Mining Virus? xmr-stack [SOLVED]

This is where you can find the latest ADM official release. Feel free to discuss any questions regarding it here.

Moderator: Lillian.W@AST

Post Reply
gee21
Posts: 4
youtube meble na wymiar Warszawa
Joined: Sun May 13, 2018 8:48 pm

Mining Virus? xmr-stack [SOLVED]

Post by gee21 »

Hello

since 1-2 Weeks it run a process on my asustor 608t name: xmr-stack (using everytime 25-75% CPU of my NAS)

i killed the Process with putty (kill -9 PID) but after some hours it come back and use again 25-75% cpu....

what can i do? How can i protect against that? is it really a "mining cpu virus?"



Hope someone can help me....
Last edited by gee21 on Tue May 15, 2018 10:07 pm, edited 1 time in total.
gee21
Posts: 4
Joined: Sun May 13, 2018 8:48 pm

Re: Mining Virus? xmr-stack

Post by gee21 »

Hello again

I found the Files today.... it was really a miner.... that used my NAS for mining process....

The Files was Saved in SERVER MAINDIR \tmp\

one file was named with: pools.txt (see attachment) ---> You see the Wallet ID and the Server Adress...

another file was called: xmr-stack

i deleted this files and since then it is all ok on my nas.... Maybe it help someone
Attachments
pools.zip
(1.08 KiB) Downloaded 557 times
vitosx
Posts: 52
Joined: Sun Sep 24, 2017 11:30 pm

Re: Mining Virus? xmr-stack [SOLVED]

Post by vitosx »

You are not the only one infected. I wonder how xmr-stak was installed on your device.

Did you have ADM web interface (ports 8000/8001) accessible from Internet on your NAS? What version of ADM do you have running now?
gee21
Posts: 4
Joined: Sun May 13, 2018 8:48 pm

Re: Mining Virus? xmr-stack [SOLVED]

Post by gee21 »

vitosx wrote:You are not the only one infected. I wonder how xmr-stak was installed on your device.

Did you have ADM web interface (ports 8000/8001) accessible from Internet on your NAS? What version of ADM do you have running now?
yes 8000/8001
adm: 3.1.0.RFQ3

i have closed now the SSH Service for admin and root.
Because he upload /install this miner directly in the maindir of the nas. (i think the maindir is not available in Adm Webinterface? or?)

So maybe he acceess via Putty or similar.
vitosx
Posts: 52
Joined: Sun Sep 24, 2017 11:30 pm

Re: Mining Virus? xmr-stack [SOLVED]

Post by vitosx »

If ADM webinterface was compromised somehow, you can't say "maindir is not available". I don't have it publicly accessible over Internet, but that's me.

The 3.1.2 ADM update released today fixes nvradmin account vulnerability, which might be connected to this xmr-stak infection.
Post Reply

Return to “[Official] For AS-60X Series”