NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RN10200 – .mars malware infection: please help with suggestions…
Hi, yesterday i noticed that last Saturday the .mars malware had infected the data on my NAS. Unfortunately also the back-up files. I back-up to offline usb in the weekends :-( All my data was encrypted by the virus.
I was able to restore the data with the snapshots. I also disabled all portforwarding on my router to the NAS and disabled services I don’t use on the NAS itself.
Problem is that I’m not sure whether the NAS and my PC is clean now. So any suggestions are welcome.
I use my NAS to back-up mail/documents from my Ubuntu workstation with Grsync. I also copy musicfiles I mostly download from internet from the same workstation to the NAS. And I copy photo’s from my Android mobile using Cx File Explorer to connect to the NAS.
I already scanned the Ubuntu PC with ClamTK and Sophos and even used chrootkit, but nothing was found. Th NAS has the latest firmware installed.
1. Is there anything else I can do to protect my NAS? ;
2. Can I trust the NAS is clean now? And if not, what else should I do? (I prefer not to do a system reset, but if it is necessary I might consider it)
3. Is there anything I can do to find the source of this infection, whether on my Ubuntu PC, the NAS or my mobile?
Thanks in advance.
Jan
3 Replies
Replies have been turned off for this discussion
My understanding is that the main vector of the malware is phishing email messages - so the first machine infected would likely be the one that you use to read email. If you allow remote access (say with ReadyCloud) then the PC might be one of the remote machines that you let access your NAS or home network.
Most of the removal guides I see on-line are focused on Windows (and occasionally MacOS). Are you using either operating system?
Thanks Stephen,
Mail is coming from the Ubuntu workstation and just backupped to the NAS. I will check the mail again, but till now I did not find any infected files.
I might scan my Ipad since in the past I used to copy files from it to the NAS as well.
I don't think I copied or moved any files from my (work) Windowslaptop to the NAS, but a check would do no harm.
I'll post the results.
Jan
JanvdBrink wrote:
I don't think I copied or moved any files from my (work) Windowslaptop to the NAS, but a check would do no harm.
I'll post the results.
If the windows laptop has write access to the NAS then it might be the source of the infection (even though you didn't move files).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
