Jump to content

FreeNas infected?

Scott17818
 Share
Posted

I apparently have contracted a virus into my FreeNAS box. it has replicated this "photo" file which it identifies as a screen saver. it has replicated into almost every single folder in my NAS. something over 2000 1.542KB files. totalling around 3.5-4 gigs. How can I remove all these in one swoop? or am I doomed to have to rebuild my box from scratch? (buy drives, and relocate 3TB of data..)

virus.png

Link to comment
https://linustechtips.com/topic/589730-freenas-infected/
Share on other sites
Link to post
Share on other sites
Posted

I agree with Leadeater.  It's HIGLY unlikely that the FreeNAS machine itself is infected, but that a Windows box on the network that accesses the NAS is infected, it's modifying files on shares it can access and it's doing that to spread itself across your network.  The FreeNAS machine would be clean if it's shared storage was just all erased.

 

...So you have an infected Windows machine, possibly more than one now, panic and deal with that immediately.

Link to comment
https://linustechtips.com/topic/589730-freenas-infected/#findComment-7679307
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, Scott17818 said:

ops also scanned the network attached drives, was able to remove some manually, but they are all over the place. Trojan Bitcoin miners... doubt they actually work on the NAS.. but what a pain...

Those files are on those drives hoping to be accessed by other machines and infect those machines.  It's like how some malware infects USB storage so it can move from system to system over USB.  Only in this case it's hoping to use your network infrastructure to spread around your network.  This is really not the time to be 'relaxed' about this.  You seem to have a serious malware problem on your network.

Link to comment
https://linustechtips.com/topic/589730-freenas-infected/#findComment-7680297
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Scott17818 said:

I'm the only one that uses the FreeNas box.. its not a huge issue, Not a lot of critical software/file on the Nas anyways. 

Ugh, PLEASE don't be so relaxed about this.  You could have other infected machines, other machines with open network shares could be infected, just because they communicated with the infected machine, even though they never communicated with the NAS, your friends networks with open shares could be infected if you bring your laptop or something onto their network.  This thing went through your files under your nose, this is NOT the time to be all half assed about it.

Link to comment
https://linustechtips.com/topic/589730-freenas-infected/#findComment-7680811
Share on other sites
Link to post
Share on other sites
Posted
  • Author

believe me I just scanned, and deleted this from all my computers spent over 3 hours dealing with it on the NAS. as well as checking all our phones for the file/malware. it's been taken care of. so far it has not populated on any scans, and all norton updated scans show clear.

 

Link to comment
https://linustechtips.com/topic/589730-freenas-infected/#findComment-7692471
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×