What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Malware damaging ASUS routers?

chetansha said:
Am i the only one not able to connect with CrashXRu ?
Click to expand...
I contacted him through Telegram.
Kingp1n said:
Telegram:

www.snbforums.com

Malware damaging ASUS routers?

Nothing really new and unusual in the EULA and Privacy Notice. They are there because some countries/regions now require full disclosure of what user data will be collected, where is will be stored and how it will be used. Asus does whatever they were doing before, just informing you now in a...
www.snbforums.com www.snbforums.com
Click to expand...
 
Hey guys, I've been checking the forum from time to time to see if there were any updates regarding the RT-AX86U. So far, I haven't seen any new threads posted about new firmware, or threats. I thought I would post here to see if there were any new threats to be aware of, that I may just not have seen, or if everything is stable now. Checking between the AsusWRT Official section, and the Asus WiFi 6/6e section hasn't shown any updates. So. I'm taking that as a good sign that the router is no longer at risk as long as the latest firmware has been applied, and the specific features affected, are disabled.
 
@CrashXRu thank you so much for your help and fixing one lost soul of RT-AX88U, mtd10 factory files came back, you know the best part is I flashed merlin firmware after restore and ai mesh works trouble free. Now, I have RT-AX88U main router and three RT-AC68U mesh node, everything works perfect, medal of honor should be your. Thanks for your help
 
Hi guys. I´m from Rio de Janeiro, Brazil. My name is Guilherme and I am with the same problem that most of you said here. My Asus RT-AX86U stop showing wifi SSIDs and stop blinking the led lights. Every other functions are ok. My router is with latest firmware version (FW_RT_AX86U_RT_AX86S_300438824386).
I searched a lot on the internet (google, youtube etc), but no success until I ran into this forum. If anyone could help me, I´ll apreciate a lot.
 
EdgarPoeXDA said:
UPDATE:
@CrashXRu is awesome! Our router like totally forgot its own identity after the attack. He had our gt-ax11000 back up and running in under 5 minutes, even better than the day it was bought. He's helped out a lot of members here.

If you SSH these commands and they end up returning nothing for each, then your router was hacked or zombied somehow and needs some reconfiguring:

ATE Get_DateCode
ATE Get wBom
ATE Get_HwId
ATE Get_HwVersion
ATE Get_PINCode
ATE Get_ModelName
ATE Get_SerialNumber
ATE Get_ TerritoryCode

Thanks again CrashxRu (Ruslan^2), you're a tremendous asset to this forum. 🍻
(His Telegram QR Code is attached below)

...............................

OP. (Saturday, March 29th):
In the sinking boat with my GT-AX11000. Thanks so much for this report!
Mesh broke down, after a few years of solid operation. Out of nowhere the AX11000 factory reset itself. After that, can't re-establish mesh, and srarted having issues with self resets every half hour or so when memory runs out (actually sat and watched as crazy cpu going on and memory bar went to %100), and intermittent wifi. Only 5g-2 (N,AC,AX160) currently usable after a few hours each time installing firmware trials / factory resets. Almost looks like it would work fine with all radios at first, but then loosed 5g-1, and eventually 2g. I tried disabling those radios for now in Pro settings, but get the Country Code missing error.
Have an Orbi-mesh running until a possible fix is found.
I'll try getting ahold of CrashXRu ✌️
Click to expand...
I have a problem in another thread with an AX88U - can't contact the update server or asuscomm DDNS, everything else fine, no obvious signs of malware like high traffic open ports. Done full factory reset and manual config

BUT this post has me a bit paranoid. I have enable SSH LAN only on port 22 on the router.

Using cmd in Windows 11 I can ssh into the router with username and password but when trying to run any of these commands I get

"Error resolving 'ATE' port '22'. Name or service not known usernam@RT-AX88U-6EB8:/tmp/home/root#"

Is this a malware sign or errors in how I'm inputting ssh commands?!
 
ColinTaylor said:
Possibly (see this thread). What is the output of these commands:
Code: 
df -a
ls -altr /tmp/
ps T
netstat -nltp
find /jffs
Click to expand...
Thanks I can't input the df -a command without getting

df: invalid option -- 'a'

Otherwise, any tip on how to copy all of the other output which is huge into the post. I don't see any of the suspicious type files in jffs like those mentioned in the thread you linked to
 
bwj said:
Thanks I can't input the df -a command without getting

df: invalid option -- 'a'
Click to expand...
My mistake. Instead of "df -a" use "df" instead.


bwj said:
Otherwise, any tip on how to copy all of the other output which is huge into the post. I don't see any of the suspicious type files in jffs like those mentioned in the thread you linked to
Click to expand...
Put the output in a CODE block by clicking on the </> editor option at the top of your post. Break it up into separate blocks if there's too much output.
 
Last edited:
ColinTaylor said:
My mistake. Instead of "df -a" use "df" instead.



Put the output in a CODE block by clicking on the </> editor option at the top of your post. Break it up into separate blocks if there's too much output.
Click to expand...
Appreciated thanks - logs posted with my username redacted and in two post as more than 10000 characters!

Code: 
C:\Windows\System32>ssh [email protected]
[email protected]'s password:


ASUSWRT-Merlin RT-AX88U 3004.388.9_2 Mon Apr 28 21:28:18 UTC 2025
username@RT-AX88U-6EB8:/tmp/home/root# df
Filesystem           1K-blocks      Used Available Use% Mounted on
ubi:rootfs_ubifs         71104     69304      1800  97% /
devtmpfs                451644         0    451644   0% /dev
tmpfs                   451760       624    451136   0% /var
tmpfs                   451760      3924    447836   1% /tmp/mnt
mtd:bootfs                5248      4284       964  82% /bootfs
mtd:data                  8192      6008      2184  73% /data
tmpfs                   451760      3924    447836   1% /tmp/mnt
tmpfs                   451760      3924    447836   1% /tmp
/dev/mtdblock9           64512      1876     62636   3% /jffs
username@RT-AX88U-6EB8:/tmp/home/root# ls -altr /tmp/
drwxr-xr-x    4 username root            80 Jan  1  1970 var
drwxr-xr-x    2 username root            40 Jan  1  1970 share
-rw-r--r--    1 username root             0 Jan  1  1970 settings
drwxr-xr-x    3 username root            60 Jan  1  1970 notify
drwxr-xr-x    2 username root            40 Jan  1  1970 inadyn.cache
drwxr-xr-x    3 username root            60 Jan  1  1970 home
drwxr-xr-x    3 username root            60 Jan  1  1970 confmtd
-rw-r--r--    1 username root             9 Jan  1  1970 misc.json
drwxrwxrwx    2 username root            40 Jan  1  2024 netool
-rwS-wS---    1 username root             0 Jan  1  2024 ebtables.lock
-rw-rw-rw-    1 username root             0 Jan  1  2024 asd.init
-rw-rw-rw-    1 username root           343 Jan  1  2024 run_lldpd.sh
-rw-rw-rw-    1 username root             0 Jan  1  2024 mastiff_log
-rw-rw-rw-    1 username root             5 Jan  1  2024 mastiff.pid
-rw-rw-rw-    1 username root            52 Jan  1  2024 lldpd_bind_ifnames
drwxrwxrwx    3 username root            80 Jan  1  2024 avahi
drwxrwxrwx    2 username root            40 Jan  1  2024 asusfbsvcs
drwxr-xr-x    2 username root            40 Jan  1  2024 cfg_mnt
drwxrwxrwx   21 username root          1840 Apr 28 22:49 ..
-rw-rw-rw-    1 username root          3168 Oct  4 17:42 release_note0.txt
-rw-rw-rw-    1 username root             0 Oct 16 23:52 aaews_log
drw-------    2 username root            60 Oct 16 23:52 bwdpi
-rw-rw-rw-    1 username root            18 Oct 16 23:52 rast_stc_idx1
-rw-rw-rw-    1 username root            18 Oct 16 23:52 rast_stc_idx0
-rw-rw-rw-    1 username root           185 Oct 16 23:52 chanspec_avbl.txt
-rw-r--r--    1 username root            31 Oct 16 23:52 A0:36:BC:9D:01:60.bi
-rw-r--r--    1 username root            67 Oct 16 23:54 2C:7B:A0:86:D1:84_bcn_rpt
-rw-r--r--    1 username root            67 Oct 16 23:54 62:29:D1:E0:2E:A2_bcn_rpt
-rw-r--r--    1 username root            67 Oct 16 23:55 78:3E:53:73:EB:C6_bcn_rpt
lrwxrwxrwx    1 username root             8 Oct 16 23:56 zcip -> /sbin/rc
lrwxrwxrwx    1 username root             8 Oct 16 23:56 wpa_cli -> /sbin/rc
-rw-rw-rw-    1 username root           943 Oct 16 23:56 wl0_hapd.conf
lrwxrwxrwx    1 username root             8 Oct 16 23:56 udhcpc_wan -> /sbin/rc
lrwxrwxrwx    1 username root             8 Oct 16 23:56 dhcp6c -> /sbin/rc
-rw-rw-rw-    1 username root           944 Oct 16 23:56 wl1_hapd.conf
-rw-rw-rw-    1 username root             0 Oct 16 23:56 lld2d.conf
-rwxr-xr-x    1 username root         38078 Oct 16 23:56 icon.large.ico
-rwxr-xr-x    1 username root          9662 Oct 16 23:56 icon.ico
-rw-rw-rw-    1 username root            16 Oct 16 23:56 hw_auth_clm
-rw-r--r--    1 username root            90 Oct 16 23:56 relist.json
-rw-rw-rw-    1 username root            92 Oct 16 23:56 obvsie
-rw-rw-rw-    1 username root             1 Oct 16 23:56 obstatus
-rw-rw-rw-    1 username root            92 Oct 16 23:56 guest_vsie
-rw-r--r--    1 username root           424 Oct 16 23:56 chanspec_private.json
-rw-r--r--    1 username root            72 Oct 16 23:56 .cap
srwxrwxrwx    1 username root             0 Oct 16 23:56 wpa_ctrl_6594-2
drwxrwxrwx    2 username root           100 Oct 16 23:56 dm
-rw-r--r--    1 username root           185 Oct 16 23:56 aplist.json
drwxrwxrwx    2 username root           180 Oct 17 00:00 nc
-rw-rw-rw-    1 username root           682 Oct 17 00:00 awsiot_log
-rw-rw-rw-    1 username root          4286 Oct 17 00:45 lighttpd.conf
drwxrwxrwx    5 username root           240 Oct 17 00:45 lighttpd
-rw-------    1 username root          1070 Oct 17 01:05 https_srv.csr
-rw-r--r--    1 username root            17 Oct 17 10:20 A0:36:BC:9D:01:60.misc
-rw-r--r--    1 username root           207 Oct 17 10:20 A0:36:BC:9D:01:60.cap
-rw-r--r--    1 username root           454 Oct 17 10:20 wchannel.json
-rw-r--r--    1 username root           245 Oct 17 10:20 chanspec_avbl.json
-rw-r--r--    1 username root           864 Oct 17 10:20 chanspec_all.json
-rw-r--r--    1 username root           425 Oct 17 10:20 A0:36:BC:9D:01:60.json
-rw-rw-rw-    1 username root           223 Oct 17 14:03 webs_upgrade.log
-rw-------    1 username root           261 Oct 17 14:04 wan0_ppp6.env
-rw-------    1 username root           307 Oct 17 14:04 wan0_ppp.env
-rw-rw-rw-    1 username root            10 Oct 17 14:04 udhcpc0.expires
drwxrwxrwx    3 username root           300 Oct 17 14:04 ppp
-rw-rw-rw-    1 username root           590 Oct 17 14:04 wan0_bound6.env
-rw-r--r--    1 username root            30 Oct 17 14:04 resolv.dnsmasq
-rw-r--r--    1 username root            38 Oct 17 14:04 resolv.conf
-rw-rw-rw-    1 username root             0 Oct 17 14:57 syscmd.log
drwxr-xr-x   11 username root          1780 Oct 17 17:06 etc
-rw-rw-rw-    1 username root          1754 Oct 17 17:06 redirect_rules
-rw-------    1 username root          1581 Oct 17 17:06 nat_rules_ppp0_eth0
lrwxrwxrwx    1 username root            24 Oct 17 17:06 nat_rules -> /tmp/nat_rules_ppp0_eth0
-rw-------    1 username root          5102 Oct 17 17:06 filter_rules_ipv6
-rw-------    1 username root          5134 Oct 17 17:06 filter_rules
-rw-rw-rw-    1 username root           730 Oct 17 17:06 filter_ipv6.default
-rw-rw-rw-    1 username root           888 Oct 17 17:06 filter.default
drwxrwxrwx    2 username root            40 Oct 17 17:09 mnt
-rw-rw-rw-    1 username root        262155 Oct 17 17:51 syslog.log-1
-rw-rw-rw-    1 username root         65575 Oct 17 20:56 ce0.log.bak
-rw-rw-rw-    1 username root          5404 Oct 17 20:57 diag_port_status.json
drwxrwxrwx    2 username root           120 Oct 18 00:12 asusdebuglog
-rw-r--r--    1 username root         15500 Oct 18 00:35 nmp_cache.js
-rw-rw-rw-    1 username root           270 Oct 18 00:41 usb.log
-rw-rw-rw-    1 username root         40746 Oct 18 01:05 ce0.log
-rw-r--r--    1 username root           121 Oct 18 01:13 current_wired_client_list.json
-rw-r--r--    1 username root           550 Oct 18 01:14 allwclientlist.json
-rw-rw-rw-    1 username root          3406 Oct 18 01:14 dev
-rw-r--r--    1 username root           294 Oct 18 01:14 wiredclientlist.json
-rw-rw-rw-    1 username root        198029 Oct 18 01:14 syslog.log
-rw-r--r--    1 username root          1074 Oct 18 01:15 clientlist.json
drw-rw-rw-    2 username root           280 Oct 18 01:15 .diag
drwxrwxrwx   21 username root          1860 Oct 18 01:15 .
-rw-rw-rw-    1 username root             0 Oct 18 01:15 watchdog_heartbeat
 
Code: 
username@RT-AX88U-6EB8:/tmp/home/root# netstat -nltp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 192.168.50.1:49152      0.0.0.0:*               LISTEN      7497/hostapd

tcp        0      0 192.168.50.1:49152      0.0.0.0:*               LISTEN      6586/hostapd

tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN      6489/wanduck

tcp        0      0 127.0.0.1:47753         0.0.0.0:*               LISTEN      4519/mcpd

tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN      4296/smbd

tcp        0      0 192.168.50.1:139        0.0.0.0:*               LISTEN      4296/smbd

tcp        0      0 0.0.0.0:7788            0.0.0.0:*               LISTEN      7361/cfg_server

tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      6804/httpd

tcp        0      0 192.168.50.1:80         0.0.0.0:*               LISTEN      6804/httpd

tcp        0      0 0.0.0.0:35761           0.0.0.0:*               LISTEN      4268/miniupnpd

tcp        0      0 0.0.0.0:8082            0.0.0.0:*               LISTEN      16274/lighttpd

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      4381/dnsmasq

tcp        0      0 192.168.50.1:53         0.0.0.0:*               LISTEN      4381/dnsmasq

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      31636/dropbear

tcp        0      0 0.0.0.0:3702            0.0.0.0:*               LISTEN      4400/wsdd2

tcp        0      0 127.0.0.1:55000         0.0.0.0:*               LISTEN      6614/ceventd

tcp        0      0 86.148.206.108:8443     0.0.0.0:*               LISTEN      4252/httpds

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      16274/lighttpd

tcp        0      0 127.0.0.1:8443          0.0.0.0:*               LISTEN      6802/httpds

tcp        0      0 192.168.50.1:8443       0.0.0.0:*               LISTEN      6802/httpds

tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN      4296/smbd

tcp        0      0 192.168.50.1:445        0.0.0.0:*               LISTEN      4296/smbd

tcp        0      0 fe80::aa5e:45ff:feaf:6eb8:139 :::*                    LISTEN      4296/smbd

tcp        0      0 :::80                   :::*                    LISTEN      6804/httpd

tcp        0      0 2a00:23c8:276d:ae00::1:53 :::*                    LISTEN      4381/dnsmasq

tcp        0      0 ::1:53                  :::*                    LISTEN      4381/dnsmasq

tcp        0      0 fe80::aa5e:45ff:feaf:6eb8:53 :::*                    LISTEN      4381/dnsmasq

tcp        0      0 :::22                   :::*                    LISTEN      31636/dropbear

tcp        0      0 :::3702                 :::*                    LISTEN      4400/wsdd2

tcp        0      0 :::8443                 :::*                    LISTEN      4252/httpds

tcp        0      0 :::8443                 :::*                    LISTEN      6802/httpds

tcp        0      0 fe80::aa5e:45ff:feaf:6eb8:445 :::*                    LISTEN      4296/smbd

username@RT-AX88U-6EB8:/tmp/home/root# find /jffs

/jffs

/jffs/scripts

/jffs/cert.tgz

/jffs/wlcnt.json

/jffs/syslog.log

/jffs/syslog.log-1

/jffs/addons

/jffs/ca_files

/jffs/nmp_cl_json.js

/jffs/asd.log

/jffs/.diag

/jffs/asd

/jffs/asd/versionbk

/jffs/.ssh

/jffs/.ssh/dropbear_ecdsa_host_key

/jffs/.ssh/dropbear_ecdsa_host_key.pub

/jffs/.ssh/dropbear_rsa_host_key

/jffs/.ssh/dropbear_ed25519_host_key

/jffs/.ssh/dropbear_rsa_host_key.pub

/jffs/.ssh/dropbear_ed25519_host_key.pub

/jffs/configs

/jffs/usericon

/jffs/usericon/usericon_md5.json

/jffs/nvram

/jffs/nvram/asus_device_list

/jffs/nvram/ipsec_profile_client_1_ext

/jffs/nvram/wl1_rast_static_client

/jffs/nvram/vlan_rulelist

/jffs/nvram/wl1_acs_excl_chans_cfg

/jffs/nvram/MULTIFILTER_DEVICENAME

/jffs/nvram/sta_binding_list

/jffs/nvram/vpn_crt_server_dh

/jffs/nvram/wl_sched_v2

/jffs/nvram/wl1.1_maclist

/jffs/nvram/wl2_acs_excl_chans

/jffs/nvram/ipsec_profile_5_ext

/jffs/nvram/vlan_pvid_list

/jffs/nvram/bwdpi_stream_list

/jffs/nvram/vpn_crt_server_static

/jffs/nvram/vpnc_pptp_options_x_list

/jffs/nvram/wl0_acs_excl_chans

/jffs/nvram/ipsec_profile_client_4_ext

/jffs/nvram/wl0_maclist

/jffs/nvram/wl1.3_maclist

/jffs/nvram/vpn_crt_server_ca

/jffs/nvram/wl_sched

/jffs/nvram/bwdpi_wfh_list

/jffs/nvram/http_oauth_clientlist

/jffs/nvram/MULTIFILTER_MACFILTER_DAYTIME

/jffs/nvram/custom_clientlist

/jffs/nvram/ipsec_profile_2_ext

/jffs/nvram/subnet_rulelist

/jffs/nvram/ig_client_list

/jffs/nvram/ipsec_profile_2

/jffs/nvram/ipsec_profile_client_3

/jffs/nvram/vpn_server2_ccd_val

/jffs/nvram/ipsec_profile_4

/jffs/nvram/url_sched

/jffs/nvram/vpn_crt_server_crl

/jffs/nvram/custom_usericon_del

/jffs/nvram/vpnc_clientlist

/jffs/nvram/vts_rulelist

/jffs/nvram/app_cnonce_list

/jffs/nvram/dhcp_staticlist

/jffs/nvram/wl1_sched

/jffs/nvram/wl0_acs_excl_chans_base

/jffs/nvram/bwdpi_game_list

/jffs/nvram/sr_rulelist

/jffs/nvram/vpn_crt_client_static

/jffs/nvram/ipsec_client_list_1

/jffs/nvram/sshd_authkeys

/jffs/nvram/filter_wllist

/jffs/nvram/vpn_crt_server_client_crt

/jffs/nvram/wtf_rulelist

/jffs/nvram/wl1_maclist_x

/jffs/nvram/vpn_crt_client_ca

/jffs/nvram/wl_acs_excl_chans_dfs

/jffs/nvram/ig_guest_client_list

/jffs/nvram/ipsec_profile_client_2_ext

/jffs/nvram/ipsec_client_list_3

/jffs/nvram/wl1_sched_v2

/jffs/nvram/wl0.1_maclist

/jffs/nvram/pptpd_clientlist

/jffs/nvram/httpd_nonce_list

/jffs/nvram/MULTIFILTER_REWARD

/jffs/nvram/ipsec_client_list_5

/jffs/nvram/nc_setting_conf

/jffs/nvram/wl0.3_maclist

/jffs/nvram/cfg_device_list

/jffs/nvram/wrs_app_rulelist

/jffs/nvram/autofw_rulelist

/jffs/nvram/share_link_param

/jffs/nvram/vpn_server_custom

/jffs/nvram/vpn_crt_client_crl

/jffs/nvram/dns_ping_list

/jffs/nvram/game_vts_rulelist

/jffs/nvram/wl0_acs_excl_chans_valid

/jffs/nvram/OPTUS_MULTIFILTER_MAC

/jffs/nvram/ipsec_profile_4_ext

/jffs/nvram/wl1_chansps

/jffs/nvram/custom_usericon

/jffs/nvram/gvlan_rulelist

/jffs/nvram/keyword_sched

/jffs/nvram/wl_acs_excl_chans_dfs_2

/jffs/nvram/vpn_server1_ccd_val

/jffs/nvram/ipsec_profile_client_2

/jffs/nvram/vpn_crt_server_crt

/jffs/nvram/wl0_rast_static_client

/jffs/nvram/ipsec_profile_client_5_ext

/jffs/nvram/wl0_acs_excl_chans_cfg

/jffs/nvram/vpn_crt_server_key

/jffs/nvram/ipsec_profile_1_ext

/jffs/nvram/wl0_sched

/jffs/nvram/lb_skip_port

/jffs/nvram/wrs_rulelist

/jffs/nvram/wl1_acs_excl_chans

/jffs/nvram/wl1.2_maclist

/jffs/nvram/ipsec_profile_client_5

/jffs/nvram/wl0_maclist_x

/jffs/nvram/ipv6_fw_rulelist

/jffs/nvram/wl0_sched_v2

/jffs/nvram/filter_lwlist

/jffs/nvram/qos_bw_rulelist

/jffs/nvram/vpn_serverx_clientlist

/jffs/nvram/wl1.4_maclist

/jffs/nvram/share_link_result

/jffs/nvram/ipsec_profile_1

/jffs/nvram/oauth_dm_refresh_ticket

/jffs/nvram/url_rulelist

/jffs/nvram/MULTIFILTER_TMP

/jffs/nvram/ipsec_profile_3

/jffs/nvram/vpn_crt_client_crt

/jffs/nvram/wl0.2_gn_wbl_rule

/jffs/nvram/vpn_server_ccd_val

/jffs/nvram/ipsec_profile_5

/jffs/nvram/httpd_captcha_list

/jffs/nvram/ipsec_profile_client_3_ext

/jffs/nvram/wans_routing_rulelist

/jffs/nvram/vpn_crt_client_key

/jffs/nvram/wl_maclist_x

/jffs/nvram/keyword_rulelist

/jffs/nvram/wl1_acs_excl_chans_base

/jffs/nvram/ipsec_profile_client_1

/jffs/nvram/wl_rast_static_client

/jffs/nvram/ipsec_profile_3_ext

/jffs/nvram/wl1_acs_excl_chans_valid

/jffs/nvram/qos_rulelist

/jffs/nvram/ipsec_client_list_2

/jffs/nvram/MULTIFILTER_MACFILTER_DAYTIME_V2

/jffs/nvram/wl1_maclist

/jffs/nvram/wollist

/jffs/nvram/wl_maclist

/jffs/nvram/ipsec_client_list_4

/jffs/nvram/wl0.2_maclist

/jffs/nvram/dnsfilter_rulelist

/jffs/nvram/ipsec_profile_client_4

/jffs/nvram/qos_orates

/jffs/nvram/vpn_crt_server_client_key

/jffs/nvram/wl0.4_maclist

/jffs/nvram/cloud_sync

/jffs/nvram/pptpd_sr_rulelist

/jffs/nvram/MULTIFILTER_MAC

/jffs/nvram/share_link_host

/jffs/wglst

/jffs/.sys

/jffs/.sys/cfg_mnt

/jffs/.sys/cfg_mnt/cfg_dbg.log

/jffs/.sys/nc

/jffs/.sys/nc/nt_db.db

/jffs/.cert

/jffs/openvpn

/jffs/openvpn/vpn_client1_custom3

/jffs/openvpn/vpn_client4_custom3

/jffs/openvpn/vpn_server1_custom3

/jffs/openvpn/vpn_client3_custom3

/jffs/openvpn/vpn_client2_custom3

/jffs/openvpn/vpn_client5_custom3

/jffs/nmp_vc_json.js

/jffs/nvram_war
 
Code: 
username@RT-AX88U-6EB8:/tmp/home/root# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.50.1:49152      0.0.0.0:*               LISTEN      7497/hostapd
tcp        0      0 192.168.50.1:49152      0.0.0.0:*               LISTEN      6586/hostapd
tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN      6489/wanduck
tcp        0      0 127.0.0.1:47753         0.0.0.0:*               LISTEN      4519/mcpd
tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN      4296/smbd
tcp        0      0 192.168.50.1:139        0.0.0.0:*               LISTEN      4296/smbd
tcp        0      0 0.0.0.0:7788            0.0.0.0:*               LISTEN      7361/cfg_server
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      6804/httpd
tcp        0      0 192.168.50.1:80         0.0.0.0:*               LISTEN      6804/httpd
tcp        0      0 0.0.0.0:35761           0.0.0.0:*               LISTEN      4268/miniupnpd
tcp        0      0 0.0.0.0:8082            0.0.0.0:*               LISTEN      16274/lighttpd
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      4381/dnsmasq
tcp        0      0 192.168.50.1:53         0.0.0.0:*               LISTEN      4381/dnsmasq
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      31636/dropbear
tcp        0      0 0.0.0.0:3702            0.0.0.0:*               LISTEN      4400/wsdd2
tcp        0      0 127.0.0.1:55000         0.0.0.0:*               LISTEN      6614/ceventd
tcp        0      0 86.148.206.108:8443     0.0.0.0:*               LISTEN      4252/httpds
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      16274/lighttpd
tcp        0      0 127.0.0.1:8443          0.0.0.0:*               LISTEN      6802/httpds
tcp        0      0 192.168.50.1:8443       0.0.0.0:*               LISTEN      6802/httpds
tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN      4296/smbd
tcp        0      0 192.168.50.1:445        0.0.0.0:*               LISTEN      4296/smbd
tcp        0      0 fe80::aa5e:45ff:feaf:6eb8:139 :::*                    LISTEN      4296/smbd
tcp        0      0 :::80                   :::*                    LISTEN      6804/httpd
tcp        0      0 2a00:23c8:276d:ae00::1:53 :::*                    LISTEN      4381/dnsmasq
tcp        0      0 ::1:53                  :::*                    LISTEN      4381/dnsmasq
tcp        0      0 fe80::aa5e:45ff:feaf:6eb8:53 :::*                    LISTEN      4381/dnsmasq
tcp        0      0 :::22                   :::*                    LISTEN      31636/dropbear
tcp        0      0 :::3702                 :::*                    LISTEN      4400/wsdd2
tcp        0      0 :::8443                 :::*                    LISTEN      4252/httpds
tcp        0      0 :::8443                 :::*                    LISTEN      6802/httpds
tcp        0      0 fe80::aa5e:45ff:feaf:6eb8:445 :::*                    LISTEN      4296/smbd
username@RT-AX88U-6EB8:/tmp/home/root# find /jffs
/jffs
/jffs/scripts
/jffs/cert.tgz
/jffs/wlcnt.json
/jffs/syslog.log
/jffs/syslog.log-1
/jffs/addons
/jffs/ca_files
/jffs/nmp_cl_json.js
/jffs/asd.log
/jffs/.diag
/jffs/asd
/jffs/asd/versionbk
/jffs/.ssh
/jffs/.ssh/dropbear_ecdsa_host_key
/jffs/.ssh/dropbear_ecdsa_host_key.pub
/jffs/.ssh/dropbear_rsa_host_key
/jffs/.ssh/dropbear_ed25519_host_key
/jffs/.ssh/dropbear_rsa_host_key.pub
/jffs/.ssh/dropbear_ed25519_host_key.pub
/jffs/configs
/jffs/usericon
/jffs/usericon/usericon_md5.json
/jffs/nvram
/jffs/nvram/asus_device_list
/jffs/nvram/ipsec_profile_client_1_ext
/jffs/nvram/wl1_rast_static_client
/jffs/nvram/vlan_rulelist
/jffs/nvram/wl1_acs_excl_chans_cfg
/jffs/nvram/MULTIFILTER_DEVICENAME
/jffs/nvram/sta_binding_list
/jffs/nvram/vpn_crt_server_dh
/jffs/nvram/wl_sched_v2
/jffs/nvram/wl1.1_maclist
/jffs/nvram/wl2_acs_excl_chans
/jffs/nvram/ipsec_profile_5_ext
/jffs/nvram/vlan_pvid_list
/jffs/nvram/bwdpi_stream_list
/jffs/nvram/vpn_crt_server_static
/jffs/nvram/vpnc_pptp_options_x_list
/jffs/nvram/wl0_acs_excl_chans
/jffs/nvram/ipsec_profile_client_4_ext
/jffs/nvram/wl0_maclist
/jffs/nvram/wl1.3_maclist
/jffs/nvram/vpn_crt_server_ca
/jffs/nvram/wl_sched
/jffs/nvram/bwdpi_wfh_list
/jffs/nvram/http_oauth_clientlist
/jffs/nvram/MULTIFILTER_MACFILTER_DAYTIME
/jffs/nvram/custom_clientlist
/jffs/nvram/ipsec_profile_2_ext
/jffs/nvram/subnet_rulelist
/jffs/nvram/ig_client_list
/jffs/nvram/ipsec_profile_2
/jffs/nvram/ipsec_profile_client_3
/jffs/nvram/vpn_server2_ccd_val
/jffs/nvram/ipsec_profile_4
/jffs/nvram/url_sched
/jffs/nvram/vpn_crt_server_crl
/jffs/nvram/custom_usericon_del
/jffs/nvram/vpnc_clientlist
/jffs/nvram/vts_rulelist
/jffs/nvram/app_cnonce_list
/jffs/nvram/dhcp_staticlist
/jffs/nvram/wl1_sched
/jffs/nvram/wl0_acs_excl_chans_base
/jffs/nvram/bwdpi_game_list
/jffs/nvram/sr_rulelist
/jffs/nvram/vpn_crt_client_static
/jffs/nvram/ipsec_client_list_1
/jffs/nvram/sshd_authkeys
/jffs/nvram/filter_wllist
/jffs/nvram/vpn_crt_server_client_crt
/jffs/nvram/wtf_rulelist
/jffs/nvram/wl1_maclist_x
/jffs/nvram/vpn_crt_client_ca
/jffs/nvram/wl_acs_excl_chans_dfs
/jffs/nvram/ig_guest_client_list
/jffs/nvram/ipsec_profile_client_2_ext
/jffs/nvram/ipsec_client_list_3
/jffs/nvram/wl1_sched_v2
/jffs/nvram/wl0.1_maclist
/jffs/nvram/pptpd_clientlist
/jffs/nvram/httpd_nonce_list
/jffs/nvram/MULTIFILTER_REWARD
/jffs/nvram/ipsec_client_list_5
/jffs/nvram/nc_setting_conf
/jffs/nvram/wl0.3_maclist
/jffs/nvram/cfg_device_list
/jffs/nvram/wrs_app_rulelist
/jffs/nvram/autofw_rulelist
/jffs/nvram/share_link_param
/jffs/nvram/vpn_server_custom
/jffs/nvram/vpn_crt_client_crl
/jffs/nvram/dns_ping_list
/jffs/nvram/game_vts_rulelist
/jffs/nvram/wl0_acs_excl_chans_valid
/jffs/nvram/OPTUS_MULTIFILTER_MAC
/jffs/nvram/ipsec_profile_4_ext
/jffs/nvram/wl1_chansps
/jffs/nvram/custom_usericon
/jffs/nvram/gvlan_rulelist
/jffs/nvram/keyword_sched
/jffs/nvram/wl_acs_excl_chans_dfs_2
/jffs/nvram/vpn_server1_ccd_val
/jffs/nvram/ipsec_profile_client_2
/jffs/nvram/vpn_crt_server_crt
/jffs/nvram/wl0_rast_static_client
/jffs/nvram/ipsec_profile_client_5_ext
/jffs/nvram/wl0_acs_excl_chans_cfg
/jffs/nvram/vpn_crt_server_key
/jffs/nvram/ipsec_profile_1_ext
/jffs/nvram/wl0_sched
/jffs/nvram/lb_skip_port
/jffs/nvram/wrs_rulelist
/jffs/nvram/wl1_acs_excl_chans
/jffs/nvram/wl1.2_maclist
/jffs/nvram/ipsec_profile_client_5
/jffs/nvram/wl0_maclist_x
/jffs/nvram/ipv6_fw_rulelist
/jffs/nvram/wl0_sched_v2
/jffs/nvram/filter_lwlist
/jffs/nvram/qos_bw_rulelist
/jffs/nvram/vpn_serverx_clientlist
/jffs/nvram/wl1.4_maclist
/jffs/nvram/share_link_result
/jffs/nvram/ipsec_profile_1
/jffs/nvram/oauth_dm_refresh_ticket
/jffs/nvram/url_rulelist
/jffs/nvram/MULTIFILTER_TMP
/jffs/nvram/ipsec_profile_3
/jffs/nvram/vpn_crt_client_crt
/jffs/nvram/wl0.2_gn_wbl_rule
/jffs/nvram/vpn_server_ccd_val
/jffs/nvram/ipsec_profile_5
/jffs/nvram/httpd_captcha_list
/jffs/nvram/ipsec_profile_client_3_ext
/jffs/nvram/wans_routing_rulelist
/jffs/nvram/vpn_crt_client_key
/jffs/nvram/wl_maclist_x
/jffs/nvram/keyword_rulelist
/jffs/nvram/wl1_acs_excl_chans_base
/jffs/nvram/ipsec_profile_client_1
/jffs/nvram/wl_rast_static_client
/jffs/nvram/ipsec_profile_3_ext
/jffs/nvram/wl1_acs_excl_chans_valid
/jffs/nvram/qos_rulelist
/jffs/nvram/ipsec_client_list_2
/jffs/nvram/MULTIFILTER_MACFILTER_DAYTIME_V2
/jffs/nvram/wl1_maclist
/jffs/nvram/wollist
/jffs/nvram/wl_maclist
/jffs/nvram/ipsec_client_list_4
/jffs/nvram/wl0.2_maclist
/jffs/nvram/dnsfilter_rulelist
/jffs/nvram/ipsec_profile_client_4
/jffs/nvram/qos_orates
/jffs/nvram/vpn_crt_server_client_key
/jffs/nvram/wl0.4_maclist
/jffs/nvram/cloud_sync
/jffs/nvram/pptpd_sr_rulelist
/jffs/nvram/MULTIFILTER_MAC
/jffs/nvram/share_link_host
/jffs/wglst
/jffs/.sys
/jffs/.sys/cfg_mnt
/jffs/.sys/cfg_mnt/cfg_dbg.log
/jffs/.sys/nc
/jffs/.sys/nc/nt_db.db
/jffs/.cert
/jffs/openvpn
/jffs/openvpn/vpn_client1_custom3
/jffs/openvpn/vpn_client4_custom3
/jffs/openvpn/vpn_server1_custom3
/jffs/openvpn/vpn_client3_custom3
/jffs/openvpn/vpn_client2_custom3
/jffs/openvpn/vpn_client5_custom3
/jffs/nmp_vc_json.js
/jffs/nvram_war
username@RT-AX88U-6EB8:/tmp/home/root#
 
@bwj Thanks for the output. I can't see any indication of malware. I think your problems lie elsewhere.

P.S. The error you had with ATE was because you mistyped the command.

P.P.S. I suggest you turn off AiCloud unless you really need it. If you can simplify your setup by turning off IPv6 that might help.
 
ColinTaylor said:
@bwj Thanks for the output. I can't see any indication of malware. I think your problems lie elsewhere.

P.S. The error you had with ATE was because you mistyped the command.

P.P.S. I suggest you turn off AiCloud unless you really need it. If you can simplify your setup by turning off IPv6 that might help.
Click to expand...
Thanks how should the ATE command be typed in a Windows CMD box?
 
You must log in or register to reply here.

Similar threads

K
Release ASUS RT-AC66U Firmware version 3.0.0.4.382_52734 (2024/12/03)
Replies
0
Views
763
kjoshj
K
F
Release ASUS RT-AX57 Go Firmware version 3.0.0.6.102_56040 (2024/12/09)
Replies
0
Views
1K
fruitcornbread
F
G
Release ASUS ZenWIFI Pro XT12 Firmware version 3.0.0.6.102_35199 (2024/11/13)
Replies
7
Views
2K
Phillips39
Phillips39
K
Release ASUS RT-BE86U Firmware version 3.0.0.6.102_37174 (2024/11/22)
Replies
1
Views
880
muzykcb
M
B
Release RT-AX86U_Pro : 3.0.0.6.102_34334 2024/11/06
Replies
8
Views
3K
maxbraketorque
M
Similar threads
Thread starter Title Forum Replies Date
A Another weird AX86U issue - but not Malware? - Solved ASUS AX Routers & Adapters (Wi-Fi 6/6e) 5
L ASUS AX88U Pro not working with new Xfinity XB8 that I put in bridge mode ASUS AX Routers & Adapters (Wi-Fi 6/6e) 6
N Asus AX68U Vlan id problem ASUS AX Routers & Adapters (Wi-Fi 6/6e) 0
C 2 Asus Routers ASUS AX Routers & Adapters (Wi-Fi 6/6e) 10
AdCo ASUS RT-AX86U Pro ... and the allusive Guest Network Pro ASUS AX Routers & Adapters (Wi-Fi 6/6e) 12
B Please help:ASUS AXE16000 Router won’t give out 2gb internet speed through Ethernet nor WiFi. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 7
W ASUS ROG Rapture GT-AX6000 dual-band WiFi 6 router - Clients run fine until Android TV box joins the network ASUS AX Routers & Adapters (Wi-Fi 6/6e) 12
utopia Asus ROG Rapture GT6 ax10000 ASUS AX Routers & Adapters (Wi-Fi 6/6e) 1
D Asus rt-ax82u dropping devices ASUS AX Routers & Adapters (Wi-Fi 6/6e) 10
B PS3 Slim Connection Problems on ASUS RT-AX59U (I assume it is because it is a legacy 802.11G device). ASUS AX Routers & Adapters (Wi-Fi 6/6e) 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 927 (members: 11, guests: 916)
Back
Top