TerraMaster Official Forum


https://forum.terra-master.com/en/

How to check if your TNAS is attacked by the Deadbolt ransomware?

https://forum.terra-master.com/en/viewtopic.php?t=3057

Page 1 of 1

How to check if your TNAS is attacked by the Deadbolt ransomware?

Posted: 07 Mar 2022, 19:46
by TMSupport
How to check if your TNAS is attacked by the Deadbolt ransomware?

Method 1:
Enter the TNAS IP in the browser address bar. If the following page appears on the login interface, it means that your TNAS has been attacked by the Deadbolt ransomware.
Image

Method 2:
1. Log in to the SSH terminal
2. Execute the command to check if there are files with the word "Dead".

Code: Select all

ls -lh /usr/bin/dead-tool
3. Execute the command to check if there are files with the word "dead-tool、pty10、qnx".

Code: Select all

cat /etc/crontabs/root
Image

After executing the command, if you see a file with the words "Dead, dead-tool, pty10, qnx", it indicate that your TNAS has been attacked by Deadbolt ransomware. Please refer to the guide to remove the virus.

Re: How to check if your TNAS is attacked by the Deadbolt ransomware?

Posted: 07 Mar 2022, 22:17
by V8Triker
Apologies, but your second screenshot can cause confusion.

It shows a system that is NOT infected, yet the following statement suggests it would indicate that it is infected.

Re: How to check if your TNAS is attacked by the Deadbolt ransomware?

Posted: 08 Mar 2022, 09:31
by TMSupport
{L_BUTTON_AT}V8Triker

Sorry to confuse you, the second image just demonstrates the execution steps of the command.

Re: How to check if your TNAS is attacked by the Deadbolt ransomware?

Posted: 08 Mar 2022, 16:36
by V8Triker
@TMSupport

It did not confuse me, but it may confuse others :)

Thank you for posting this, though.
It is good to be able to confirm that my system is Deadbolt free.
All times are UTC+08:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited