The followings are possible symptoms to appear on affected DiskStation and RackStation:
- -Exceptionally high CPU usage detected in Resource Monitor:
CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
-Appearance of non-Synology folder:
An automatically created shared folder with the name “startup”, or a non-Synology folder appearing under the path of “/root/PWNED”
-Redirection of the Web Station:
“Index.php” is redirected to an unexpected page
-Appearance of non-Synology CGI program:
Files with meaningless names exist under the path of “/usr/syno/synoman”
-Appearance of non-Synology script file:
Non-Synology script files, such as “S99p.sh”, appear under the path of “/usr/syno/etc/rc.d”
- -For DiskStation or RackStation running on DSM 4.3, please follow the instruction here to REINSTALL DSM 4.3-3827.
-For DiskStation or RackStation running on DSM 4.0, it’s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center.
-For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it’s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center.
-For other users who haven’t encountered above symptoms, it is recommended to go to DSM > Control Panel > DSM Update page, update to versions above to protect DiskStation from malicious attacks.