Malware alert help

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
KarlInOz
Starting out
Posts: 11
Joined: Tue Nov 07, 2017 12:03 pm

Re: Malware alert help

Post by KarlInOz » Fri Aug 30, 2019 10:24 am

I had the same notification in my logs yesterday morning. I have submitted a ticket to QNAP asking where to get further information.

I have noticed something else interesting in the logs that has been happening since the day before I had the malware infection notice: I have the scanner set for daily at 3:00AM and up to the 28th August the logs show e.g:
Severity Level Date Time Users Source IP Application Category Content
Information 2019/08/21 03:01:00 System 127.0.0.1 Malware Remover General [Malware Remover] Scan completed.
Information 2019/08/21 03:00:03 System 127.0.0.1 Malware Remover General [Malware Remover] Started scanning.

But on 28 August I had an additional series of entries at 23:05 -
Severity Level Date Time Users Source IP Application Category Content
Information 2019/08/28 23:06:25 System 127.0.0.1 Malware Remover General [Malware Remover] Scan completed.
Information 2019/08/28 23:05:20 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] System started running malware scan.
Information 2019/08/28 23:05:20 System 127.0.0.1 Malware Remover General [Malware Remover] Started scanning.

I have no idea where this 23:00 scheduled scan comes from as I had not changed the schedule. Then the next entries are for the next 3:00AM scan -
Severity Level Date Time Users Source IP Application Category Content
Information 2019/08/29 03:00:55 System 127.0.0.1 Malware Remover General [Malware Remover] Scan completed.
Information 2019/08/29 03:00:02 System 127.0.0.1 Malware Remover General [Malware Remover] Started scanning.

and then the next 23:00 scan shows the infection -
Severity Level Date Time Users Source IP Application Category Content
Information 2019/08/29 23:06:49 System 127.0.0.1 Malware Remover General [Malware Remover] Scan completed.
Warning 2019/08/29 23:05:39 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Change all user account passwords immediately, update QTS and all applications to the latest versions, and restart the NAS.
Warning 2019/08/29 23:05:39 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Restart NAS and update all apps in 'App Center' > 'My Apps' > 'Install Updates'.

Information 2019/08/29 23:05:30 System 127.0.0.1 Malware Remover General [Malware Remover] Started scanning.
Information 2019/08/29 23:05:30 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] System started running malware scan.

It's very odd that this 23:00 scan started coming out of nowhere.
Model:TS-453 Pro
Current firmware version:4.3.6.0993

forbrich
New here
Posts: 7
Joined: Tue Apr 18, 2017 11:39 pm

Re: Malware alert help

Post by forbrich » Fri Aug 30, 2019 11:08 am

Adding myself to the list of those who received this message.

As a sysadmin, it is quite upsetting to read that files were removed without being advised which one(s). The log needs to include that info, at the least for troubleshooting.

/Hans

User avatar
peelos
Easy as a breeze
Posts: 422
Joined: Sun Jun 26, 2016 9:28 pm

Re: Malware alert help

Post by peelos » Fri Aug 30, 2019 12:43 pm

got exactly the same error message on TVS 1282 running 4.3.6.0979 also firewalled and hidden behind a VPN from Internet Access (no port forwarding,etc)

what a useless error message - makes one paranoid without giving any detailed information to verify if it is a false positive
TVS-1282-i7K-40G / 4 x 500Gb SSD 2.5" / 2 x 500Gb M.2 SSD / 8 x 4Tb WD Red / Corsiar H5-SF Watercooling / 3 x 80mm PWM Noctua fans / Corsair 600W PSU / Asus Turbo GTX 1060 6GB GPU

KarlInOz
Starting out
Posts: 11
Joined: Tue Nov 07, 2017 12:03 pm

Re: Malware alert help

Post by KarlInOz » Fri Aug 30, 2019 1:17 pm

So I just got a reply from QNAP support saying "This function is currently not supported yet." - reporting on what files were affected. They said they have added my voice to a feature request but that it can take a long time for feature requests to become reality. I informed them that it was a feature on 11 June when I did receive a notification from the tool of what files were affected.
They gave no word on whether last night's message was a false positive.
Model:TS-453 Pro
Current firmware version:4.3.6.0993

Proggie
Starting out
Posts: 32
Joined: Tue Nov 02, 2010 9:56 am

Re: Malware alert help

Post by Proggie » Fri Aug 30, 2019 2:33 pm

I got the same messages also during a check that is not on my regular scheduled time. What's even stranger is that I rebooted, changed my passwords, updated a couple apps (OS was already latest 4.3.3) and a scan completed successfully and then an hour later after the original warnings I got the exact same warnings again! WTF?
TS-419P 4.3.3.0998

User avatar
Josvls
Starting out
Posts: 13
Joined: Thu Apr 26, 2018 2:15 am

Re: Malware alert help

Post by Josvls » Fri Aug 30, 2019 3:53 pm

Same here. Maybe a faulty antimalware signature?

jelv1
New here
Posts: 4
Joined: Wed Nov 11, 2015 12:19 am

Re: Malware alert help

Post by jelv1 » Fri Aug 30, 2019 4:23 pm

I keep getting the same three messages in the log (three times so far). Each time when I go to the application centre there is a different application needing updating. This morning it is Cloud Backup Sync.

Current version is V2.1.670 (installation date 2019/08/29). It wants to update to V2.1.671 which was apparently released 2019/07/16. Looking at the change log there is no mention of version 2.1.670. But 671 says "Added support for code signing".

My guess is that they have made a mess of code signing for the applications and we are going to have to work through updating them until they get all the signing right

domuhe
New here
Posts: 8
Joined: Mon May 17, 2010 5:36 pm

Re: Malware alert help

Post by domuhe » Fri Aug 30, 2019 5:26 pm

Same here on a QNAP behind firewall and no access from the Internet.

User avatar
Jägerschnitzel
Starting out
Posts: 24
Joined: Tue Apr 10, 2012 8:03 pm

Re: Malware alert help

Post by Jägerschnitzel » Fri Aug 30, 2019 6:37 pm

As per the QNAP support it's a false positive. deinstalling and Reinstalling malware remover should do the trick.

QNAPs response to me was in German thus I translated it to the above :DD ...
TS-853A and TS-419P+

catogtp
Starting out
Posts: 20
Joined: Sun Mar 06, 2011 8:13 am

Re: Malware alert help

Post by catogtp » Fri Aug 30, 2019 7:24 pm

Had the alerts yesterday on a TS-439 Pro II+ Firmware: 4.2.6(20190629)
I did a firmware update to 4.2.6(20190730) and app update and it sent the three alerts two more times nearly back to back. I woke up this morning and had the three alerts again from the scheduled scan. There was also another cloud backup sync update waiting for me as well.
Uninstalled and reinstalled the Malware Remover. Hopefully that does the trick.

dr_jon
Know my way around
Posts: 222
Joined: Thu Feb 10, 2011 10:03 pm
Location: West London

Re: Malware alert help

Post by dr_jon » Fri Aug 30, 2019 9:33 pm

Me too, TS419P+ NAS with no Internet connection, put in a ticket yesterday, was up to 2am with this... :-(

(The TS453A and TS253A are still okay, but don't have Cloud Backup installed.)
TS-453A, TS-253A, TS-419P+, not a fan of the new network config app...

tjakobi
First post
Posts: 1
Joined: Sun Oct 22, 2017 7:31 pm

Re: Malware alert help

Post by tjakobi » Fri Aug 30, 2019 10:04 pm

Same here, TS219p, TVS682, both behind VPN, both don't even have cloud link installed.

Got the notice at a different time than the usual scan during the night. Rebooting and updating does not seem to help, after each reboot the message comes up again.

Vortax
Starting out
Posts: 27
Joined: Fri Aug 03, 2018 5:11 pm

Re: Malware alert help

Post by Vortax » Fri Aug 30, 2019 10:14 pm

tjakobi wrote:
Fri Aug 30, 2019 10:04 pm
Same here, TS219p, TVS682, both behind VPN, both don't even have cloud link installed.

Got the notice at a different time than the usual scan during the night. Rebooting and updating does not seem to help, after each reboot the message comes up again.
Someone before said that QNAP TS recommend uninstalling and reinstalling malware remover.

Can you try to uninstall, reboot, and reinstall to see if warning disappear?

User avatar
Maba
Know my way around
Posts: 144
Joined: Tue Apr 21, 2009 12:30 am

Re: Malware alert help

Post by Maba » Fri Aug 30, 2019 10:55 pm

same here too on ts 659 pro II ....
this nas was on internet (website) two years ago ... now because of EOL it cannot be accessed by internet (only lan / no vpn ).

After a reboot, message disappear.

I hope it's false positive !

User avatar
Josvls
Starting out
Posts: 13
Joined: Thu Apr 26, 2018 2:15 am

Re: Malware alert help

Post by Josvls » Fri Aug 30, 2019 11:00 pm

Jägerschnitzel wrote:As per the QNAP support it's a false positive. deinstalling and Reinstalling malware remover should do the trick.

QNAPs response to me was in German thus I translated it to the above :DD ...
I just tried it. Doesn’t work.

Post Reply

Return to “Miscellaneous”