Unknown Thread kthreaddnai

dolbyman · Post by **dolbyman** » Sat Dec 01, 2018 3:58 am

1
and this
https://wiki.qnap.com/wiki/Firmware_Recovery

deakgyuri · Post by **deakgyuri** » Mon Dec 03, 2018 8:43 pm

I have got same infection. Malware found nothing

After restart the process did not started just after few hours.

So I have
- updated to latest firmware
- deleted the files from web directory
- changed every possible password ( admin, phpmyadmin, vpn, etc.. )
- on router which is before the NAS made few rules like incoming traffic dropped automatically expected from few known IP but port 80 it is open ( unfortunately have to leave open )

At the moment I cannot seen this process 4 days now.

I hope I could help...

Vaiolo · Post by **Vaiolo** » Fri Dec 07, 2018 1:47 am

No idea if its the same sh**t.

But mine removed malware remover...

Third QNAP wipe in 6 months.
My configuration was just:

QPVN (openvpn)
the web page unter https in a non standard port.
Official MLDONKEY (not externally mapped)
Cloudlink
No UPNP

So the only mapped ports were the HTTPS for web and OPNVPN.

Just unacceptable

dolbyman · Post by **dolbyman** » Fri Dec 07, 2018 1:52 am

probably the exposed weblogin

why expose that if you already have openVPN in place ?

Vaiolo · Post by **Vaiolo** » Fri Dec 07, 2018 2:32 am

Why a exposed weblogin is considered normal?

dolbyman · Post by **dolbyman** » Fri Dec 07, 2018 2:42 am

No as there is constant security advisories about exploits in the QNAP web server (last week they fixed several and announced it via advisory)

As you can see QNAP's implementation is not hardened enough for WWW exposure.

Also https doesn't help a to prevent this(only helps against credential sniffing,MITM attacks and maybe slowing down DDOS attempts due to handshake negotiations)

Vaiolo · Post by **Vaiolo** » Fri Dec 07, 2018 5:16 am

As a client of QNAP i still consider this unacceptable.

dolbyman · Post by **dolbyman** » Fri Dec 07, 2018 5:29 am

Let them now .. we are only users and QNAP does not read in this forum

josephngary · Post by **josephngary** » Sun May 05, 2019 6:00 pm

just got an email from charter saying one of my computers have been turned into a BOT hitting on targets around the world. upon investigation, i found this self replicating file called 'god' and 'god1' sitting in /web and when scanned, turned out to be a backdoor virus. does anyone here know the best way to find this viruses? malware remover will not detect them. only mcafee (which i have 25 days trial remaining) is cleaning this file then they replace themselves. Now i have setup a virus scanner to occur every **mins and automatically delete any virus.

how did you guys deal with this problem in the past?
@kameha where did you place the script you created?

dolbyman · Post by **dolbyman** » Sun May 05, 2019 9:32 pm

setup the whole nas from scratch...

QNAP NAS Community Forum

Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai

Re: Unknown Thread kthreaddnai