Cleaning VPNFilter malware from Asus RT-N66U

[djc6]

My sister has an Asus RT-N66U router I'm sure hasn't had a firmware upgrade since I handed it down to her years ago.

Anyone know of any official recommended steps to cleanup any malware from the router? Will a firmware update take care of it? Should I factory reset first?

I was looking for an Asus forum, but seems its a victim of GDPR Which is a lame excuse, they've had 2+ years notice. We'd been preparing at work for it for a long time.

Ars Technica put a few more Asus routers on the list affected yesterday:

https://arstechnica.com/information...cting-50000-devices-is-worse-than-we-thought/

 

[ColinTaylor]

Use the search function. There's already a discussion about VPNFilter here.

 

[djc6]

Thanks. I did do a search first before posting - but my search was limited to Asus subforum by default it seems, I only got one thread back in search results.

 

[djc6]

Doesn't appear there are any proposed remediation steps - latest firmware for RT-N66U may still be vulnerable.

 

[RMerlin]

Rebooting will remove stage 2. Nobody knows yet how to remove stage 1, as it hasn't been disclosed how stage 1 attains persistence.

 

[Killzusall]

Hi, I have checked my RT-N66U and believe it is currently unaffected, can anyone advise if the latest Merlin firmware (380.70) will protect against this malware if it is yet to have been attacked (i.e. preventively)?

 

[ColinTaylor]

See the answers the VPNFilter thread.

 

[Killzusall]

See the answers the VPNFilter thread.

Thanks ColinTaylor