NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

dabanh_freak's avatar
dabanh_freak
Tutor
Jan 23, 2019

RN214 Plex malware file detected.

Woke up this morning to find a strange warning message from my NAS   Antivirus scanner found a threat (Win.Malware.Triusor-6824994-0 ) in the file /data/.apps/plexmediaserver-an napurna/Binarie...
Netgear Apps & Add-ons
StephenB's avatar
StephenB
Guru - Experienced User
Jan 23, 2019

It's almost certainly a false detection in the antivirus software (there are a couple of posts in the Clam AV forum reporting this).  https://lists.gt.net/clamav/users/74693

 

You could make sure the file is still in /data/.apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/

 

If you access the NAS with file explorer using the NAS admin credentials you can examine /data/.apps.  You do need to either enable viewing of hidden files in the PC, or enter the full path (using the backslash instead of the forward path).  For example, \\nas-ip-address\data\.apps\plexmediaserver-annapurna\Binaries\Resources\Python\lib\python2.7\ensurepip\_bundled

 

If the file isn't there, you'll probably need to disable the antivirus package, and reinstall plex.

jljeeper's avatar
jljeeper
Tutor
Jan 24, 2019

I also got the same exact message thismorning

 

Antivirus scanner found a threat ( Win.Malware.Triusor-6824994-0) in the file /apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl. Please delete the infected file soon

  • Malius's avatar
    Malius
    Aspirant
    Jan 28, 2019

    I have the same message, and one more thing. This afternoon, all three of my disks turned RED in the System>Volumes page, and the Shares page tells me I have no shares. I hope these are unrelated. 

    • StephenB's avatar
      StephenB
      Guru - Experienced User
      Jan 28, 2019
      Malius wrote:

      I hope these are unrelated. 

      I think they are unrelated, as the antivirus error is alreay identified as a false positive in the ClamAV forum (the ReadyNAS AV software is ClamAV),

       

      Have you downloaded the logs and looked at the disk health (disk_info.log)?

      • Malius's avatar
        Malius
        Aspirant
        Jan 28, 2019

        Yes, the disk health is perfect. I'm engaging in a chat support with Netgear, and they tell me that the "md127" or the NAS' data partition is gone.

         

        Apparently the symptoms point to a file system or a "btrfs" issue.

         

        I don't know what the cause coud be. There was no unusual activity -- in fact not much activity at all except for Time Machine backups, which were proceeding without problem. As for the virus, it's probably real, but irrelevant. It is a Windows virus and might pose a risk to hardware on my network, but not the NAS.

         

        Support has been elevated a level or two, and an attempt to rebuild the volume will soon begin.

         

        m

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More