Synology-Forum.nl
Packages => Officiƫle Packages => Antivirus Essential => Topic gestart door: Runu88 op 15 november 2019, 16:58:20
-
Hallo allemaal,
Mijn antivirusscanner geeft de volgende melding:
Date
1 error scanner Move /root/.cache/.ntp to Quarantine failed. 2019-11-15 16:44:15
2 error scanner Move /root/.cache/.ntp to Quarantine failed. 2019-11-15 16:32:31
3 info scanner Report: 30745 file(s) are scanned, 1 infected file(s) found. Failed to process 1 infected file(s), please check the event log for details 2019-11-13 16:27:33
4 info scanner System Scan Completed 2019-11-13 16:27:33
5 error scanner Move /root/.cache/.ntp to Quarantine failed. 2019-11-13 16:24:12
6 detected scanner /root/.cache/.ntp : Unix.Trojan.Agent-7197109-0 FOUND
2019-11-13 16:24:11
iemand enig idee wat ik hiermee kan doen? Heb ook een screenshot toegevoegd. Heb al via SSH .ntp proberen te verwijderen maar dit laat hij niet toe...
graag jullie hulp :D
-
Ik zou een Ticket inleggen bij Synology.
-
Ga ik meteen doen !
-
Het zal malware zijn die de file steeds weer terug zet via een crontab. Google maar eens op dat pad. De virus definitie is 17 oktober toegevoegd aan AE.
Heb jij ook een "kthrotlds" proces? Dat is het eerste wat ik zo snel vind.
-
Dat proces draait bij mij niet.
heb gegoogled maar kom zo niets relevants tegen. Heb een ticket ingestuurd dus die maar even afwachten tenzij iemand nog andere suggesties heeft ?
-
Je zou nog kunnen kijken of je het pad terug vind in de volgende files:
/var/log/synocrond.log
/var/log/synocrond-execute.log
Zo ja, dan geeft het misschien een verdere clue naar de malware.
-
Had een ticket ingestuurd naar synology. zij hebben op afstand de root/.chache map compleet verwijderd. systeem nu opnieuw gescand en geen bedreigingen meer gevonden. zal de crondlog nog eens gaan bekijken.
Update:
Heb de synocrond log eens bekeken en kon over de .ntp niets vinden. wat me wel opviel is het volgende.
2019-08-06T14:55:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T14:55:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T14:55:12+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T14:56:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T14:56:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T14:56:12+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T14:57:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T14:57:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T14:57:12+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T14:58:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T14:58:12+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T14:58:12+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T14:59:13+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T14:59:13+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T14:59:13+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T15:00:13+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T15:00:13+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T15:00:13+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T15:01:13+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T15:01:13+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T15:01:13+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T15:02:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T15:02:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T15:02:14+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T15:03:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T15:03:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T15:03:14+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T15:04:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T15:04:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T15:04:14+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T15:05:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:143 Fail to sendto() for scemd connector client.
2019-08-06T15:05:14+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:218 Fail to SYNOScemdConnectorClient() for scemd conncetor client
2019-08-06T15:05:14+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet()
2019-08-06T15:07:13+02:00 SynologyRunu synocrond: crondaemon.cpp:276 current runtime: {"jobs":{"builtin-dyn-autopkgupgrade-default":{"cmd_list":["/tmp/synocrond/builtin-dyn-autopkgupgrade-default","chkupgradepkg"],"cmd_str":"/usr/syno/bin/synopkg chkupgradepkg","config":{"assure_execute":168,"cmd":"/usr/syno/bin/synopkg chkupgradepkg","crontab":"~ ~ * * 0,1,2,3,5","expire":24,"expire_action":"skip","name":"builtin-dyn-autopkgupgrade-default","period":"crontab","run_on_passive":false,"user":"root"},"expireTime":0,"lastExecution":1562719245,"schedule":{"Minute":[42],"day":[-1],"hour":[2],"month":[-1],"week":[0,1,2,3,5]},"startup":1530877656},"builtin-dyn-myds-job":{"cmd_list":["/tmp/synocrond/builtin-dyn-myds-job","--report_info"],"cmd_str":"/usr/syno/bin/synomyds --report_info ","config":{"assure_execute":0,"cmd_list":["/usr/syno/bin/synomyds","--report_info"],"crontab":"~ 9~16 * * 1~5","expire":3,"expire_action":"skip","name":"builtin-dyn-myds-job","period":"crontab","run_on_passive":false,"user":"root"},"expireTime":0,"lastExecution":1562137911,"schedule":{"Minute":[24],"day":[-1],"hour":[14],"month":[-1],"week":[5]},"startup":1530877656},"builtin-libhwcontrol-syno_disk_db_update":{"cmd_list":["/tmp/synocrond/builtin-libhwcontrol-syno_disk_db_update"],"cmd_str":"/usr/syno/bin/syno_disk_db_update","config":{"assure_execute":0,"cmd":"/usr/syno/bin/syno_disk_db_update","expire":3,"expire_action":"run","name":"builtin-libhwcontrol-syno_disk_db_update","period":"monthly","run_on_passive":true,"user":"root"},"expireTime":0,"lastExecution":1561048796,"schedule":{"Minute":[27],"day":[25],"hour":[2],"month":[-1],"week":[-1]},"startup":1540837815},"builtin-libhwcontrol-syno_disk_remain_life_check":{"cmd_list":["/tmp/synocrond/builtin-libhwcontrol-syno_disk_remain_life_check"],"cmd_str":"/usr/syno/bin/syno_disk_remain_life_check","config":{"assure_execute":0,"cmd":"/usr/syno/bin/syno_disk_remain_life_check","expire":3,"expire_action":"run","name":"builtin-libhwcontrol-syno_disk_remain_life_check","period":"weekly","run_on_passive":true,"user":"root"},"expireTime":0,"lastExecution":1561976338,"schedule":{"Minute":[21],"day":[-1],"hour":[3],"month":[-1],"week":[4]},"startup":1540837815},"builtin-libhwcontrol-syno_disk_smart_mail_send":{"cmd_list":["/tmp/synocrond/builtin-libhwcontrol-syno_disk_smart_mail_send"],"cmd_str":"/usr/syno/bin/syno_disk_smart_mail_send","config":{"assure_execute":0,"cmd":"/usr/syno/bin/syno_disk_smart_mail_send","crontab":"~ ~ * * 0~3,4~6","expire":3,"expire_action":"run","name":"builtin-libhwcontrol-syno_disk_smart_mail_send","period":"crontab","run_on_passive":true,"user":"root"},"expireTime":0,"lastExecution":1562668775,"schedule":{"Minute":[45],"day":[-1],"hour":[7],"month":[-1],"week":[2,5]},"startup":1540837815},"builtin-libhwcontrol-syno_smart_result_collect":{"cmd_list":["/tmp/synocrond/builtin-libhwcontrol-syno_smart_result_collect"],"cmd_str":"/usr/syno/bin/syno_smart_result_collect","config":{"assure_execute":0,"cmd":"/usr/syno/bin/syno_smart_result_collect","expire":3,"expire_action":"run","name":"builtin-libhwcontrol-syno_smart_result_collect","period":"weekly","run_on_passive":true,"user":"root"},"expireTime":0,"lastExecution":1562614464,"schedule":{"Minute":[4],"day":[-1],"hour":[22],"month":[-1],"week":[1]},"startup":1540837815},"builtin-synodatacollect-udc":{"cmd_list":["/tmp/synocrond/builtin-synodatacollect-udc","udc"],"cmd_str":"/usr/syno/bin/synodatacollect udc ","config":{"assure_execute":0,"cmd_list":["/usr/syno/bin/synodatacollect","udc"],"crontab":"~ ~ * * 0~6","expire":72,"expire_action":"skip","name":"builtin-synodatacollect-udc","period":"crontab","run_on_passive":false,"user":"root"},"expireTime":0,"lastExecution":1562513104,"schedule":{"Minute":[27],"day":[-1],"hour":[14],"month":[-1],"week":[0]},"startup":1530877657},"builtin-synodatacollect-udc-disk":{"cmd_list":["/tmp/synocrond/builtin-synodatacollect-udc-disk","disk"],"cmd_str":"/usr/syno/bin/synodiskdatacollect disk ","config":{"assure_execute":0,"cmd_list":["/usr/syno/bin/synodiskdatacollect","disk"],"crontab":"~ ~ * * 0~6","expire":72,"expire_action":"skip","name":"builtin-synodatacollect-udc-disk","period":"crontab","run_on_passive":false,"user":"root"},"expireTime":0,"lastExecution":1562360495,"schedule":{"Minute":[16],"day":[-1],"hour":[12],"month":[-1],"week":[4]},"startup":1540837743},"builtin-synodiskhealthprediction-syno_disk_data_collector":{"cmd_list":["/tmp/synocrond/builtin-synodiskhealthprediction-syno_disk_data_collector","record"],"cmd_str":"/usr/syno/bin/syno_disk_data_collector record ","config":{"assure_execute":0,"cmd_list":["/usr/syno/bin/syno_disk_data_collector","record"],"expire":8,"expire_action":"skip","name":"builtin-synodiskhealthprediction-syno_disk_data_collector","period":"daily","run_on_passive":true,"user":"root"},"expireTime":0,"lastExecution":1562730827,"schedule":{"Minute":[55],"day":[-1],"hour":[5],"month":[-1],"week":[-1]},"startup":1540837743},"builtin-synodisklatencywriteback-syno_disk_latency_collector_writeback":{"cmd_list":["/tmp/synocrond/builtin-synodisklatencywriteback-syno_disk_latency_collector_writeback","writeback"],"cmd_str":"/usr/syno/bin/syno_disk_latency_collector writeback ","config":{"assure_execute":0,"cmd_list":["/usr/syno/bin/syno_disk_latency_collector","writeback"],"expire":8,"expire_action":"run","name":"builtin-synodisklatencywriteback-syno_disk_latency_collector_writeback","period":"weekly","run_on_passive":true,"user":"root"},"expireTime":0,"lastExecution":1562010665,"schedule":{"Minute":[52],"day":[-1],"hour":[8],"month":[-1],"week":[4]},"startup":1558920338},"builtin-synosharing-default":{"cmd_list":["/tmp/synocrond/builtin-synosharing-default"],"cmd_str":"/usr/syno/bin/synosharingcron","config":{"assure_execute":0,"cmd":"/usr/syno/bin/synosharingcron","crontab":"~ 0~7 * * *","expire":24,"expire_action":"skip","name":"builtin-synosharing-default","period":"crontab","run_on_passive":false,"user":"root"},"expireTime":0,"lastExecution":1562710123,"schedule":{"Minute":[10],"day":[-1],"hour":[0],"month":[-1],"week":[-1]},"startup":1530877657},"pkg-OAuthService-OAuthClenaer":{"cmd_list":["/tmp/synocrond/pkg-OAuthService-OAuthClenaer"],"cmd_str":"/var/packages/OAuthService/target/tools/oauth_cleaner","config":{"assure_execute":0,"cmd":"/var/packages/OAuthService/target/tools/oauth_cleaner","expire":3,"expire_action":"skip","name":"pkg-OAuthService-OAuthClenaer","period":"hourly","run_on_passive":false,"user":"root"},"expireTime":0,"lastExecution":1562776916,"schedule":{"Minute":[41],"day":[-1],"hour":[-1],"month":[-1],"week":[-1]},"startup":1562015783}}}
2019-08-06T15:07:15+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:209 System isn't ready, so cannot get scemd status.
2019-08-06T15:07:15+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet() (No such file or directory)
2019-08-06T15:07:15+02:00 SynologyRunu synocrond: crondaemon.cpp:351 Job builtin-dyn-autopkgupgrade-default is expired assure_execute, force executing. (No such file or directory)
2019-08-06T15:08:15+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:209 System isn't ready, so cannot get scemd status.
2019-08-06T15:08:15+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet() (No such file or directory)
2019-08-06T15:09:15+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:209 System isn't ready, so cannot get scemd status.
2019-08-06T15:09:15+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet() (No such file or directory)
2019-08-06T15:10:15+02:00 SynologyRunu synocrond: scemd_connector/scemd_connector.c:209 System isn't ready, so cannot get scemd status.
2019-08-06T15:10:15+02:00 SynologyRunu synocrond: utils.cpp:73 Fail to SYNOScemdStatusGet() (No such file or directory)
"utils.cpp:73 Fail to SYNOScemdStatusGet()" deze komt erg vaak terug in de log en dateerd helemaal terug tot aan 2016. hij probeert deze taak erg vaak uit te voeren maar kan het niet herleiden. Heb even snel gegoogled maar kan er niets over vinden. Weet iemand wat dit is?
-
Ik zie hem ook in het log, maar dan slechts 1x sinds de laatste roulatie van 4 november. (Ik heb niet naar de oude logs gekeken).
Maar het klopt dat je in het log vaak fouten tegenkomt. Ik vraag me altijd af waarom synology dit niet oplost voor ze een nieuwe release doen. ;)
-
dus niet iets om me zorgen over te maken? bij mij komt hij wel erg vaak voor. zo'n 3x per uur ?
-
Mag hopen, nu niet meer?
-
Uit het engelse Synoforum: scemd = I would call it: Synology Command Execution Management Daemon.
Het programma voert alle DSM-eigen progs uit. Kan het zijn, dat de connector de handshake met Synology voor het doorgeven of verkrijgen van de status probeerde uit te voeren?
-
inmiddels is het gestopt in de synocron.log
gelukkig maar...