× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please delete

razvanp
Aspirant

Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please delete

I do have a ReadyNas Ultra 6 - RNDU6000 NAS. It has been upgraded to firmware 6.10.8.

I am getting following message: "Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please delete the infected file soon".

Antivirus has been enabled and it is running.

Does anyone know how to access and clean up the file?

 

Thank you.

Message 1 of 12
Sandshark
Sensei

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de

There is little chance that a Windows virus infected that Linux system file.  It is most likely a false alarm, though you are the first to report it.  Since it's a system file, you definitely don't want to delete it.  You could do an OS re-install, though I'm not 100% sure that will overwrite that file with a fresh one.

Message 2 of 12
StephenB
Guru

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de


@Sandshark wrote:

It is most likely a false alarm, though you are the first to report it. 

@razvanp :

 


@Sandshark wrote:

Since it's a system file, you definitely don't want to delete it.  


/var/cores/core-systemd is a core dump, not a system file.  It is safe to delete anything in /var/cores (but don't delete the folder itself).

Message 3 of 12
razvanp
Aspirant

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de

Thank you @StephenB and @Sandshark. I have reported to the AV company. 

Not sure how to access those folders on the NAS side.

 

Best regards,

Razvan

Message 4 of 12
StephenB
Guru

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de


@razvanp wrote:

Not sure how to access those folders on the NAS side.

 


You'd have to use the ssh (the linux command line).

 

Do you any experience with that?

Message 5 of 12
Sandshark
Sensei

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de

If it's a core dump, then it's unique to your NAS and reporting it will do no good.  It also explains why nobody else has reported it. I still think it's a false alarm, but since it's not executable, it will do no harm no matter what.  I wouldn't think the NAS would keep core dumps forever, though.  Maybe @StephenB knows if they are automatically deleted periodically.

Message 6 of 12
StephenB
Guru

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de


@Sandshark wrote:

Maybe @StephenB knows if they are automatically deleted periodically.


I've seen some old ones on my own systems in the past.  So I suspect they are not automatically deleted.

 

@razvanp :  We can give you step-by-step instructions if you need them.  You could also just ignore the false positive.

Message 7 of 12
razvanp
Aspirant

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de

Thank you @Sandshark. It does make sense. Thank you for following up on this.

Message 8 of 12
razvanp
Aspirant

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de

Hi @StephenB,

 

I did not use ssh in the last 10 years. I do have some experience, but I will need a quick reference guide on how to access the NAS via ssh. I do assume I will need to use the terminal interface on my laptop.

 

Thank you.

Message 9 of 12
razvanp
Aspirant

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de

I would like to at least use ssh and keep an eye on the files in that folder.

 

Thank you.

Message 10 of 12
StephenB
Guru

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de


@razvanp wrote:

 

I did not use ssh in the last 10 years. I do have some experience, but I will need a quick reference guide on how to access the NAS via ssh. I do assume I will need to use the terminal interface on my laptop.

 


The first step is to enable ssh in system->settings->services using the admin web interface. check the box next to "enable password authentication".  You don't need to upload an ssh key file.

 

If you are using the default admin password (which is password) you will need to change it to something else.

 

Then log into the NAS using root as the username and the NAS admin password.

 

If you are using Windows, you can just enter

 

ssh root@nas-ip-address

 

in the windows search bar.

 

On a Mac, open terminal, and enter the same command there.

 

Either way, obviously use the real NAS IP address.  With windows, the first time you do this, you will get a prompt you need to accept in order to allow the connection.  I suspect you will also get that on the mac.

 

Once in, you'd enter

 

cd /var/cores
ls -als *

If you see the core file, then you are in the correct folder.

 

You can delete it with 

rm core-systemd

 

Message 11 of 12
razvanp
Aspirant

Re: Antivirus scanner found a threat ( Win.Worm.VB-5) in the file /var/cores/core-systemd. Please de

Sorry for the delay in response. I was able to ssh and remove the file. I did restart the NAS and monitoring now.

 

Thank you for your support with this.

 

 

Message 12 of 12
Top Contributors
Discussion stats
  • 11 replies
  • 1939 views
  • 0 kudos
  • 3 in conversation
Announcements