Windows-related Viruses detected in MacOS Time Machine Backups

Hi Support Community,

SUMMARY:

Massive numbers of viruses are detected on my EX2 Ultra. They appear to be Windows-related… but appear to be detected inside my MacOS TIME MACHINE backups!!

!! UPDATE TO ORIGINAL POST!!
Could ‘Anti Virus Essentials’ simply be reporting False Positives? See post at: h t t p s://forum.avast.com/index.php?topic=145521.0

BACKGROUND:

I use these devices running these software components for backup, security, and malware detection/removal:

My Cloud EX2 Ultra at latest Firmware level
…Anti-virus essentials, latest level
[… I have defined two Shares with passwords… I can access my iTunes Music residing on the NAS, over the internet.]

MacBook Pro at latest MacOS level
…Time Machine Backups running continuously
…Malwarebytes for Mac (latest level)
…Parallels (latest…)
…Win10 (latest…)
…Windows Defender Security Center (latest…)
…Malwarebytes for Win (latest…)

I am generally paranoid about malware infestation. I surf and email ‘safely’. I automatically install updates to critical software daily, if possible.

ISSUE:

I receive anti virus reports like this: 2018-05-16_13-02-23.png

I see these bad-boys listed when I look into my Quarantine file on the NAS after a recent SCAN: 2018-05-28_15-21-46.png

QUESTIONS:

  1. Since these viruses appear to be infecting Time Machine backups… and seem to be Windows-related, why were they not detected by MacOS or Windows anti virus software?

  2. Can anyone hazard a guess as to where these infestations are coming from? (Injected through alleged Back Doors into the NAS OS? Or possibly other sources?)

  3. How can I prevent re-infestation of past Time Machine backups… or of future Time Machine backups?

  4. Is there a feasible solution – short of migrating from MyCloud to Synology?

Please educate me/us!

Thanks!! :sunglasses:

I have been a member here since 2011, and this is the first time I ever saw a report of this. I also have had a similar NAS to yours for a few years, and I run virus scan a few times a year and always the NAS comes up cleam. I do not use torrents nor does anything go into my system that I have not created. I never get files from others.

It is highly improbable that the NAS is the culprit, as it just takes what you give it, but if you feel a Synology will solve your problem, then get one. I rather think the NAS is tainted from some other source.

Hi Mike…

Thx for reply. It so happens that Synology may employ the ANTI VIRUS ESSENTIALS app as well as does Western Digital.

At the site mentioned above, the discussion addresses the SAME issue I discovered with my MyCloudEX2Ultra!!

I don’t know if you use Time Machine to backup a Mac to your WD NAS device… but the ANTI VIRUS ESSENTIALS app seems to be the common element involved.

I will pursue the possibility of ‘false positives’ being reported by the ANTI VIRUS ESSENTIALS app. I will stay with WD technology until I determine the root cause here! :sunglasses:

PS: I just discovered this thread which kinda answers a lot of my questions: https://forum.synology.com/enu/viewtopic.php?f=195&t=87710

I’m just surprised that more WD NAS users have not raised this issue before. Clearly, several Synology NAS users discovered the issue long ago… and may have ferreted out a set of reasonable workarounds. Cheers, WD users!

No, I do not use Time Machine for backup, but why should that affect anything?

I started running a full scan this morning after seeing your message. It has reached 60% complete after running over 6 hours. I will let it run to completing to get results. I usually let it run overnight and it is complete in morning.'I may try to get Norton Security scan it afterwards.All files on NAS are copies of originals stored on other drives, meaning they are not backup-created files

I did see the Synology link, and the comments were interesting and quite dated.

FYI,
Anti-Virus scan completed on my WD DL2100 and the report was “No Virus Found”

Hi Mike, your environment is quite different from mine. I’m happy that you come up Clean when the Western Digital version of AV Essentials (AVE) runs to completion on your NAS Device.

But. Since I’m an IT engineer (retired) I have a theory:

1) Either my AVE correctly ‘catches’ a boatload of viruses that both macOS AND Windows10 AV tools ‘miss’… which reduces my confidence in Mac and Win10 software… and leaves me very concerned about the integrity of my macOS Time Machine backups.

   OR...

2) AVE is ‘mis-identifying’ viruses that don’t actually exist in my Time Machine backup files (‘false positives’)… which reduces my confidence in AVE software and its developers (and by extension, WD software architects and developers)!!

In either case, I am not sleeping well at night… because I don’t know if I should QUARINTINE or DELETE the identified viruses (perhaps hundreds of them) that AVE finds… or cross my fingers and IGNORE the viruses (in my Time Machine backups) and hope the ‘nothing bad has happened/will happen’ and that ‘nothing can go wrong’ in the future when I need to restore my macOS and critical files.

So. I am prolly going to use AVE only for System Scans on my WD NAS… and use a third party AV tool to scan my regular files (the kind you have so many of…), video files, music files, and precious Time Machine backup files.

Yes, the Synology crowd (users and support team) seems to have discovered the problem years ago… and perhaps both the WD incarnation of AVE… and the Synology incarnation of AVE continue to be sub-par tools when confronted with ‘exotic’ file types (e.g., Time Machine backup files) that may contain ‘signatures’ of viruses that don’t actually exist on the NAS.

I must assume the Western Digital crowd just is slower to see and report the AVE issue… for reasons I cannot begin to explain. Cheers. :sunglasses:

I came up with the same conclusion before your reply. That there may be a signature sequence of a virus or two in those processed and encoded Time Machine files that recurs frequently to make it appear you have 100 or more infected files, when there may not be any at all.of a virus.

My NAS is not a backup made by a backup program, its contents are copies of playable media files; the same as the original files. In a sense my copied files are backups, too, just not a processed backup file.

I just had Norton Security check a random ISO (movie) file for viruses, and, of course, it came out clean of any virus. I think the TM processing is causing false positives as you suspect. You could do same with your TM backup by using Norton (or something similar) as well and see what results.

Thanks for confirming some of my thoughts.

Question about Norton: Are you suggesting I can download Norton (or other trusted AV app) to my Mac and simply ‘point’ it to my NAS device and scan it? If so, that would be sweet!

Essentially yes, you can scan one file or many using On-Demand scanning. from Norton Security Deluxe. For example I just scanned one movie file on my NAS yesterday, and today I scanned one folder of 315 mp4 videos. Once installed Norton will protect your PC or Mac with scheduled scans. Not sure if it included the NAS in the list, so if not sure you just use File Explorer, find the file or folder to scan, click on it and in the menu that pops up select Norton Security, and then the Scan Now tab. The 315 files were scanned in less than a minute.

I have used Norton for over 20 years. The best place to buy it is from Amazon. They have a good price for 5 devices license, it costs less than for 3 devices. It also is sold for 10 devices. I buy it each year instead of auto renewal. This is the link at Amazon I bought it from most recently.

https://www.amazon.com/Norton-Security-Deluxe-Device-Download/dp/B015724OVG/ref=sr_1_1_sspa?ie=UTF8&qid=1527703420&sr=8-1-spons&keywords=norton%2Bsecurity%2Bdeluxe&th=1