Threat Prevention A network trojan was detected

Currently reading
Threat Prevention A network trojan was detected

351
91
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
From my wife's laptop I'm getting this event every minute:

Code:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Crypto Coin Miner Login"; flow:to_server,established; content:"|7b 22|method|22 3a|"; depth:10; fast_pattern; content:"|22|login|22 2c|"; distance:0; within:9; content:"|22|params|22 3a|"; distance:0; within:10; content:"|7b 22|login"; nocase; distance:0; within:8; content:"agent|22 3a|"; nocase; distance:0; metadata: former_category POLICY; reference:md5,d1082e445f932938366a449631b82946; reference:md5,33d7a82fe13c9737a103bcc4a21f9425; reference:md5,ebe1aeb5dd692b222f8cf964e7785a55; classtype:trojan-activity; sid:2022886; rev:3; metadata:affected_product Any, attack_target Client_Endpoint, deployment Perimeter, tag Bitcoin_Miner, signature_severity Audit, created_at 2016_06_09, malware_family CoinMiner, performance_impact Low, updated_at 2017_10_12;)

Should I be worried? Is this a trojan on the laptop? I started antivirus but it says it's ok.
 
351
91
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Yep, monerohash malware found on laptop... Hm.

MB is popping up notification for that trojan every 30 sec.
 
351
91
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Malwarebytes is the best! Cleaned everything. Maybe I need to reconsider my antivirus program and buy Malwarebytes Premium.

Thank you for pointing me to the right direction, Telos.
 

Telos

Subscriber
1,427
489
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
You're welcome. I use Malwarebytes for on-demand scans. I'm not sure I would purchase it for its background protection. But many do.
 

fredbert

Moderator
NAS Support
Subscriber
2,145
868
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Have been using the free Sophos AV for Mac for years, mainly cos it's free and we have friends that use Windows. It's now Sophos Home and free for 3 Macs or 3 PCs. Use a different email account to get another 3. Generally it's been ok and found mail attachments that should have been already blocked as spam.

@wwwampy Good to see your investment in the SRM router has already helped to detect this infection.
 
351
91
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Last edited:
Currently, I'm using F-Secure paid version. Got it from work with license for 3 years. But funny, Malwarebytes found that trojan. No, actually, my router found it first! :)

Yes, I'm cool with RT2600ac. Way better then my previous one and even the wi-fi range is great.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top