Strange folders and cronjobs

Questions about SNMP, Power, System, Logs, disk, & RAID.
Post Reply
User avatar
OneCD
Ask me anything
Posts: 7805
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Strange folders and cronjobs

Post by OneCD » Sun Sep 23, 2018 3:43 am

somy1982 wrote:What is discord? Not heard of them before......

https://en.wikipedia.org/wiki/Discord_(software)

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage

Mousetick
Easy as a breeze
Posts: 352
Joined: Thu Aug 24, 2017 10:28 pm

Re: Strange folders and cronjobs

Post by Mousetick » Sun Sep 23, 2018 8:03 am

dolbyman wrote:ask OneCD about malware sponsorship by qnap ... we had it too

QNAP is sponsoring malware, really that's going too far now!

I guess you meant censorship? :DD

User avatar
OneCD
Ask me anything
Posts: 7805
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Strange folders and cronjobs

Post by OneCD » Sun Sep 23, 2018 8:05 am

Mousetick wrote:QNAP is sponsoring malware, really that's going too far now!

:lol:

Yes, I assumed "censorship" was the intended word.

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage

dolbyman
Guru
Posts: 19697
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Strange folders and cronjobs

Post by dolbyman » Sun Sep 23, 2018 9:24 am

so yes..censored . my phone autowrecked it

qwertypo
Starting out
Posts: 31
Joined: Sun Jan 17, 2016 11:32 am

Re: Strange folders and cronjobs

Post by qwertypo » Thu Oct 04, 2018 4:20 pm

Same problem here.... encrypted autorun, strange additions to crontab... lots of mysterious new folders. But I want to also mention that MANY of my currently installed programs had been edited with header of encrypted data. I was not using music station, and it doesnt appear installed, but "music station" & "Music Station" were both installed in my .qpkg on 8:28:18 5:23 AM PST
TS-451+ Firmware version 4.2.4 Build 20170313 8GB Ram

robert_m_muench
Getting the hang of things
Posts: 88
Joined: Mon Feb 12, 2018 9:26 pm

Re: Strange folders and cronjobs

Post by robert_m_muench » Sat Oct 13, 2018 8:16 pm

I re-initialized the NAS, so the system folders where all scratched. When setting up the NAS via the setup guide, it seems the old (infected) firmware was still present. I installed the newest firmware, which hence was an upgrade from the old one.

I still see a very strange file re-appearing (see screenshot). So, I think this still indicates that there is an infection present. Or what is this empty file about, that is re-appearing always?

I still think that some binaries where changed, which malware remover doesn't catch.

Re-Initializing the NAS doesn't seem to help to get rid of the infection. How can I totally (I mean nothing is left, totally empty) the NAS?
You do not have the required permissions to view the files attached to this post.
TVS-1282T3
CPU: Intel Core i7-7700 CPU @ 3.60GHz
Memory: 64 GB
2 x Samsung SSD 850 EVO M.2 1TB (M.2 SATA)
2 x Samsung SSD 860 EVO 2TB (SATA)
4 x WDC WD6002FFWX-68TZ4N0 (SATA) (6TB)
4 x Seagate ST12000VN0007-2GS116 (SATA) (12TB)

dolbyman
Guru
Posts: 19697
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Strange folders and cronjobs

Post by dolbyman » Sun Oct 14, 2018 12:13 am

you have to delete your infected autorun.sh
https://wiki.qnap.com/wiki/Running_Your ... at_Startup

as this one survives a full whipe and reinfects your nas

robert_m_muench
Getting the hang of things
Posts: 88
Joined: Mon Feb 12, 2018 9:26 pm

Re: Strange folders and cronjobs

Post by robert_m_muench » Sun Oct 14, 2018 12:22 am

I don't have an autorun.sh, not on the disk and it's not configured to be executed.

That's why I'm a bit lost, to track down what's going on.
TVS-1282T3
CPU: Intel Core i7-7700 CPU @ 3.60GHz
Memory: 64 GB
2 x Samsung SSD 850 EVO M.2 1TB (M.2 SATA)
2 x Samsung SSD 860 EVO 2TB (SATA)
4 x WDC WD6002FFWX-68TZ4N0 (SATA) (6TB)
4 x Seagate ST12000VN0007-2GS116 (SATA) (12TB)

Post Reply

Return to “System & Disk Volume Management”