Woke up this morning to find a strange warning message from my NAS
Antivirus scanner found a threat (Win.Malware.Triusor-6824994-0) in the file /data/.apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl. Please delete the infected file soon.
No idea what this is, first time it has happened. Should I delete the file? Uninstall?
It's almost certainly a false detection in the antivirus software (there are a couple of posts in the Clam AV forum reporting this). https://lists.gt.net/clamav/users/74693
You could make sure the file is still in /data/.apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/
If you access the NAS with file explorer using the NAS admin credentials you can examine /data/.apps. You do need to either enable viewing of hidden files in the PC, or enter the full path (using the backslash instead of the forward path). For example, \\nas-ip-address\data\.apps\plexmediaserver-annapurna\Binaries\Resources\Python\lib\python2.7\ensurepip\_bundled
If the file isn't there, you'll probably need to disable the antivirus package, and reinstall plex.
Antivirus scanner found a threat ( Win.Malware.Triusor-6824994-0) in the file /apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl. Please delete the infected file soon
Antivirus scanner found a threat ( Win.Malware.Triusor-6824994-0) in the file /apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl. Please delete the infected file soon
I have the same message, and one more thing. This afternoon, all three of my disks turned RED in the System>Volumes page, and the Shares page tells me I have no shares. I hope these are unrelated.
Yes, the disk health is perfect. I'm engaging in a chat support with Netgear, and they tell me that the "md127" or the NAS' data partition is gone.
Apparently the symptoms point to a file system or a "btrfs" issue.
I don't know what the cause coud be. There was no unusual activity -- in fact not much activity at all except for Time Machine backups, which were proceeding without problem. As for the virus, it's probably real, but irrelevant. It is a Windows virus and might pose a risk to hardware on my network, but not the NAS.
Support has been elevated a level or two, and an attempt to rebuild the volume will soon begin.
I have been seeing Antivirus scanner find threats (Doc.Malware.Sagent-6865733-0) for the last 3 days. So far, more than 100 files have been infected, which I have deleted. There seems to be no stopping this. HELP! How do I stop this before it infects every file on my NAS?
Others are seeing this, so it is likely a false positive (that is, the files probably aren't infected).
Try turning off the NAS Antivirus, and scanning the network shares or the files with a different AV package (something running on a PC). If they pass, then try reporting this issue to ClamAV here: https://www.clamav.net/reports/fp
