This site have been become READ-ONLY mode and no longer accept registrations on 2025 May 1st (GMT+8). Please visit the new official community website: https://community.qnap.com
Hi i just noticed that i got DOVECAT running of tmp folder. after deleting it, it comes back.
is there anything suspicious in here? (where else i can look for traces?)
thanks
I've had the same problem and reported it to Qnap using the link on the page referred to in the previous post. The reply was basically turn everything unnecessary off, change passwords and keep firmware up to date. With all due respect this is very generic advice which I follow anyway.
After further research it seems this is a Bitcoin miner malware. As well as running the CPU at almost maximum there was a constant upload of approx 3 MB/s. Using SSH I found a dovecat folder and dovecat.b64 in the /tmp folder and deleted them both. I then rebooted the NAS and it seemed to be running normally. However it would be good to have some sort of official response that others could refer to.
After a couple of weeks I just discovered dovecat was installed and running again. It's not been picked up by QNAP Malware remover, Antivirus nor McAffee Antivirus which I bought. So I'm at a loss as to what more I can do to stop it.
pgh1949 wrote: ↑Thu Jan 14, 2021 7:54 pm
I've had the same problem and reported it to Qnap using the link on the page referred to in the previous post. The reply was basically turn everything unnecessary off, change passwords and keep firmware up to date. With all due respect this is very generic advice which I follow anyway.
After further research it seems this is a Bitcoin miner malware. As well as running the CPU at almost maximum there was a constant upload of approx 3 MB/s. Using SSH I found a dovecat folder and dovecat.b64 in the /tmp folder and deleted them both. I then rebooted the NAS and it seemed to be running normally. However it would be good to have some sort of official response that others could refer to.
After a couple of weeks I just discovered dovecat was installed and running again. It's not been picked up by QNAP Malware remover, Antivirus nor McAffee Antivirus which I bought. So I'm at a loss as to what more I can do to stop it.
The only sure way to get rid of QNAP malware is to backup the data, destroy the NAS volume(s), perform a firmware recovery of the DOM and then re-initialise the NAS.