It is currently Mon May 21, 2018 7:07 am
All times are UTC + 8 hours

Mining Virus? xmr-stack [SOLVED]

This is where you can find the latest ADM official release. Feel free to discuss any questions regarding it here.

Mining Virus? xmr-stack [SOLVED]

Postby gee21 » Sun May 13, 2018 9:00 pm

Hello

since 1-2 Weeks it run a process on my asustor 608t name: xmr-stack (using everytime 25-75% CPU of my NAS)

i killed the Process with putty (kill -9 PID) but after some hours it come back and use again 25-75% cpu....

what can i do? How can i protect against that? is it really a "mining cpu virus?"



Hope someone can help me....
Last edited by gee21 on Tue May 15, 2018 10:07 pm, edited 1 time in total.
gee21
 
Posts: 4
Joined: Sun May 13, 2018 8:48 pm

Re: Mining Virus? xmr-stack

Postby gee21 » Tue May 15, 2018 10:07 pm

Hello again

I found the Files today.... it was really a miner.... that used my NAS for mining process....

The Files was Saved in SERVER MAINDIR \tmp\

one file was named with: pools.txt (see attachment) ---> You see the Wallet ID and the Server Adress...

another file was called: xmr-stack

i deleted this files and since then it is all ok on my nas.... Maybe it help someone
Attachments
pools.zip
(1.08 KiB) Downloaded 3 times
gee21
 
Posts: 4
Joined: Sun May 13, 2018 8:48 pm

Re: Mining Virus? xmr-stack [SOLVED]

Postby vitosx » Wed May 16, 2018 4:42 pm

You are not the only one infected. I wonder how xmr-stak was installed on your device.

Did you have ADM web interface (ports 8000/8001) accessible from Internet on your NAS? What version of ADM do you have running now?
vitosx
 
Posts: 34
Joined: Sun Sep 24, 2017 11:30 pm

Re: Mining Virus? xmr-stack [SOLVED]

Postby gee21 » Thu May 17, 2018 2:28 am

vitosx wrote:You are not the only one infected. I wonder how xmr-stak was installed on your device.

Did you have ADM web interface (ports 8000/8001) accessible from Internet on your NAS? What version of ADM do you have running now?


yes 8000/8001
adm: 3.1.0.RFQ3

i have closed now the SSH Service for admin and root.
Because he upload /install this miner directly in the maindir of the nas. (i think the maindir is not available in Adm Webinterface? or?)

So maybe he acceess via Putty or similar.
gee21
 
Posts: 4
Joined: Sun May 13, 2018 8:48 pm

Re: Mining Virus? xmr-stack [SOLVED]

Postby vitosx » Thu May 17, 2018 3:06 am

If ADM webinterface was compromised somehow, you can't say "maindir is not available". I don't have it publicly accessible over Internet, but that's me.

The 3.1.2 ADM update released today fixes nvradmin account vulnerability, which might be connected to this xmr-stak infection.
vitosx
 
Posts: 34
Joined: Sun Sep 24, 2017 11:30 pm

Return to [Official] For AS-6XX Series

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 2 guests