Strange folders and cronjobs

Questions about SNMP, Power, System, Logs, disk, & RAID.
Post Reply
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Strange folders and cronjobs

Post by dolbyman »

so yes..censored . my phone autowrecked it
qwertypo
Starting out
Posts: 31
Joined: Sun Jan 17, 2016 11:32 am

Re: Strange folders and cronjobs

Post by qwertypo »

Same problem here.... encrypted autorun, strange additions to crontab... lots of mysterious new folders. But I want to also mention that MANY of my currently installed programs had been edited with header of encrypted data. I was not using music station, and it doesnt appear installed, but "music station" & "Music Station" were both installed in my .qpkg on 8:28:18 5:23 AM PST
TS-451+ Firmware version 4.2.4 Build 20170313 8GB Ram
robert_m_muench
Getting the hang of things
Posts: 93
Joined: Mon Feb 12, 2018 9:26 pm

Re: Strange folders and cronjobs

Post by robert_m_muench »

I re-initialized the NAS, so the system folders where all scratched. When setting up the NAS via the setup guide, it seems the old (infected) firmware was still present. I installed the newest firmware, which hence was an upgrade from the old one.

I still see a very strange file re-appearing (see screenshot). So, I think this still indicates that there is an infection present. Or what is this empty file about, that is re-appearing always?

I still think that some binaries where changed, which malware remover doesn't catch.

Re-Initializing the NAS doesn't seem to help to get rid of the infection. How can I totally (I mean nothing is left, totally empty) the NAS?
You do not have the required permissions to view the files attached to this post.
TVS-1282T3
CPU: Intel Core i7-7700 CPU @ 3.60GHz
Memory: 64 GB
2 x Samsung SSD 850 EVO M.2 1TB (M.2 SATA)
2 x Samsung SSD 860 EVO 2TB (SATA)
4 x WDC WD6002FFWX-68TZ4N0 (SATA) (6TB)
4 x Seagate ST12000VN0007-2GS116 (SATA) (12TB)
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Strange folders and cronjobs

Post by dolbyman »

you have to delete your infected autorun.sh
https://wiki.qnap.com/wiki/Running_Your ... at_Startup

as this one survives a full whipe and reinfects your nas
robert_m_muench
Getting the hang of things
Posts: 93
Joined: Mon Feb 12, 2018 9:26 pm

Re: Strange folders and cronjobs

Post by robert_m_muench »

I don't have an autorun.sh, not on the disk and it's not configured to be executed.

That's why I'm a bit lost, to track down what's going on.
TVS-1282T3
CPU: Intel Core i7-7700 CPU @ 3.60GHz
Memory: 64 GB
2 x Samsung SSD 850 EVO M.2 1TB (M.2 SATA)
2 x Samsung SSD 860 EVO 2TB (SATA)
4 x WDC WD6002FFWX-68TZ4N0 (SATA) (6TB)
4 x Seagate ST12000VN0007-2GS116 (SATA) (12TB)
Post Reply

Return to “System & Disk Volume Management”