Malware damaging ASUS routers?

[imardevries]

Indeed what I started thinking, so I did a reset just now and managed to gain access via the web GUI; after uploading old backup settings it now seems to work just fine, WiFi and all. I immediately shut down AiCloud. Interestingly, I saw I already had the router running on the latest firmware (https://www.snbforums.com/threads/asus-rt-ax82u-firmware-version-3-0-0-4-388_25017-2024-11-18.92963/), so perhaps that saved it from disaster after acess was gained via AiCloud...?

 

[iFrogMac]

Indeed what I started thinking, so I did a reset just now and managed to gain access via the web GUI; after uploading old backup settings it now seems to work just fine, WiFi and all. I immediately shut down AiCloud. Interestingly, I saw I already had the router running on the latest firmware (https://www.snbforums.com/threads/asus-rt-ax82u-firmware-version-3-0-0-4-388_25017-2024-11-18.92963/), so perhaps that saved it from disaster after acess was gained via AiCloud...?

possible your issue wasn't related to malware, if you had already patched the router, and it just needed a factory reset.

 

[imardevries]

I am very much puzzled because I *was* locked out of my router with the identified malware-related message saying more than 10 wrong username/password attempts had been registered, while I had not tried to do anything of the sorts. Also, having shut down AiCloud it still pops up as a service the router seems to be running when checking via Shodan (albeit with a 401 Unauthorized status, mentioning lighttpd/1.4.39 as the server) -- or is this a mislabeled flag that actually says Web Access from WAN is active (due to the Asus Router app)?

 

[myol]

Can anyone recommend or link to the latest method of performing a nvram dump (and restore?)

I came across this thread but the last comment by RMerlin is that it no longer works with recent releases. Is there a newer method?

 

[ColinTaylor]

Can anyone recommend or link to the latest method of performing a nvram dump (and restore?)

I came across this thread but the last comment by RMerlin is that it no longer works with recent releases. Is there a newer method?

Use the option in the webUI.

Administration - Restore/Save/Upload Setting: Save setting / Restore setting

 

[Ripshod]

If you have ssh enabled login via ssh and issue the following command

nvram dump > dump.txt

Then just download the dump.txt file. That's your backup of everything in nvram, but it shouldn't ever be restored to the router as it is. It's directly readable and then info you need to restore can just be entered in the normal way.

 

[Mittenz]

Two AX11000 dead wifi after factory restore.

What now? Leave asus forever for another brand?

 

[Ripshod]

Two AX11000 dead wifi after factory restore.

What now? Leave asus forever for another brand?

Latest asus firmware may just bring them back to life

 

[Tech9]

Latest asus firmware may just bring them back to life

It did bring them back and in super hero mode.

Frimware Broke Router - 2.4ghz now showing channels 1 - 14; both wifi 5 showing 36 - 165. Help!

Reset Button, WPS reset method, GUI reset - nothing is fixing my router anymore. Since upgrading to the new merlin, my wifi is no longer showing 2.4, 5_1, 5_2, im stuck and unsure what do to anymore. I think the frimware broke the router somehow, as the 5_2 is now showing 160mhz in settings...

www.snbforums.com

 

[Mittenz]

Already flashed 3 asus versions, wifi dead.

Any other methods? Is asus support offering replacements?

 

[iFrogMac]

Already flashed 3 asus versions, wifi dead.

Any other methods? Is asus support offering replacements?

Did you contact @ColinTaylor? He's helped quite a few people restore their routers. My understanding though was the latest firmware was supposed to rebuild whatever structure was deleted / corrupted on flash. Maybe reach out to him anyway.

 

[Ripshod]

Already flashed 3 asus versions, wifi dead.

If we're talking GT-AX11000 then you have tried this one?

Release - ASUS GT-AX11000 Firmware version 3.0.0.4.388_24394 (2024/11/13)

Version 3.0.0.4.388_24394 70.72 MB 2024/11/13 1. Strengthened input validation and data processing workflows to further protect information security. 2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts. 3. Enhanced device security through...

www.snbforums.com

 

[Mittenz]

Yep its running on it right now.

2.4 is showing 1 - 14 channels
5.0 36 - 165

No wifi still.

I reset, re-flashed and reinitialize, restored i worked on this for 7hrs until 5am last night.

 

[Ripshod]

Yep its running on it right now.

2.4 is showing 1 - 14 channels
5.0 36 - 165

No wifi still.

I reset, re-flashed and reinitialize, restored i worked on this for 7hrs until 5am last night.

Then it's possible your problem is not related to this thread. We should continue in your other thread, as @Tech9 linked above.

 

[Tech9]

Then it's possible your problem is not related to this thread.

It is perhaps related, but the firmware for this model doesn't contain the fix like firmware for RT-AX86U. So far only the most affected RT-AX86U was reported to come back to life after latest Asuswrt.

 

[Ripshod]

Very true, but I had a very similar experience to this over a year ago. Thankfully I was able to restore the zeroed MACs by restoring from a backup. I've moved to the other thread.

 

[iFrogMac]

Very true, but I had a very similar experience to this over a year ago. Thankfully I was able to restore the zeroed MACs by restoring from a backup. I've moved to the other thread.

That's why I suggested he contact Colin Taylor because it might be something he can help fix. He did quite a few people's routers before the official update came out from Asus.

 

[Tech9]

@CrashXRu may have configuration files for this model router, but my suggestion is to contact Asus Support first.

 

[CrashXRu]

@CrashXRu may have configuration files for this model router, but my suggestion is to contact Asus Support first.

I have configurations for most ASUS routers including the new WiFi 7 models, with the exception of the business series, which I did not receive for testing.