It is currently Tue Jan 26, 2021 4:31 am
All times are UTC + 8 hours

High CPU usage after ADM update

High CPU usage after ADM update

Postby sandro_rocha » Thu Mar 26, 2020 12:09 am

Good Morning. After updating the ADM to version 3.4.7.RFO2, my NAS (AS1002T) is experiencing a very high CPU consumption. Anyone else with this problem? What is happening? What is the solution?

I have Docker-ce, Sonarr, Bazarr (container), Deluge, Shell In A Box and Emby installed. In the last version of ADM the CPU was around 25% of use. After the update the CPU is around 85% all the time.

The processes that are active and consuming the most CPU are exe, docker-runc, bluetoothcrtl, runc: [2: init] and procctrl. I don't even know what these processes are. I hadn't noticed them before.
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Postby sandro_rocha » Thu Mar 26, 2020 1:26 am

I had only Docker-ce and Bazarr for Docker installed. With the high CPU usage and the docker-runc and exe processes, which I hadn't seen before, I decided to look at what was running via Docker and, to my surprise, there were two images of Ubuntu and another twenty random images. Everything appeared after updating the ADM. I removed all containers and images leaving only Bazarr. What happened? Do you have an explanation? I didn't install any images other than Bazarr and, until yesterday, there was no other container running.
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Postby YeloMelo » Tue Apr 07, 2020 3:57 am

There is a bitcoin mining virus embedding itself into the Docker app. If you check your processes from within the NAS, you'll find there is something called kdevtmpfsi running - that's usually an indicator that the virus is active. You can delete it from within the Docker container, but it will always re-create itself. There is a chance that by closing all ports you may be able to prevent it from creating itself, but I'm not too sure if it is coming externally or from within Docker.

You'll have to remove Docker unfortunately. Best you could do would be to run a virtual machine with Linux and install Docker there. In my case, it caused my system to corrupt the system config file (probably a buffer overload) causing me to lose a lot of data multiple times.

Check out this link for more details (if you don't trust it, you can search for "Kinsing virus") :
https://www.cointrust.com/bitcoin-news/aqua-security-ambitious-bitcoin-mining-malware-attempting-to-infect-thousands-of-machines-everyday
YeloMelo
 
Posts: 2
Joined: Fri Feb 21, 2020 10:39 pm

Re: High CPU usage after ADM update

Postby sandro_rocha » Sun May 17, 2020 7:08 am

YeloMelo wrote:There is a bitcoin mining virus embedding itself into the Docker app. If you check your processes from within the NAS, you'll find there is something called kdevtmpfsi running - that's usually an indicator that the virus is active. You can delete it from within the Docker container, but it will always re-create itself. There is a chance that by closing all ports you may be able to prevent it from creating itself, but I'm not too sure if it is coming externally or from within Docker.

You'll have to remove Docker unfortunately. Best you could do would be to run a virtual machine with Linux and install Docker there. In my case, it caused my system to corrupt the system config file (probably a buffer overload) causing me to lose a lot of data multiple times.

Check out this link for more details (if you don't trust it, you can search for "Kinsing virus") :
https://www.cointrust.com/bitcoin-news/aqua-security-ambitious-bitcoin-mining-malware-attempting-to-infect-thousands-of-machines-everyday

Hello. I removed the docker and the use of the system returned to normal. But I need an application that only has a version for Docker. How do I remove this "virus" without having to restore the NAS to factory settings?

ps: I looked at the resource manager and there really is a process called "kdevtmpfsi" but I don't know what it is, whether it is harmful, whether it is safe to remove or how to remove it.
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Postby ilike2burnthing » Sun May 17, 2020 8:35 am

Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.

After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr

Use a secure password for it, ADM, and anything else accessible externally.
ilike2burnthing
 
Posts: 138
Joined: Thu Apr 09, 2020 8:01 pm

Re: High CPU usage after ADM update

Postby sandro_rocha » Sun May 17, 2020 9:10 am

ilike2burnthing wrote:Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.

After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr

Use a secure password for it, ADM, and anything else accessible externally.

I installed ClamAV but it does not update the database. An error appears. I reinstalled the docker and Bazarr. In a week I will see if there are other containers running and update the situation. ps: how to manually update ClamAV?
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Postby ilike2burnthing » Sun May 17, 2020 9:36 am

What's the error? Did you port forward it?
ilike2burnthing
 
Posts: 138
Joined: Thu Apr 09, 2020 8:01 pm

Re: High CPU usage after ADM update

Postby sandro_rocha » Mon May 18, 2020 8:51 am

ilike2burnthing wrote:Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.

After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr

Use a secure password for it, ADM, and anything else accessible externally.

I installed ClamAV and manually updated the database. The program reports that it is updated. I scanned the entire system, after 2 hours the antivirus did not scan any files. I did a second test on a folder with only one file and even so, after 10 minutes, the antivirus did not scan anything. The count of scanned files remained at zero. That is, ClamAV available in the app store does not work. Any tips?
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Postby ilike2burnthing » Mon May 18, 2020 11:02 am

Just installed ClamAV, and I'm having the same issue as you.

The update took about 15mins, and when it eventually finished, all scans sit at 0. The clamscan process is running, and happily using half my CPU to do so, but no change after 20mins on a small folder.

The scan logs just show:

Code: Select all
-----------------------------------------------------------------------------


That's it.
ilike2burnthing
 
Posts: 138
Joined: Thu Apr 09, 2020 8:01 pm

Re: High CPU usage after ADM update

Postby sandro_rocha » Mon May 18, 2020 1:02 pm

ilike2burnthing wrote:Just installed ClamAV, and I'm having the same issue as you.

The update took about 15mins, and when it eventually finished, all scans sit at 0. The clamscan process is running, and happily using half my CPU to do so, but no change after 20mins on a small folder.

The scan logs just show:

Code: Select all
-----------------------------------------------------------------------------


That's it.

The same here. I managed to install Bazarr using the source code but it is really counterproductive to be without Docker. I did a test installing only Docker and after a few hours some containers appeared running. I can't say but the Docker available in the NAS app store seems to me to be compromised.
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Return to [Official] For AS10XX Series

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 2 guests