[VPNFilter] Symantec Releases Tool to Check for VPNFilter Infection

On May 23rd researchers at Cisco discovered an advanced malware, named VPNFilter, which targets routers and Network Attached Storage (NAS) devices in order to steal files, information, and examine network traffic as it flows through the device. More details can be found on the following powersolution.com blog articles:

Symantec has released a tool that will check if your router has been compromised by a specific component used by VPNFilter.

We recommend running this tool to see if your home router has been compromised. If you are a powersolution.com managed IT customer, your Organizations’ network is not susceptible to VPNFilter. If you are not a current customer, we also recommend performing the check from a computer within your organization. Please use the link below to access the tool provided by Symantec.


If Symantec’s tool does indicate that your router is infected, we have compiled a list of instructions to follow below.

How to remove VPNFilter and protect your router or NAS

To completely remove VPNFilter and protect your router from being infected again, you should follow these steps:

  1. Reset Router to Factory Defaults: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
  2. Upgrade to the latest firmware: Linksys * Netgear * TP-Link * Asus * D-Link * Ubiquiti
  3. Change the default admin passwordLinksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
  4. Disable Remote Administration: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti

Please note that resetting your router to factory defaults will remove all settings. You will then need to reconfigure the device from scratch. If this step seems too advanced, at a minimum, steps 2, 3, and 4 should be followed. At this time, it appears that a factory reset is the only way to completely remove the infection, as VPNFilter achieves boot persistence.

  • Advisories from router manufacturers regarding VPNFilter can be found at: Linksys * Netgear * QNAP * TP-Link

If you are not a powersolution.com client and would like to explore how IT Managed Services can secure and support your organization, please contact us at [email protected] or (855) 551-7760 x311.


How is your state of IT? Call Us: (855) 551-7760 with any questions.