Page 37 of 39

Re: QSnatch Malware - What to do?

Posted: Mon Sep 07, 2020 2:53 am
by jaysona
AlastairStevenson wrote:
Fri Aug 28, 2020 4:43 pm
While that is true, Alastair was responding specifically to someone, someone that included specifics about their network environment. The mention of UPnP in Alastair's response was completely useless and not applicable in that context, it also demonstrated a lack of knowledge about the environment for which he was responding.

It is far more helpful for people to not respond to things they are unsure of vs just spewing out the typical check-list stuff of things to look at, even when a particular check-list item in not applicable.
Who rattled your cage?
Sure, I hadn't linked the lack of UPnP in OpenWRT, but that's no reason to slag off a response which has applied to so many people who are unaware of the risks of UPnP being enabled by default.

Just chill, OK.
Loolz! It seems like you're the one with the rattled cage. :lol:

There is always room for technically accurate information. You responded to a very specific issue, and provided technically inaccurate information (analogous to telling a person to check the spark plugs when someone says their diesel engine won't start) when specifics were given and got called out for it.

Take the learning experience and move on. :idea:

Re: QSnatch Malware - What to do?

Posted: Mon Sep 07, 2020 3:02 am
by jaysona
maffle wrote:
Fri Sep 04, 2020 3:56 am
That is total nonsense, for several (simple to understand) reasons :-) My question I asked was clear. Someone can answer please, what is the right way to do what I want? Reset my hda and then afterwards re-add my raid. And what you also said is totally WRONG. In this case, did you even read what I said, QOS is on hda, which is not part of the pure data raid. system partition is on HDA (the SSD), not over all disks. I always found the system over all disks way total garbage, that is why I used a single disk just for system, and thats also why I have 1+2 setup. As I said clearly in my post, my NAS was set up with just slot1 the ssd, so system is just on that one, and then later add slot2+3 as pure data raid, which is also encrypted and just mounted manually when I need it.
cat /proc/mdstat will show you all the disks that are being used and how they are being used.

I have two different volumes on one of my 8-bay nas units. 2x1TB for the system and 6x4TB for pure data, yet QTS spreads some partitions across all eight drives.

Code: Select all

Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4] [multipath] 
md2 : active raid5 sdc3[0] sdf3[5] sdg3[4] sdh3[3] sda3[2] sdb3[1]
      19485317120 blocks super 1.0 level 5, 512k chunk, algorithm 2 [6/6] [UUUUUU]
      
md1 : active raid1 sdd3[0] sde3[1]
      966807616 blocks super 1.0 [2/2] [UU]
      
md322 : active raid1 sde5[7](S) sdf5[6](S) sdg5[5](S) sdh5[4](S) sda5[3](S) sdb5[2](S) sdc5[1] sdd5[0]
      7235136 blocks super 1.0 [2/2] [UU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md256 : active raid1 sde2[7](S) sdf2[6](S) sdg2[5](S) sdh2[4](S) sda2[3](S) sdb2[2](S) sdc2[1] sdd2[0]
      530112 blocks super 1.0 [2/2] [UU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md13 : active raid1 sdd4[0] sdg4[69] sdh4[68] sda4[67] sdb4[66] sdc4[65] sdf4[64] sde4[1]
      458880 blocks super 1.0 [64/8] [UUUUUUUU________________________________________________________]
      bitmap: 1/1 pages [4KB], 65536KB chunk

md9 : active raid1 sdd1[0] sdg1[69] sdh1[68] sda1[67] sdb1[66] sdc1[65] sdf1[64] sde1[1]
      530048 blocks super 1.0 [64/8] [UUUUUUUU________________________________________________________]
      bitmap: 1/1 pages [4KB], 65536KB chunk

Re: QSnatch Malware - What to do?

Posted: Wed Sep 09, 2020 2:52 pm
by Pencil3
Yesterday my QNAP was not stating up anymore. The two drives either. Connecting them via an usb adapter to a windows-pc showed that the hdd-motors did not even start turning. So everything is as dead as dead can be. I will not buy such a product anymore.

Re: QSnatch Malware - What to do?

Posted: Wed Sep 09, 2020 8:24 pm
by dolbyman
what does that have to do with qsnatch?

qsnatch is clearly reaponsible for covid19 and the forrest fires in the us though

Re: QSnatch Malware - What to do?

Posted: Thu Sep 17, 2020 1:31 am
by Pencil3
I do not now if it has do with that. But another explanation seems not realistic. The chance that pc and two drives just breakdown and don't start up while the disk were for a few weeks ago in good condition and software was up to date, seems almost impossible without some malicious software issue.
I find such a nas dangerous and worthless.

Re: QSnatch Malware - What to do?

Posted: Thu Sep 17, 2020 1:38 am
by dolbyman
A piece of software will not kill your NAS and drives .. look into a power surge as the possible culprit (got a UPS and surge protector?)

Re: QSnatch Malware - What to do?

Posted: Thu Sep 17, 2020 2:52 am
by jaysona
Pencil3 wrote:
Thu Sep 17, 2020 1:31 am
I do not now if it has do with that. But another explanation seems not realistic. The chance that pc and two drives just breakdown and don't start up while the disk were for a few weeks ago in good condition and software was up to date, seems almost impossible without some malicious software issue.
I find such a nas dangerous and worthless.
You seem to have a misunderstanding of how software and electronics work.

If you have an issue with the PC, NAS issue and hard drives not powering up, you most likely had an issue with the electricity supply from the power utility. Typical malware (especially qsnatch, etc) will not do what you have described.

Re: QSnatch Malware - What to do?

Posted: Fri Sep 18, 2020 7:28 am
by Bimrin
Is the best option to deal with Qsnatch at this point to factory reset and restore from backup? I am a little late to this party, I was able to manually update firmware but still can't access malware remover and I have been reading through this thread and others that it won't necessarily deal with it. I also see that the cleanme.sh script is no longer available. I have everything backed up so I can do the full reset but just checking before I do that.

Re: QSnatch Malware - What to do?

Posted: Fri Sep 18, 2020 9:44 pm
by dolbyman
externally format all disks

do a diskles firmware update (via qfinder)

setup the nas from scratch

restore from backups

Re: QSnatch Malware - What to do?

Posted: Sat Sep 19, 2020 3:44 pm
by Bimrin
dolbyman wrote:
Fri Sep 18, 2020 9:44 pm
externally format all disks

do a diskles firmware update (via qfinder)

setup the nas from scratch

restore from backups
Dolbyman - what do you mean exactly by externally format? Are you recommending pulling the drives and formatting in a different system?

Re: QSnatch Malware - What to do?

Posted: Sat Sep 19, 2020 7:09 pm
by dolbyman
that is correct

either direct connect or via a usb dock

Re: QSnatch Malware - What to do?

Posted: Sun Sep 20, 2020 2:34 am
by Bimrin
@dolbyman - sorry one more question. How likely is qsnatch to infect an attached usb backup drive. Concern being that my backup is an attached 6tb external drive that is synced weekly. It has been attached most of the time the nas was running. Is there a concern that the malware has infected that drive?

Re: QSnatch Malware - What to do?

Posted: Sun Sep 20, 2020 6:47 am
by dolbyman
infected?.probbaly not ..as the drive contains no system volumes

encrypted..maybe

Re: QSnatch Malware - What to do?

Posted: Tue Sep 22, 2020 8:08 am
by Bimrin
Dolby - Any recommendation on just formatting or should I do a full erase? Currently running them through Linux with Erase on and we are at a 14 hour estimate. I did DBAN at first and that was like 35 hours and figured that was a bit of overkill

Re: QSnatch Malware - What to do?

Posted: Tue Sep 22, 2020 8:35 am
by dolbyman
no need for a full earase..just clear the partitions off and a quick format

on windows I would use diskpart with "clean" command