A process called "dedpma" might be messing with my NAS and I can't find any info on it, any clues?

[vincent086]

Checking the Resource Monitor and I see a process called "dedpma" running under the "System Processes". It's using a fair chunk of CPU and RAM, google returns no info about it.

Connected via SSH and found 2 processes running from the /tmp directory by the httpdusr. Deleted the file and killed the processes, NAS seems back to normal, ran antivirus and malware remover scan, nothing. Few hours later and it's back. When running my NAS seems sluggish.

Also had a process called "dovecat" doing the same thing. Took the same actions and that one hasn't come back so far.

I changed my password recently(ish) and have 2 factor enabled.

Any idea what this could be or how to get rid of it for good?

[dolbyman]

I guess you were hacked...2fa does nothing against exploits

kill your nas and restore from backups...then never expose it to wan again

[vincent086]

Well that **. I was hoping I took all the steps to make that chance next to none.
I'm in another country but do have a laptop I can remote into so that could be useful. Will try and restore from an older backup, fingers crossed it works.

[dolbyman]

to reinit the nas:

take all drives out
format all drives
do a diskless firmware update
reinstall the nas with the disks inserted
restore your backups

if you need to access the nas from outside your lan, run a vpn server on your router/firewall/vpn appliance

[vincent086]

Thanks for the tip.
Best I can do is resorting from a backup using the web UI at the moment. Did that and it seems everything is back to normal.

In a few months when I get back, I'll do it properly. Gotta find somewhere to put the 8TB of data since the drives will be wiped.