Malware alert help

[damian_g]

same here:

"Warning 2019/08/29 21:39:09 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Change all user account passwords immediately, update QTS and all applications to the latest versions, and restart the NAS.
"Warning 2019/08/29 21:39:09 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Restart NAS and update all apps in 'App Center' > 'My Apps' > 'Install Updates'"

All my apps were already on the latest versions. I opened a ticket with support but I haven't heard anything back yet. I've been on QTS 4.3.6.0993 since it was released in July...

D

[FSC830]

Just my experience:

Sunday night my backup NAS (TS859, latest v4.2.6) powers on, did running all backup jobs and -no surprise - reports the "high risk malware detected..." message.
To still curiousity I isolated my 2nd backup NAS (same model and FW, same apps) via a switch and connected a PC. Afterwards I did power on, wait a hour and power off the 2nd NAS several times, as expected without any message.
Finally I connected the 2nd NAS back to the LAN and did a power on: same result as NAS#1, "high risk malware...."
At both NAS an application update was reported for music station and photo station, even this apps have been disabled!
After updating both apps the malware alert did not occur again.
Because I do not use these apps I deinstalled them.

My suspicion: any outdated app will be reported as a "high risk malware". Annoying, that MR does not provide any detailed information about the suspected malware.
And more annoying that QNAP causes a lot of puzzled and scared users... I am for sure they will never earn a "heros at work" award!

So stay calm if any MR messsage appears. Do not ignore such messages, but think about the possibilty and if there is more evidence for a malware.

regards

[rpfleging]

TS-451+ 4.3.6.1040 (20190820)
The first scheduled run after the firmware update I got the same message. I rebooted and all has been well since. I expect as others that the firmware update had some issues since it is not available on the website. My question is should I roll back to 4.3.6.0993?

[FSC830]

As long as you do not encounter any problems with this version - keep it.
Other users reported they have had trouble with SMB connections and have been forced to downgrade to fix their issue.
But if all is running in your case there is no need for a downgrade.

Regards

[homeuser2019]

Well, looks like I spoke too soon. Over the weekend the same "malware" notification popped up on my NAS again

Noticed there is an update for the cloud backup sync app this morning, updated it and ran another scan just a second ago. No notifications/errors

[dr_jon]

Rather annoyingly the ticket I started for this has disappeared. It isn't in the list of open or resolved tickets... the direct link they sent me for it gives:
"Sorry, we couldn't find the ticket you requested or you do not have permission to view it."
Seems distinctly unprofessional... unless I'm missing something... which seems unlikely as my old issue is still in the resolved list, so presumably I'm all logged in okay.

[Turbo_112]

I have the same notification with the malware.
But the log is strange. Only a malware scan after booting the Nas gives the errror.
A scheduling scan after a boot-scan didn't give the notification in the logs. Then its clean, but after restart there is the notification again.

[Proggie]

I have the same notification with the malware.
But the log is strange. Only a malware scan after booting the Nas gives the errror.
A scheduling scan after a boot-scan didn't give the notification in the logs. Then its clean, but after restart there is the notification again.

That's how it was for me too. I removed the malware app and reinstalled it and now no longer get the warnings.


Sent from my iPhone using Tapatalk

[damian_g]

i just did the recommended reinstall and no more warnings. I did not reboot...

[robert_m_muench]

Besides that I have the same problem, I'm really ** how QNAP handles security problems and how they try to mitigate them.

This MR tool sounds like a good joke to me... instead of spending time on such a naive approach, either get some OS tools onboard that can scan systems (there are some) and harden the QTS system by default. No new features only focus on hardening this thing. That would help much more.

[TecJoe]

Adding myself to the list:

Since the forelast firmware update in August strange alert messages (see above) popped up only on my TS-253A, the 439 Pro (other FW-Build) wasn't reporting anything from MalwareRemover all of the time. So I categorized them myself as false positives, but turned down the cloudlink immediately, did NOT change any passwords and observed the NAS closely for two weeks now. I never found anything strange when browsing the logs and connecting via ssh. I checked for hosts & crontab entries and files like .liveupdate.sh from the eCh0raix-Hack in february and so on. I read lots of Forum-threads about cleaning the NAS but myself did not run any of the cleanme-scripts from QNAP.

After i performed the most recent firmware updates yesterday on both machines, even after the necessary reboot there were no more messages from MalwareRemover besides "started... and completed" . So I turned the cloudlink on again today and turned on access-logging as well. I guess i was right categorizing it as false positive warnings in the first place. So watch out before you reinstall your NAS or run stupid scripts designed for cleaning ancient malware. They can't be of much help for really actual malware, as those guys can read the forum posts quite as you do, and they should be much quicker in re-engineering their attack-software then QNAP-Engineers will ever be.

So stay awake and think twice before you patch!

Warning 2019/09/08 15:00:09 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Change all user account passwords immediately, update QTS and all applications to the latest versions, and restart the NAS.
Warning 2019/09/08 15:00:09 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Restart NAS and update all apps in 'App Center' > 'My Apps' > 'Install Updates'.
Warning 2019/08/30 00:34:47 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Change all user account passwords immediately, update QTS and all applications to the latest versions, and restart the NAS.
Warning 2019/08/30 00:34:46 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Restart NAS and update all apps in 'App Center' > 'My Apps' > 'Install Updates'.
Warning 2019/08/29 17:04:08 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Restart NAS and update all apps in 'App Center' > 'My Apps' > 'Install Updates'.
Warning 2019/08/29 17:04:08 System 127.0.0.1 Malware Remover Malware Removal [Malware Remover] Removed high-risk malware. Change all user account passwords immediately, update QTS and all applications to the latest versions, and restart the NAS.

[Lutzpime]

I had the same 3 messages/alerts 2 Days ago. My Ts253Be was shut down for a week or so with the latestet updates for os and apps to this time. After the boot i updated the malware remover and the video station to the latest version via the qmanager on android and i got this 3 messages/alerts. Even the alert i should change the password for qnap ID, which i didnt use. I started a second scan an the malware remover doesnt found something. Can i assume, that it was also an false positive!?

[oleg]

Severity Level Date Time Users Source IP Application Category Content
Error 2019/10/28 00:00:54 System 127.0.0.1 Malware Remover General [Malware Remover] Failed to start scanning. Error code: 126.

and

Severity Level Date Time Users Source IP Application Category Content
Warning 2019/10/28 00:17:02 System 127.0.0.1 Antivirus Settings [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Manually update doesn't work also.

How reslove this?

QTS: 4.4.1.1101

[dolbyman]

could be this


viewtopic.php?f=50&t=151402

[oleg]

Severity Level Date Time Users Source IP Application Category Content
Error 2019/10/28 00:00:54 System 127.0.0.1 Malware Remover General [Malware Remover] Failed to start scanning. Error code: 126.

How reslove this?

QTS: 4.4.1.1101

Reinstalling this application helped, although earlier on previous versions of QTS the problem remained.

Antivirus cannot be updated either automatically or manually (