- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: RN214 Plex malware file detected.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RN214 Plex malware file detected.
Woke up this morning to find a strange warning message from my NAS
Antivirus scanner found a threat (Win.Malware.Triusor-6824994-0
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
It's almost certainly a false detection in the antivirus software (there are a couple of posts in the Clam AV forum reporting this). https://lists.gt.net/clamav/users/74693
You could make sure the file is still in /data/.apps/plexmediaserver-an
If you access the NAS with file explorer using the NAS admin credentials you can examine /data/.apps. You do need to either enable viewing of hidden files in the PC, or enter the full path (using the backslash instead of the forward path). For example, \\nas-ip-address\data\.apps\plexmediaserver-an
If the file isn't there, you'll probably need to disable the antivirus package, and reinstall plex.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
Antivirus scanner found a threat ( Win.Malware.Triusor-6824994-0) in the file /apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl. Please delete the infected file soon
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
I also got the same exact message thismorning
Antivirus scanner found a threat ( Win.Malware.Triusor-6824994-0) in the file /apps/plexmediaserver-annapurna/Binaries/Resources/Python/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl. Please delete the infected file soon
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
I have the same message, and one more thing. This afternoon, all three of my disks turned RED in the System>Volumes page, and the Shares page tells me I have no shares. I hope these are unrelated.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
@Malius wrote:
I hope these are unrelated.
I think they are unrelated, as the antivirus error is alreay identified as a false positive in the ClamAV forum (the ReadyNAS AV software is ClamAV),
Have you downloaded the logs and looked at the disk health (disk_info.log)?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
Yes, the disk health is perfect. I'm engaging in a chat support with Netgear, and they tell me that the "md127" or the NAS' data partition is gone.
Apparently the symptoms point to a file system or a "btrfs" issue.
I don't know what the cause coud be. There was no unusual activity -- in fact not much activity at all except for Time Machine backups, which were proceeding without problem. As for the virus, it's probably real, but irrelevant. It is a Windows virus and might pose a risk to hardware on my network, but not the NAS.
Support has been elevated a level or two, and an attempt to rebuild the volume will soon begin.
m
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
I have been seeing Antivirus scanner find threats (Doc.Malware.Sagent-6865733-0) for the last 3 days. So far, more than 100 files have been infected, which I have deleted. There seems to be no stopping this. HELP! How do I stop this before it infects every file on my NAS?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN214 Plex malware file detected.
Others are seeing this, so it is likely a false positive (that is, the files probably aren't infected).
Try turning off the NAS Antivirus, and scanning the network shares or the files with a different AV package (something running on a PC). If they pass, then try reporting this issue to ClamAV here: https://www.clamav.net/reports/fp