- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please delete
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please delete
I do have a ReadyNas Ultra 6 - RNDU6000 NAS. It has been upgraded to firmware 6.10.8.
I am getting following message: "Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please delete the infected file soon".
Antivirus has been enabled and it is running.
Does anyone know how to access and clean up the file?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
There is little chance that a Windows virus infected that Linux system file. It is most likely a false alarm, though you are the first to report it. Since it's a system file, you definitely don't want to delete it. You could do an OS re-install, though I'm not 100% sure that will overwrite that file with a fresh one.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
@Sandshark wrote:
It is most likely a false alarm, though you are the first to report it.
@razvanp :
- You could report it to ClamAV here: https://www.clamav.net/reports/fp
@Sandshark wrote:
Since it's a system file, you definitely don't want to delete it.
/var/cores/core-systemd is a core dump, not a system file. It is safe to delete anything in /var/cores (but don't delete the folder itself).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
Thank you @StephenB and @Sandshark. I have reported to the AV company.
Not sure how to access those folders on the NAS side.
Best regards,
Razvan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
If it's a core dump, then it's unique to your NAS and reporting it will do no good. It also explains why nobody else has reported it. I still think it's a false alarm, but since it's not executable, it will do no harm no matter what. I wouldn't think the NAS would keep core dumps forever, though. Maybe @StephenB knows if they are automatically deleted periodically.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
@Sandshark wrote:
Maybe @StephenB knows if they are automatically deleted periodically.
I've seen some old ones on my own systems in the past. So I suspect they are not automatically deleted.
@razvanp : We can give you step-by-step instructions if you need them. You could also just ignore the false positive.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
Thank you @Sandshark. It does make sense. Thank you for following up on this.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
Hi @StephenB,
I did not use ssh in the last 10 years. I do have some experience, but I will need a quick reference guide on how to access the NAS via ssh. I do assume I will need to use the terminal interface on my laptop.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
I would like to at least use ssh and keep an eye on the files in that folder.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
@razvanp wrote:
I did not use ssh in the last 10 years. I do have some experience, but I will need a quick reference guide on how to access the NAS via ssh. I do assume I will need to use the terminal interface on my laptop.
The first step is to enable ssh in system->settings->services using the admin web interface. check the box next to "enable password authentication". You don't need to upload an ssh key file.
If you are using the default admin password (which is password) you will need to change it to something else.
Then log into the NAS using root as the username and the NAS admin password.
If you are using Windows, you can just enter
ssh root@nas-ip-address
in the windows search bar.
On a Mac, open terminal, and enter the same command there.
Either way, obviously use the real NAS IP address. With windows, the first time you do this, you will get a prompt you need to accept in order to allow the connection. I suspect you will also get that on the mac.
Once in, you'd enter
cd /var/cores
ls -als *
If you see the core file, then you are in the correct folder.
You can delete it with
rm core-systemd
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de
Sorry for the delay in response. I was able to ssh and remove the file. I did restart the NAS and monitoring now.
Thank you for your support with this.