[SECURITY RISK] Your NAS could be infected. Please read.

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply

Are you infected? / Should QNAP make a Security Advisory Announcement? - SELECT TWO OPTIONS

Yes I my NAS has been with this issue.
66
30%
No, I my NAS is not infected
75
34%
Yes, Announcement by QNAP Critical.
73
33%
No, Just contact QNAP issue
4
2%
 
Total votes: 218

dolbyman
Guru
Posts: 15245
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [SECURITY RISK] Your NAS could be infected. Please read.

Post by dolbyman » Tue Oct 22, 2019 10:18 pm

if the notice comes up every night then you still have an active infection..time to wipe it all

if your nas is your backup..then you still have the original files..so no problem

if you don't have the original files..then your nas is not a backup but your primary storage

ncnmra
Know my way around
Posts: 110
Joined: Sun Oct 10, 2010 8:24 am

Re: [SECURITY RISK] Your NAS could be infected. Please read.

Post by ncnmra » Sun Oct 27, 2019 4:35 pm

Just getting back to this. What is the best way to do a full wipe, including DOM?

dolbyman
Guru
Posts: 15245
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [SECURITY RISK] Your NAS could be infected. Please read.

Post by dolbyman » Sun Oct 27, 2019 10:22 pm

google
"qnap firmware recovery"

zeltpsi
Starting out
Posts: 16
Joined: Fri Nov 13, 2009 1:46 pm

Re: [SECURITY RISK] Your NAS could be infected. Please read.

Post by zeltpsi » Fri Nov 01, 2019 12:05 pm

One of my NAS is an older TS809(8-bay). It was infected with the QSNATCH. The Malware prevented any firmware updates, but I was able to manually download the latest firmware to a local drive then install it. This appears to have solved part one. Changed passwords and rebooted. Updated all apps.
Worried that the machine was still not fixed, I found the quoted steps below. Using PUTTY I could SSH to the NAS and run the cleanme.sh. This script found several apps that were infected, and claimed to have fixed them. It then cleaned and installed the "Malware Removal" tool. However, the tool would not run and would hang on "Loading...". I re-ran cleanme.sh, and re-installed the Malware Removal Tool (MRT). No malware was discovered but still the MRT would not run. I tried manual download of the MRT, but still no joy. I started a back up of my data so that I could do wipe-clean of the disks and re-install. But while I was waiting for files to copy, I believe I tried the MRT remove-and-re-install about four more times, and finally it worked. I believe what was happening, was the Malware was re-infecting the machine very rapidly after each clean sequence. On my fourth try, I likely just happened to get the MRT installed and it auto-runs itself (on the fourth try) faster than the malware re-infection. This appears to have removed all traces (fingers crossed).
Changed passwords and rebooted.

I hope this helps someone else !
...Brian
1) Refer the link below and access your NAS by SSH.

https://www.qnap.com/en-uk/how-to/knowl ... nas-by-ssh

2) Execute the command lines over SSH.

# curl https://download.qnap.com/Storage/tsd/u ... cleanme.sh | sh

3) Restart the NAS and re-update the latest firmware manually.

https://www.qnap.com/en/how-to/tutorial ... s-firmware

The latest firmware can be downloaded from https://www.qnap.com/en-uk/download

4) After the latest firmware is re-updated, please change the all users password

5) Restart the NAS and check if all the apps can be updated or not.

ncnmra
Know my way around
Posts: 110
Joined: Sun Oct 10, 2010 8:24 am

Re: [SECURITY RISK] Your NAS could be infected. Please read.

Post by ncnmra » Fri Nov 08, 2019 9:34 pm

zeltpsi,

Please see the thread below. There is a bunch of us fighting with the QSnatch issue:

viewtopic.php?f=50&t=151402&e=1&view=unread#unread

Despite me following the exact same steps as you, my device is repeatedly reinfected. I have since blocked all its access to the internet in hopes that my ISP will not ban me again.

Post Reply

Return to “Users' Corner”