When you say root, what exactly do you mean? As in… the root of the entire system in SSH, or just the visible root of your hard drives or folders? Was it found in the Public folder, for example?
This was in the news some few months ago, and you are correct: it could be malware. You could do a search in Google for the PCWorld article, on cryptomining malware in Seagate NAS. Your EX2 should not be having the same problems but, and I’m speculating here, it is possible your ftp or other online accounts may have been compromised because of weak passwords. What does Avast identify the file as? You could probably check with Avast for help too. PS: the Antivirus Essentials app has never been helpful, it just hangs on my NAS, lol.
Removal might be possible if the infection is found on the hard drives themselves. The infected file would probably be hidden somewhere in the Nas_Progs folder and executed on every reboot with a startup script, I think. You could try removing all third party apps and their folders first, to minimize the areas where the malware could hide, or only as a last resort, you could do a full format of the drives + a fresh firmware update, just to be safe. However, if the attacker has your SSH login, then the malware could be hidden elsewhere.
It is also possible that your own computer might be infected, and it could be uploading the file automatically to your NAS each time you connect to it, so please do a check on your system too. Check the timestamp to see when the file was created, modified, etc… which would give you clues as to when it gets replaced on your hard drive, perhaps after a reboot etc. Meanwhile, try to delete the file and lock down all external internet access for the time being… no SSH, no FTP, no MyCloud… change your passwords, adjust the port forwarding settings on your router, and see if the problem still occurs. If all else fails, try contacting support again or get a knowledgeable friend to help.