March 20, 201115 yr As of last night everything was working fine with my NAS. I woke up today when i fired up my desktop PC it was unable to connect to the mapped network drive as it has done thousands of times in the past automatically. My next move was to check for issues by connecting to //Tower in my web browser. I was prompt for a password for the first time ever. 'root' did not work either. Next i checked my network to see if Tower was still being picked up, which it was. I do notice that my shares are missing now and only 'disk1' and 'disk2' are there, and i'm able to access them just fine. This is a pretty weird situation for me, what would case shares to go missing and a password to appear on my //Tower page? Maybe the flash drive died, but then would i still be able to access disk1 and disk2 like i am? Any help would be great guys.
March 21, 201115 yr Disconnect the network. Check the console to see if you can shutdown. Alternatively, shutdown by first tapping the power button and if it does not shutdown relatively quickly then hold the power button until power goes off. If this fails then unplug the server. Retrieve your USB flash drive and plug it into your PC. Run the Windows check disk on the USB drive. If you have been hacked you will need remove the password settings on the flash drive. Someone else may have a less paranoid procedure.
March 21, 201115 yr Author Alright i deleted the password files off my flash drive and that did the trick. I had to redo my shares and everything but it's all restored to the way things were before this all took place. I made a backup off the flash drive before deleting anything and compared the files on it to that of a fresh download from the website. Nothing seems out of the ordinary to indicate i was hacked or anything. Though of note there was one file called '!Readme.Exe' at the root of the directory that seemed shady. It has appeared in the past and i deleted it, is this something generated by unRaid or should i assume i've been hacked?
March 21, 201115 yr I have never seen that Readme.EXE, but I'm going to guess that somehow somebody else put that there and you do not want that. Are you allowing external access to your machine.. Meaning did you port forward to it or is your wireless wide open so others can connect? Here is what I found on ReadMe.exe http://www.f-secure.com/v-descs/readme.shtml
March 21, 201115 yr Author Yeah i reset my router ages ago and forgot to reapply wifi security. Awesome. I'm really hoping that this virus tried to spread itself automatically to anything it would find on the network (IE my server) and wasn't discovered by a nearby neighbor who's tech savvy.
Archived
This topic is now archived and is closed to further replies.