NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Dozens of emails about new antivirus threats
Has anyone else started getting tons of email alerts in the past day about new virus threats? I haven't added any files to my NAS for months, but I'm getting several dozen about threats in the following location:
/usr/share/doc/gcc-4.9-base/test-summaries/
I don't think I can access this location via the GUI, so I'm trying to figure out if it's worth my time to get an SSH client up and running to dig into this. I also want to make sure this isn't an error and I'd be deleting legit files...I know the antivirus service hasn't been working for months, and it seems kind of a coincidental that all of a sudden I've got tons of viruses.
7 Replies
Replies have been turned off for this discussion
slavrenz wrote:/usr/share/doc/gcc-4.9-base/test-summaries/
My NAS doesn't show that folder.
root@NAS:/usr/share/doc# ls -als total 0 0 drwxr-xr-x 1 root root 482 Apr 22 01:09 . 0 drwxr-xr-x 1 root root 768 Nov 5 2020 .. 0 drwxr-xr-x 1 root root 16 Apr 30 2019 apt 0 drwxr-xr-x 1 root root 0 Apr 30 2019 apt-transport-https 0 drwxr-xr-x 1 root root 112 Oct 11 2018 ca-certificates 0 drwxr-xr-x 1 root root 156 Apr 30 2019 clamav 0 drwxr-xr-x 1 root root 178 Apr 30 2019 clamav-base 0 drwxr-xr-x 1 root root 156 Apr 30 2019 clamav-daemon 0 drwxr-xr-x 1 root root 222 Apr 30 2019 clamav-freshclam 0 drwxr-xr-x 1 root root 94 Mar 3 07:00 dmidecode 0 drwxr-xr-x 1 root root 114 Feb 5 2017 iperf 0 drwxr-xr-x 1 root root 118 May 26 2017 iperf3 0 drwxr-xr-x 1 root root 0 Apr 30 2019 libapache2-mod-csrf 0 drwxr-xr-x 1 root root 0 Apr 30 2019 libapt-pkg5.0 0 drwxr-xr-x 1 root root 178 Apr 30 2019 libclamav7 0 drwxr-xr-x 1 root root 118 May 26 2017 libiperf0 0 drwxr-xr-x 1 root root 42 Jul 7 13:53 librnimage1 0 drwxr-xr-x 1 root root 0 Mar 24 2017 libusb-0.1-4 0 drwxr-xr-x 1 root root 56 Nov 10 2019 plexmediaserver 0 drwxr-xr-x 1 root root 24 Aug 11 2017 rdbroker 0 drwxr-xr-x 1 root root 0 Jul 2 2019 readynasos 0 drwxr-xr-x 1 root root 24 Jul 7 13:53 readysync 0 drwxr-xr-x 1 root root 42 Jul 7 2018 smbplus 0 drwxr-xr-x 1 root root 164 Jun 8 2017 traceroute 0 drwxr-xr-x 1 root root 0 Oct 24 2017 wsdd2 root@NAS:/usr/share/doc#
What firmware are you running?
Was SSH enabled before, and used to install gcc?
I expect these are false alarms, but probably worth checking with ssh, and seeing how gcc got installed in the first place.
What is gcc? These aren't system files then, I take it?
I'm currently running the latest firmware - I think it's 6.10 Hotfix 1 or something like that.
I had previously SSH'd into the NAS some years back in preparation for doing some more intensive work - I wanted to try and get a Calibre server up and running - but I never went as far as actually doing anything other than establishing the SSH connection.
One other point - the same threat keeps coming up in the emails - it's called "Heuristic.XZ.DicSizeLimit". This sounds like a very generic/benign threat, where maybe it's being flagged due to an unusually large file size and nothing else. Would that be an accurate read of the situation?
slavrenz wrote:
What is gcc?
gcc is a C compiler. https://gcc.gnu.org/
What apps are installed on your NAS???
Is your NAS open to the internet (ports forwarded, etc)?
slavrenz wrote:
What is gcc? These aren't system files then, I take it?
Note it's not installed at all on my system. But I don't think this folder normally contains any executable files.
I think the first question is to figure out what installed it.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
