Hello
since 1-2 Weeks it run a process on my asustor 608t name: xmr-stack (using everytime 25-75% CPU of my NAS)
i killed the Process with putty (kill -9 PID) but after some hours it come back and use again 25-75% cpu....
what can i do? How can i protect against that? is it really a "mining cpu virus?"
Hope someone can help me....
Mining Virus? xmr-stack [SOLVED]
-
- Posts: 4
- youtube meble na wymiar Warszawa
- Joined: Sun May 13, 2018 8:48 pm
Mining Virus? xmr-stack [SOLVED]
Last edited by gee21 on Tue May 15, 2018 10:07 pm, edited 1 time in total.
-
- Posts: 4
- Joined: Sun May 13, 2018 8:48 pm
Re: Mining Virus? xmr-stack
Hello again
I found the Files today.... it was really a miner.... that used my NAS for mining process....
The Files was Saved in SERVER MAINDIR \tmp\
one file was named with: pools.txt (see attachment) ---> You see the Wallet ID and the Server Adress...
another file was called: xmr-stack
i deleted this files and since then it is all ok on my nas.... Maybe it help someone
I found the Files today.... it was really a miner.... that used my NAS for mining process....
The Files was Saved in SERVER MAINDIR \tmp\
one file was named with: pools.txt (see attachment) ---> You see the Wallet ID and the Server Adress...
another file was called: xmr-stack
i deleted this files and since then it is all ok on my nas.... Maybe it help someone
- Attachments
-
- pools.zip
- (1.08 KiB) Downloaded 567 times
-
- Posts: 52
- Joined: Sun Sep 24, 2017 11:30 pm
Re: Mining Virus? xmr-stack [SOLVED]
You are not the only one infected. I wonder how xmr-stak was installed on your device.
Did you have ADM web interface (ports 8000/8001) accessible from Internet on your NAS? What version of ADM do you have running now?
Did you have ADM web interface (ports 8000/8001) accessible from Internet on your NAS? What version of ADM do you have running now?
-
- Posts: 4
- Joined: Sun May 13, 2018 8:48 pm
Re: Mining Virus? xmr-stack [SOLVED]
yes 8000/8001vitosx wrote:You are not the only one infected. I wonder how xmr-stak was installed on your device.
Did you have ADM web interface (ports 8000/8001) accessible from Internet on your NAS? What version of ADM do you have running now?
adm: 3.1.0.RFQ3
i have closed now the SSH Service for admin and root.
Because he upload /install this miner directly in the maindir of the nas. (i think the maindir is not available in Adm Webinterface? or?)
So maybe he acceess via Putty or similar.
-
- Posts: 52
- Joined: Sun Sep 24, 2017 11:30 pm
Re: Mining Virus? xmr-stack [SOLVED]
If ADM webinterface was compromised somehow, you can't say "maindir is not available". I don't have it publicly accessible over Internet, but that's me.
The 3.1.2 ADM update released today fixes nvradmin account vulnerability, which might be connected to this xmr-stak infection.
The 3.1.2 ADM update released today fixes nvradmin account vulnerability, which might be connected to this xmr-stak infection.