× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: RN42200 Keeps telling me I have trojans in many files,

astro76
Aspirant

RN42200 Keeps telling me I have trojans in many files,

Sorry, my model number is RN42200, I couldnt find  it in the list.

 

About three days ago I started getting allerts from it telling me I had infected files with a trojan. I deleted the two it told me about. But ever day now I m getting allerts telling me I have trojans in files . About 6 yesterday and 1 today.

Any way I can scan it and with what program. How do I get rid of  them? What do I do?

 

Any help or sugestions would be most helful.

Thank you for your time

Model: RN4220X|ReadyNAS 4220 10Gbase-T
Message 1 of 10

Accepted Solutions
astro76
Aspirant

Re: RN42200 Keeps telling me I have trojans in many files,

Just went ahead and did a factory reset.

Malwaerbytes ran test on the files and said they werefalse positive and felt something was going on with my nas becasue it wasnt updating  do to the router issue.

So did a factory reset and moving on.

 

Thank you all for your help.

View solution in original post

Message 7 of 10

All Replies
astro76
Aspirant

Re: RN42200 Keeps telling me I have trojans in many files,

It looks like all the alerts are coming from files with Malwarebytes  .exe.

I also get an alert saying the NAS antivirus fails to update.

 

 

 

Model: RN4220X|ReadyNAS 4220 10Gbase-T
Message 2 of 10
StephenB
Guru

Re: RN42200 Keeps telling me I have trojans in many files,

Have you scanned the NAS shares on a PC?

Message 3 of 10
astro76
Aspirant

Re: RN42200 Keeps telling me I have trojans in many files,

I dont have any. I just drop and drag the files I want on to it. I open the batch file I made to access it and then put what files I want in it. 

Message 4 of 10
StephenB
Guru

Re: RN42200 Keeps telling me I have trojans in many files,


@astro76 wrote:

I dont have any. I just drop and drag the files I want on to it. I open the batch file I made to access it and then put what files I want in it. 


I'm a little confused here.  You mentioned Malwarebytes earlier, and that is a PC malware scanner.  The NAS has it's own antivirus service, and it sounds like you have that turned on - and that it is the NAS software that is generating these alerts.  You also mention that NAS antivirus isn't updating.

 

Do I have the NAS bit correct?  Or is software on your PC (or Mac) detecting the trojans?  How does Malwarebytes fit in?

 

The first thing I'm trying to sort out is whether the files are actually infected, or if the detection is false.   The simplest way to do that is install an Antivirus package on the PC that can scan a network share - first scanning the PC itself, and then scanning one of the shares.  I think the free version of Avast can scan a network share, but I am not certain.  You might need to mount the share as a network drive letter though, if that's the case we can help you do that if needed.

Message 5 of 10
astro76
Aspirant

Re: RN42200 Keeps telling me I have trojans in many files,

Yes you have the NAS bit correct. It's the antivirus thats detecting the trojans. And the Antivirus in the NAS wouldnt update and it is on. I figured out I was having router issues because my printer and security cameras were kicked of line. I power cycled the router and it brought those on line so Im guessing that was the issue there. 
The antivirus is pointing almost all or all detections to a Malwarebytes file.
And it seems it only starts detecting them when I access the NAS. 
 
I have at this time copied files over to an external hard drive and ran Malwarebytes and G Data on the them and nothing was found. But I will try Avast and see what I come up with. 
Right now I'm getting some of the files ready for Malwarbytes to check out. They asked for them in a protected Zip file. 
I think I can map a network drive if needed but will ask for your help if I can't.
 
So if they are false positives , why all of a sudden now after the files have been sitting in there awhile? And what would cause that?
 
Thank you for you time and help, I really appreciate it.
 
And I guess I do have some  share files,  I set readynas up on m sisters laptop so  she could upload pictures to it. I scanned them and nothing was found.
Model: RN4220X|ReadyNAS 4220 10Gbase-T
Message 6 of 10
astro76
Aspirant

Re: RN42200 Keeps telling me I have trojans in many files,

Just went ahead and did a factory reset.

Malwaerbytes ran test on the files and said they werefalse positive and felt something was going on with my nas becasue it wasnt updating  do to the router issue.

So did a factory reset and moving on.

 

Thank you all for your help.

Message 7 of 10
StephenB
Guru

Re: RN42200 Keeps telling me I have trojans in many files,


@astro76 wrote:
 
The antivirus is pointing almost all or all detections to a Malwarebytes file.
 

I don't know what you mean by that.  Are you saying that the file is the malwarebytes installation file?  If not, do you still have the exact message that was in the logs?

 


@astro76 wrote:
 
So if they are false positives , why all of a sudden now after the files have been sitting in there awhile? And what would cause that?
 

False positives aren't uncommon.  Antivirus software looks for specific stuff in the file - you can think of them as "fingerprints".  Those fingerprints are stored in the antivirus definition files.  Sometimes those definitions become too broad, and after you update the antivirus software you get a burst of false positives.

 

Though it's also possible that a real virus infection has hit your local network.  It's very rare for that to start with the ReadyNAS - it's far more likely for a real infection to start from a PC or mobile device.

 


@astro76 wrote: Just went ahead and did a factory reset.
 

I think that was unnecessary (overkill), since you determined that the files weren't infected.   It would have been enough to simply turn off the antivirus on the NAS until we could sort out what was going on with it.  FWIW, I don't have that service enabled on my own NAS, for me it's sufficient to depend on the antivirus software I have running on my PCs.

 


@astro76 wrote: And the Antivirus in the NAS wouldnt update
 

I have seen some issues here with the Antivirus updates - so this might not be related to your router or ReadyNAS setup.  If you see this again, please post the exact text you are seeing.  It's useful to know if the issue is related to updating the antivirus definitions or if it is related to updating the software itself.

 

Is your NAS using the normal DHCP network configuration (getting it's IP address from the router)? Or have you set up a static address in the NAS web UI?  Is ReadyCloud working correctly when you aren't at home?

 

What firmware is running on the ReadyNAS?

 

 

Message 8 of 10
astro76
Aspirant

Re: RN42200 Keeps telling me I have trojans in many files,

Some of the files that it was saying were infected was the   installation file, some were .dll files and , is what I mean is that almost all file s detacted as a trojan were some type of Mailwarebytes file. 

Here is one of like 80 or more mesages :

Antivirus scanner found a threat (Win.Trojan.Generic-6629281-0) in the file /data/home/astrodatai9@gmail.com/Viper/Viper Desktop/Security/mbar/mbamcore.dll. Please delete the infected file soon.

 

Its DHCP. But will be usong static this time around.

 

Thanks for the help

 

 

 

 

Message 9 of 10
StephenB
Guru

Re: RN42200 Keeps telling me I have trojans in many files,


@astro76 wrote:

 

Its DHCP. But will be usong static this time around.

 

I recommend staying with DHCP, but reserving an IP address for your NAS in the router. Most routers support that feature.

 

If you do switch to a static address, make sure you remember to configure at least one DNS server.  That's often overlooked.

 


@astro76 wrote:

Some of the files that it was saying were infected was the   installation file, some were .dll files and , is what I mean is that almost all file s detacted as a trojan were some type of Mailwarebytes file. 

Here is one of like 80 or more mesages :

Antivirus scanner found a threat (Win.Trojan.Generic-6629281-0) in the file /data/home/astrodatai9@gmail.com/Viper/Viper Desktop/Security/mbar/mbamcore.dll. Please delete the infected file soon.

 

I think these are almost certainly false positives.  A good precaution is to run a different AV package on the Viper PC.  Are you seeing any signs of bad behavior on that PC.

 

ClamAV is the provider of the antivirus software on the NAS, and if you think they are false positives you could report them at https://www.clamav.net/reports/fp  There's not much else you can do, other than turn off the AntiVirus service (or remove the files from your NAS).  

 

What error messages are you seeing related to AV updates?

 

 

Message 10 of 10
Top Contributors
Discussion stats
  • 9 replies
  • 1506 views
  • 0 kudos
  • 2 in conversation
Announcements