Your NAS is still infected
My NAS was/is also infected.
Everything was up-to-date, only port 443 was open to the world, nothing else.
Myqnapcloud and Cloudlink was enabled. (everything was always set to private) Most of the apps were disabled, but Music Station and Photo Station not. Passwords were long and secure.
Malware Remover cleaned a lot of things, but did not clean everything.
The derek_be_gone script does much more, but it does not clean everything.
A lot of scripts must be still infected, I tried to clean things manually, but my crontab is always rewritten. My hosts file is clean, my uLinux.conf is clean, but the NAS is still infected.
QNAP IS NOT ABLE TO SOLVE THIS PROBLEM!
I submitted a Help Request, but they can not help.
The bad news:
If your NAS was infected, IT IS STILL INFECTED, but you probably don't know about it.
99% of the people do not know, that their NAS is infected.
This problem is huge, people just do not realise how big it is:
- all your data has been stolen (probably)
- all your passwords have been stolen (probably)
- there must be a backdoor, your NAS is probably part of a botnet
DO NOT BUY A QNAP NAS!
Do not use your Qnap NAS as advertised.
Do not open any ports to the internet.
Do not use myqnapcloud and cloudlink.
Do not use the multimedia functions.
IT IS TIME TO PANIC!