Virus (trojan) on NAS

Options
Oscar
Oscar Posts: 5  Freshman Member
edited April 2019 in Personal Cloud Storage
So I have NAS326 and today it got infected with virus (trojan). I scanned it several times with AV. AV detects virus, removes it, but it instantly comes back. I tried to reset NAS to factory settings, than I deleted Volumes and created new ones and still this virus appears in all folders. How can I format my disks or maybe you can think of another solution? Just have to say I'm a regular user, not into computer science)

#NAS_Apr_2019

All Replies

  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Do you have a name of that trojan?
  • Oscar
    Oscar Posts: 5  Freshman Member
    Options
    Hi! Thanks for response. It says something like killar.dv I tried to get rid of it several times with no success. I just turned NAS off until I get any kind of solution.
  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    I'm sorry. Google doesn't popup anything on that name.

    Having said that, it's unlikely that the NAS itself would spread trojans that way. You may know that a trojan is some piece of useful software, with some malware embedded. You run it because it is a nice game, or something like that, and meanwhile it opens a backdoor for other malware, or something like that.
    The key is that it has to be executed. Assuming that it's a Windows trojan, the NAS cannot execute it. Wrong OS, wrong CPU. And vice versa, if the trojan would target the NAS, (Linux, Arm CPU), it would be harmless for Windows.
    So my guess is that something else (a Windows computer) in your network is infected, and writing copies to all places it can find. Like the shares of your NAS.
  • Oscar
    Oscar Posts: 5  Freshman Member
    Options
    I pretty sure I got this virus after downloading torrent file (directly to NAS). And I scanned my PC several times with 2 different AV (Avast and Malwarebytes) it showed 0 threats. But anyway. Is there a way to format disks in NAS?
  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    And you didn't open that file on a PC. Your PC is the only one in the network?

    Anyway, you can simply delete the volume in the webinterface, and create a new one.
  • Oscar
    Oscar Posts: 5  Freshman Member
    Options
    1.My PC is the only in the network and connected via wi-fi
    2. I deleted volume several times and created new ones, I changed raid type and still it comes back.
  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    2. I deleted volume several times and created new ones, I changed raid type and still it comes back.

    That proves that the NAS is not the source of the malware. OK, not completely, there are some other places where malware could hide on the NAS, except of the data volume. But in that case it would be targeting ZyXEL NASses explicitly.  And if someone would manage to get malware on a NAS, then why reveal yourself by putting something on the shares? The bandwidth, storage and CPU of the NAS are valuable.

    Do you have another device which you can use to maintain that NAS? What if you switch off your PC, and then delete the volume from some other device?

  • Oscar
    Oscar Posts: 5  Freshman Member
    edited April 2019
    Options
    Ok. So I did it this way: switched off pc, than accessed NAS from my laptop, deleted volume and created  a new one. Eventually that trojan thing seems to disappear. Still don't know w_t_f was that. But thanks for helping anyway. Have a good week.

Consumer Product Help Center