Hey guys, I need help, pls..
I’ve RB951, and need to upgrade OS version, but everytime I uploaded .npk file to upgrade it’s gone auto deleted.
I tried via ftp or drag-n-drop and download form system-packages, all failed cuz .npk file auto deleted
is there any other method to upgrade??
You must upload to the Files menu, not in Packages menu.
Also, I suggest using easier method:
In packages menu click “check for updates”
i have same problem. My routerboard is affected. Everytime i want to upload npk file something like hidden script delete it. If i want to copy no npk file everything is ok. How i can upgrade my router from not rootmenu but folder because it is no problem to upload npk file to public folder?
It happens the same to me too. if I record a photo it does not erase it but if an npk is copied it is automatically deleted
Same problem here, whatever method we’re using to upload the files, it automatically deletes .npk files. At this point you can’t upgrade the router.
We’ve noticed that if you rename the extension, like .npk2 or whatever, it DOESN’t delete the file. Only .npk files are affected.
The routers who have this issue are currently on version 6.34 and 6.34.x.
Any help would be appreciated.
Thanks.
Perhaps some kind of malware. Have you checked scheduler and script entries?
If not, please send supout.rif to support@mikrotik.com with problem description for analysis.
Then, netinstall device to upgrade (you can keep configuration, but check thoroughly before & after update for unknown scripts, schedules and dns servers).
This definitely sounds like malware that is preventing you from patching the router to a secure version. Safest way forward is to fornat / netinstall.
My router has dns problems to navigate. I want to update it and it does not leave me in any way. RouterBOARD 951G-2HnD Firmware Type: ar9344 ver. 3.33 with routerOS: 6.37.1
Please if someone knows how to force an update. thank you already
As @nescafe2002 and @R1CH have suggested abov - google for “mikrotik netinstall” and follow the procedure. But before doing it, generate the supout.rif file and download it; after you successfully netinstall your device, send that file to support@mikrotik.com together with a link to this forum topic.
Netinstall is no problem but my MT is on high tower. Any idea to upgrade it without netinstall?
Wysłane z mojego SM-G955F przy użyciu Tapatalka
Given that any upgrade attempt you take while routeros is already running is sabotaged by the malware which is already running too by that time, I’m afraid you’ll have to climb because netinstall is the only way how not to give the malware a chance to defend itself.
Did any of you solve this? I have the same issue.
Have you tried netinstall? Or is the affected box also too high and/or far to do that?
I understand netinstall doesn’t work if the device is >50 ft off the ground. Does anyone have the support ticket # for that issue? 
is this a bug from Mikrotik OS or a malware, can’ we fixed it without netinstall??
Hello! Are there any updates on this?
I have the same problem and will perform a netinstall soon, but I understand that this wipes all the files system and, with it, the opportunity to know more about this malware. This kind of things really pisses me off and I would really love to help in whatever way I can. I will submit the supout.rtf file,. Is there anything else we can save before wiping it all? Some additional file maybe?
Here are some more details:
- I am currently with version 6.38.4, which I cannot upgrade of course.
- I cannot perform a full export (the command never ends), which I don’t know if is a 6. 38.4 problem or it is related to this malware.
- There was a strage “system” user with full permissions, and our (supposedly) administrator users had only write permissions, which makes me think that this malware created such user and demoted our privileges to limit our options. We discovered this whole thing because we had not permissions to ftp the upgrade packages (despite we were full privileged supposedly! Imagine our faces…) Luckyly, we had backups of our configs, so we reseted to defaults and were able to get back our full privileged user. Despite this, we found that we still cannot do a full export.
Anything else I can add let me know and will gladly provide it. Thanks a lot!
Better address the question directly to support@mikrotik.com. Fellow users cannot know whether Mikrotik’s R&D already has got enough information for analysis of this malware or not yet and I still haven’t identified the criteria based on which gents from support choose which forum topics to react to and which not.
When you still have some control over the device but have problems like described above but the device is mounted outside
of physical reach, you can try this:
- in /system routerboard settings, set the bootmode to “try ethernet once then nand”.
- get the netinstall software ready
- reboot the device
Then you can get the device in netinstall without having to push the button.
Of course you still need access to the indoor end of the cable to connect it to your system running netinstall.
And you may have to temporarily reconfigure that system so you can reach the device on telnet,ssh,webfig or winbox to do the
above config change and reboot.
Hello,
today we performed the reset via Netinstall on the affected device, but unfortunately this malware appears to affect also the sup-out and even the export utility: neither of both commands complete and never return any result, so we could not retrieve such information.
The device seems to be working properly now: things like export, sup-out, uploading .npk files to the root are working now, and even seems to be working faster.
The reply I got from support@mikrotik.com is that I should send the sup-out file, but no updates on the issue itself, so I guess that malware it is still out there and could affect us again.
We have improved some security configurations, but other than that we cannot do much more since there isn’t much more information available about this issu. Only solution seems to be doing the reset via Netinstall. So, if you hit this and you do not have a backup, good luck!
Heraldo.