Yes. None of those files should be on your NAS. So it has been hacked somewhere along the line. That likely didn't happen when you updated it - it's more likely that the problem was there before. The new alerts could be due to an AV definitions update, or possibly a settings change in the AV (maybe it wasn't scanning these folders before).
I'd first change the network configuration to prevent the NAS from reaching the internet. One way to do that is to temporarily enter a static IP address (which can match the address the NAS is using now), but to set the wrong gateway address in the NAS network configuration.
You could then try to fix it with ssh, but I'd consider copying off the files in the shares, doing a factory default, reconfiguring the NAS, and then restoring the files from your backup. Otherwise it is very likely you will miss something, and the virus/malware could come back. Make sure you do a virus/malware scan of the backup (and that the PC that you use for this has real-time protection).
Are you forwarding ports to the NAS? Or putting it in the DMZ of your router? If you are, then stop doing that altogether for now, and then try to sort out exactly how this happened.
