NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

mawcasa's avatar
mawcasa
Tutor
Feb 02, 2020
Solved

Antivirus scanner found a threat

Hi,

  I have a ReadyNas Rn516, 6 bay running 6.10.2 firmware, with 6 x 8tb hard drives, 4-5 years old (runs well).

Over the last two years having virus notication which i had tech support (level 3) to deal with the problem which would solve problem for a month or so but always return. This is alert message -Antivirus scanner found a threat (Win.Trojan.Agent-6027057-0) in the file /data/Documents/weFmgKVw.exe. Please delete the infected file soon. During the times dealing with level 1 phone support, they said destroy the folder or roll back through snapshot, ok but it keeps coming back and now its weekly and some times daily. The last time the support said turn off antivirus. 

 Anyone have any ideas on how to fix.

  • Hi,

      Thanks for the information, 2 of 3 macs that i scanned had trojan files (Deleted). Also i thought these file would be on the backup as well, so i deleted backup and started a new backup (To start a fresh) Will monitor more offen

    thanks 

2 Replies

Replies have been turned off for this discussion
  • StephenB's avatar
    StephenB
    Guru - Experienced User

    mawcasa wrote:

    Antivirus scanner found a threat (Win.Trojan.Agent-6027057-0) in the file /data/Documents/weFmgKVw.exe. Please delete the infected file soon.  ... it keeps coming back and now its weekly and some times daily.


    You are saying that after you delete this file that it is coming back? If so, likely one of your PCs is infected with malware.  So begin by running antimalware scans on them - perhaps beginning with the free MalwareBytes software.

     

    If you are using ReadyCloud or some other means to copy documents from your PCs to the document share, then also see if you can find this file on one of those PCs.  That would give you a good idea on where to start looking for the malware.

     

    FWIW, though AV software sometimes does have false positives (telling you something is infected when it isn't), in this case you have an unusual file name for an executable (and executables normally aren't in document folders to begin with). This alone suggests to me that the AV scanner is likely correctly classifying it as a threat.  Plus the file keeps coming back after you delete it - which means something (likely malware) is recreating it.

     

    BTW - are you forwarding ports in the router to your NAS?  Or perhaps put it into the router's DMZ?  If so, please give us more details on that.

     

     

    • mawcasa's avatar
      mawcasa
      Tutor

      Hi,

        Thanks for the information, 2 of 3 macs that i scanned had trojan files (Deleted). Also i thought these file would be on the backup as well, so i deleted backup and started a new backup (To start a fresh) Will monitor more offen

      thanks