Page 5 of 5

Re: Unknown Thread kthreaddnai

Posted: Sat Dec 01, 2018 3:58 am
by dolbyman

Re: Unknown Thread kthreaddnai

Posted: Mon Dec 03, 2018 8:43 pm
by deakgyuri
I have got same infection. Malware found nothing

After restart the process did not started just after few hours.

So I have
- updated to latest firmware
- deleted the files from web directory
- changed every possible password ( admin, phpmyadmin, vpn, etc.. )
- on router which is before the NAS made few rules like incoming traffic dropped automatically expected from few known IP but port 80 it is open ( unfortunately have to leave open )

At the moment I cannot seen this process 4 days now.

I hope I could help...

Re: Unknown Thread kthreaddnai

Posted: Fri Dec 07, 2018 1:47 am
by Vaiolo
No idea if its the same sh**t.

But mine removed malware remover...

Third QNAP wipe in 6 months.
My configuration was just:

QPVN (openvpn)
the web page unter https in a non standard port.
Official MLDONKEY (not externally mapped)
Cloudlink
No UPNP

So the only mapped ports were the HTTPS for web and OPNVPN.

Just unacceptable

Re: Unknown Thread kthreaddnai

Posted: Fri Dec 07, 2018 1:52 am
by dolbyman
probably the exposed weblogin

why expose that if you already have openVPN in place ?

Re: Unknown Thread kthreaddnai

Posted: Fri Dec 07, 2018 2:32 am
by Vaiolo
Why a exposed weblogin is considered normal?

Re: Unknown Thread kthreaddnai

Posted: Fri Dec 07, 2018 2:42 am
by dolbyman
No as there is constant security advisories about exploits in the QNAP web server (last week they fixed several and announced it via advisory)

As you can see QNAP's implementation is not hardened enough for WWW exposure.

Also https doesn't help a to prevent this(only helps against credential sniffing,MITM attacks and maybe slowing down DDOS attempts due to handshake negotiations)

Re: Unknown Thread kthreaddnai

Posted: Fri Dec 07, 2018 5:16 am
by Vaiolo
As a client of QNAP i still consider this unacceptable.

Re: Unknown Thread kthreaddnai

Posted: Fri Dec 07, 2018 5:29 am
by dolbyman
Let them now .. we are only users and QNAP does not read in this forum

Re: Unknown Thread kthreaddnai

Posted: Sun May 05, 2019 6:00 pm
by josephngary
just got an email from charter saying one of my computers have been turned into a BOT hitting on targets around the world. upon investigation, i found this self replicating file called 'god' and 'god1' sitting in /web and when scanned, turned out to be a backdoor virus. does anyone here know the best way to find this viruses? malware remover will not detect them. only mcafee (which i have 25 days trial remaining) is cleaning this file then they replace themselves. Now i have setup a virus scanner to occur every **mins and automatically delete any virus.

how did you guys deal with this problem in the past?
@kameha where did you place the script you created?

Re: Unknown Thread kthreaddnai

Posted: Sun May 05, 2019 9:32 pm
by dolbyman
setup the whole nas from scratch...