NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
mawcasa
Feb 02, 2020Tutor
Antivirus scanner found a threat
Hi,
I have a ReadyNas Rn516, 6 bay running 6.10.2 firmware, with 6 x 8tb hard drives, 4-5 years old (runs well).
Over the last two years having virus notication which i had tech support (level 3) to deal with the problem which would solve problem for a month or so but always return. This is alert message -Antivirus scanner found a threat (Win.Trojan.Agent-6027057-0) in the file /data/Documents/weFmgKVw.exe. Please delete the infected file soon. During the times dealing with level 1 phone support, they said destroy the folder or roll back through snapshot, ok but it keeps coming back and now its weekly and some times daily. The last time the support said turn off antivirus.
Anyone have any ideas on how to fix.
Hi,
Thanks for the information, 2 of 3 macs that i scanned had trojan files (Deleted). Also i thought these file would be on the backup as well, so i deleted backup and started a new backup (To start a fresh) Will monitor more offen
thanks
2 Replies
Replies have been turned off for this discussion
- StephenBGuru - Experienced User
mawcasa wrote:
Antivirus scanner found a threat (Win.Trojan.Agent-6027057-0) in the file /data/Documents/weFmgKVw.exe. Please delete the infected file soon. ... it keeps coming back and now its weekly and some times daily.
You are saying that after you delete this file that it is coming back? If so, likely one of your PCs is infected with malware. So begin by running antimalware scans on them - perhaps beginning with the free MalwareBytes software.
If you are using ReadyCloud or some other means to copy documents from your PCs to the document share, then also see if you can find this file on one of those PCs. That would give you a good idea on where to start looking for the malware.
FWIW, though AV software sometimes does have false positives (telling you something is infected when it isn't), in this case you have an unusual file name for an executable (and executables normally aren't in document folders to begin with). This alone suggests to me that the AV scanner is likely correctly classifying it as a threat. Plus the file keeps coming back after you delete it - which means something (likely malware) is recreating it.
BTW - are you forwarding ports in the router to your NAS? Or perhaps put it into the router's DMZ? If so, please give us more details on that.
- mawcasaTutor
Hi,
Thanks for the information, 2 of 3 macs that i scanned had trojan files (Deleted). Also i thought these file would be on the backup as well, so i deleted backup and started a new backup (To start a fresh) Will monitor more offen
thanks
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!