NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Anti-Virus Plus detects but not removes adware/malware
Hello,
I have a Readynas RN102 with 6.4.1. firmware. I have Anti-Virus Plus installed. Today it started detecting Adware (W32/Adware.DEZV-3749 or NsCPUMiner32.exe) and Bitcoinminer trojan (W64Adware.DEZV-3749 - NsCPUMiner64.exe). Both were hidden in a file called Info.zip.
Because I could not view the files in the web management page / shares (even when viewing hidden files) I changed the Anti-Virus Plus setting to 'Action - Delete' and scheduled a scan. It did scan and found the files, but in the logfiles it keeps saying i should remove the infected file myself.
Any help on:
- the log file: why does it not say whether it removed the file or not
- viewing and deleting the files myself manually
- a specific malware / adware removing app for the ReadyNas
Thanks in advance,
Jan
Ha Kodhee,
Thanks. I always keep my antivirus up to date. So that might be the reason no virus is detected (asuming it was a false detection as well).
I did what you suggested and selected / deselected the files of several maps in which the 'infected' files were located. That was an hour ago and I did not get any message. Neither did my scan I scheduled tonight.
So I'll keep my fingers crossed and do a last check tomorrow morning.
10 Replies
Replies have been turned off for this discussion
Is info.zip still present? I'm not clear from your post.
I think manual deletion is pretty common behavior when the malware is found inside a zip. I don't think it makes sense program to rebuild the zip file.
So that leaves (a) manual removal or (b) deleting the whole zip (good and bad files). (b) could be more destructive than you want.
Hi Steven,
Thanks for the reply. The issue is I just cannot view the info.zip file. Because the scanner detects the file I guess it's present. The good news is that this info.zip file should not be present in the folders. So, íf i can view it, there's no problem deleting it.
My point is that I hoped the scanner would delete the file, but it does not.
Thanks,
Jan
JanvdBrink wrote:
Thanks for the reply. The issue is I just cannot view the info.zip file.
Perhaps it is embedded in another zip file?
It is a bit troubling, you should be able to find it (since the system says it didn't delete it).
We wouldn't delete the whole archive because it has a virus, and we wouldn't go into the archive to delete the virus.
kohdee wrote:
We wouldn't delete the whole archive because it has a virus, and we wouldn't go into the archive to delete the virus.
Makes perfect sense to me, I wouldn't want it any other way.
The fact that the OP can't find info.zip is still a bit odd. Does the scanner work recursively (e.g., scan a zip within a zip).?
Hi, Thank you al for your replies. I did not analyze the issue yesterday, but scheduled a scan (report and block) just now. Strangely enough, I don't get any error message now.
This leaves me with three questions:
- are my data really clean now?
- was there some kind of delay in the previous scan process, in the sense that it still detects virusses etc. if you rerun the scan after a few hours ? Should I wait half a day or so?
- how can I be sure that the scan process has run for real? The standard logging does not mention a scan process has started.
I'll appreciate any comments on this questions. If I don't see any messages from my scan process tomorrow I'll close this discussion,
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
