Jump to content
  • 0
Sign in to follow this  
barnabe

Pb mise à jour suite à un malware (resolu)

Question

Bonjour

J'avais un malware que malware remover a supprimé voici les logs :

[Malware Remover] Removed malicious file or folder. Path: /tmp/config//K01ZJAHmpwZa.sh.

<28>1 2018-12-05T11:36:09+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Malware Remover] Removed malicious file or folder. Path: /tmp/config//nlcwxZQGebxdv.

<28>1 2018-12-05T11:36:10+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Malware Remover] Repaired infected file or folder. Name: /share/CACHEDEV1_DATA/.FwJeuzhyci/IRuuvUCPRswo.sh

<28>1 2018-12-05T11:36:30+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Malware Remover] Repaired infected file or folder. Name: /share/CACHEDEV1_DATA/.FwJeuzhyci/IRuuvUCPRswo.sh

<28>1 2018-12-05T11:36:34+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Malware Remover] Repaired infected file or folder. Name: /tmp/config/autorun.sh

<28>1 2018-12-05T11:36:35+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Panel > Hardware.] Detected malware in autorun.sh. You must disable user-defined processes in "Control Panel" > "Hardware".

<28>1 2018-12-05T11:36:37+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Malware Remover] Removed malicious file or folder. Path: /home/httpd/cgi-bin/iscsi_lun_settings.cgi.

<28>1 2018-12-05T11:36:37+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Malware Remover] Removed malicious file or folder. Path: /home/httpd/cgi-bin/QPKG_RSS.cgi.

<28>1 2018-12-05T11:36:49+01:00 ….. qlogd 17298 - - qlogd[17298]: event log: Users: System, Source IP: 127.0.0.1, Computer name: localhost, Content: [Malware Remover] Removed malware. You must restart the NAS.

 

A ce jour j'ai toujours un problème de mise à jour.

Il faut que je le lance une fois malware remover pour pouvoir accéder au mise à jour et au bout de quelques heures je n'ai de nouveau plus accès au mise à jour.

J'ai réinitialisé le qnap  avec les 3 solutions proposées mais cela n'a pas résolu mon problème et j'ai l'impression que j'ai encore des traces 

 

Merci d'avance de votre aide

 

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Bonjour, avez-vous toujours votre détection de malware ?

J'ai le même problème; scan de détection puis reboot et toujours détection après.

Assistance de Qnap ma dit d'exécuté le script:

 "curl https://download.qnap.com/Storage/tsd/utility/derek-be-gone.sh | sh" sous console de commande avec putty mais toujours pareil après.

J'ai vidé mes disques puis enlevé mes disques du nas, j'ai installé avec  Qfinger la plus vieille version du firmeware de mon nas puis j'ai réinstallé la dernière version puis remise mes disques après les avoir reformatés dans un PC.

Mais toujours détection de malware !? Je ne sais pas quoi faire d'autre.

Share this post


Link to post
Share on other sites
  • 0

Bonjour,  je sollicite de l'aide; mes derniers log au boot de ce matin sont:

"64","Warning","2019-04-15","08:11:15","System","127.0.0.1","localhost","[Malware Remover] Removed malware. You must restart the NAS."
"63","Warning","2019-04-15","08:11:14","System","127.0.0.1","localhost","[Malware Remover] Detected high-risk malware. To maintain system security, change all user account passwords immediately."
"62","Warning","2019-04-15","08:11:08","System","127.0.0.1","localhost","[Malware Remover] Repaired infected file or folder. Name: /tmp/config//autorun.sh"
"61","Warning","2019-04-15","08:11:04","System","127.0.0.1","localhost","[Malware Remover] Repaired infected file or folder. Name: /tmp/config/autorun.sh"
"60","Warning","2019-04-15","08:10:47","System","127.0.0.1","localhost","[Malware Remover] Repaired infected file or folder. Name: /tmp/config/K01ECFRlpquP.sh"
"59","Warning","2019-04-15","08:10:47","System","127.0.0.1","localhost","[Malware Remover] Repaired infected file or folder. Name: /tmp/config/autorun.sh"
"58","Warning","2019-04-15","08:10:44","System","127.0.0.1","localhost","[Malware Remover] Repaired infected file or folder. Name: /tmp/config/autorun.sh"
"57","Warning","2019-04-15","08:10:39","System","127.0.0.1","localhost","[Malware Remover] Repaired infected file or folder. Name: /tmp/config/K01ECFRlpquP.sh"
"56","Warning","2019-04-15","08:10:39","System","127.0.0.1","localhost","[Malware Remover] Repaired infected file or folder. Name: /tmp/config/autorun.sh"
"55","Information","2019-04-15","08:10:37","System","127.0.0.1","localhost","[Malware Remover] Started scanning."

C'est un faux positif ? (avec putty si je vais dans tmp/config "ls -a" me dit que le dossier est vide ?)

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×