the rest of the world will follow shortly after that. I couldn't find any additional info.
Edited to include the Link referenced: https://www.asus.com/support/faq/1051375/
 
Last edited:
So in my firmware upgrade tab there's no mention of the 'Security Update' or ASD version.

I'm assuming I've disabled this at some point, is there an easy way to re-enable it? It doesn't seem obvious?

Edit:
Enabled AI Protection, that prompted me to accept the terms. Signature update then appeared under the firmware upgrade tab. Last updated June of last year. Checked for update and bumped it to 2.430.

Disabled AI Protection, that signature update has now gone.

Is that for ASD, or purely for trend micro?
 
Last edited:
So in my firmware upgrade tab there's no mention of the 'Security Update' or ASD version.

I'm assuming i've disabled this at some point, is there an easy way to re-enable it? It doesn't seem obvious?
The impression I've gotten having the same question is the SSH method looking into the directory mentioned is the only way to see if it's been updated.
 
@Jbennett360, here is how RMerlin explains ASD:
It's not related to Trend Micro. It's a separate security daemon from Asus, that handle security-related issues on the router itself. They provide a special set of signature files specific to Asuswrt-Merlin that automatically gets downloaded from them.
It is running all the time. If it was able to be disabled then malware would target it and disable it in order to infect the router. The ASD service scans the router for malware.

Edit to add: And RMerlin also explains in another discussion that if you absolutely must try to manually update the ASD signature files (when using Asus-Merlin), if there is no option to update them through the router GUI, then delete the files (in the /jffs/asd/ directory) and they'll be redownloaded by the router firmware.
 
Last edited:
@Jbennett360, here is how RMerlin explains ASD:

It is running all the time. If it was able to be disabled then malware would target it and disable it in order to infect the router. The ASD service scans the router for malware.

Edit to add: And RMerlin also explains in another discussion that if you absolutely must try to manually update the ASD signature files (when using Asus-Merlin), if there is no option to update them through the router GUI, then delete the files (in the /jffs/asd/ directory) and they'll be redownloaded by the router firmware.
Thanks for the clarification.

So do we know what the Security Upgrade is that's mentioned here? - https://www.snbforums.com/threads/security-upgrade-option-on-rt-ax88u-pro.88714/

Rebadged signatures?
 
Hi all,

I did try to look around the forum for this answer, so I will ask the question here as well in case any other person with the same issue is having the same difficulty as I finding their way.

I am one of those affected by this recent surge of AX86U issues, so I am left with a dumb brick for the time being.
Is there any way to recover the device once you have been affected? If so, how?

Thank you.
 
Hi all,

I did try to look around the forum for this answer, so I will ask the question here as well in case any other person with the same issue is having the same difficulty as I finding their way.

I am one of those affected by this recent surge of AX86U issues, so I am left with a dumb brick for the time being.
Is there any way to recover the device once you have been affected? If so, how?

Thank you.
 
So, if you had a never used still in the box AX86U (not Pro nor S) that you got for a backup what would you do with it?

Don't connect it to the internet and flash the RMerlin "3004.388.8_4" firmware via direct Ethernet to PC connection.



Once the reboot takes place wait 10 min then reboot and configure and connect to WAN.
 
That depends entirely what it is a backup for. Another RT-AX86U? Something else? What is the use case?
Actually I got the AX86U for a backup to my AC86U at a time when a lot of those from the year I bought my AC86U were dying. But mine continued to work flawlessly (hope I didn't just jinx it) so I never switched to the AX86U.

Doing that was something I had planned for this coming holiday season and now this new issue with the AX86U appeared. So I'm wondering if I should keep the AX86U and switch to it after ASUS releases a new firmware for it (if they do) or if I should just move on to a newer router since it appears the AX86U may be reaching EOL.
 
Actually I got the AX86U for a backup to my AC86U at a time when a lot of those from the year I bought my AC86U were dying. But mine continued to work flawlessly (hope I didn't just jinx it) so I never switched to the AX86U.

Doing that was something I had planned for this coming holiday season and now this new issue with the AX86U appeared. So I'm wondering if I should keep the AX86U and switch to it "after ASUS releases a new firmware for it" (if they do) or if I should just move on to a newer router since it appears the AX86U may be reaching EOL.

RE-READ my post #177. You don't need to wait for ASUS, it's patched.

and while you are at it patch the AC86U: " 386.14_2 "

 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top