FW upgrade fails after being hacked

BooX · November 21, 2018, 9:45am

Hi

I have a RB2011UiAS on a remote location. It has been hacked and was injecting a mining script on all http traffic.
I was able to restore a backup and delete the script files from the hack and it “seems” to run ok, but I’m not able to update from 6.38.5 neither as autoupdate or by downloading the package and placing the .npk file and reboot.

I know netinstall is the way to go, but this one is in a very remote location so it would be great if anybody had a solution to upgrading using winbox, terminal e.t.c… ?

The log doesn’t show anything after reboot.

Thank you in advance

BooX

fmarais007 · November 21, 2018, 1:52pm

Hi,

I will double check your admin username permissions, as some hackers move this user to the read-only group, and create their own login.
If this is the case then you’ll have to perhaps restore an even earlier backup before this was changed, failing this, then netinstall is the answer.