High CPU usage after ADM update

Moderator: Lillian.W@AST

Post Reply
sandro_rocha
Posts: 76
youtube meble na wymiar Warszawa
Joined: Wed Feb 05, 2020 10:49 am

High CPU usage after ADM update

Post by sandro_rocha »

Good Morning. After updating the ADM to version 3.4.7.RFO2, my NAS (AS1002T) is experiencing a very high CPU consumption. Anyone else with this problem? What is happening? What is the solution?

I have Docker-ce, Sonarr, Bazarr (container), Deluge, Shell In A Box and Emby installed. In the last version of ADM the CPU was around 25% of use. After the update the CPU is around 85% all the time.

The processes that are active and consuming the most CPU are exe, docker-runc, bluetoothcrtl, runc: [2: init] and procctrl. I don't even know what these processes are. I hadn't noticed them before.
sandro_rocha
Posts: 76
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Post by sandro_rocha »

I had only Docker-ce and Bazarr for Docker installed. With the high CPU usage and the docker-runc and exe processes, which I hadn't seen before, I decided to look at what was running via Docker and, to my surprise, there were two images of Ubuntu and another twenty random images. Everything appeared after updating the ADM. I removed all containers and images leaving only Bazarr. What happened? Do you have an explanation? I didn't install any images other than Bazarr and, until yesterday, there was no other container running.
YeloMelo
Posts: 2
Joined: Fri Feb 21, 2020 10:39 pm

Re: High CPU usage after ADM update

Post by YeloMelo »

There is a bitcoin mining virus embedding itself into the Docker app. If you check your processes from within the NAS, you'll find there is something called kdevtmpfsi running - that's usually an indicator that the virus is active. You can delete it from within the Docker container, but it will always re-create itself. There is a chance that by closing all ports you may be able to prevent it from creating itself, but I'm not too sure if it is coming externally or from within Docker.

You'll have to remove Docker unfortunately. Best you could do would be to run a virtual machine with Linux and install Docker there. In my case, it caused my system to corrupt the system config file (probably a buffer overload) causing me to lose a lot of data multiple times.

Check out this link for more details (if you don't trust it, you can search for "Kinsing virus") :
https://www.cointrust.com/bitcoin-news/ ... s-everyday
sandro_rocha
Posts: 76
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Post by sandro_rocha »

YeloMelo wrote:There is a bitcoin mining virus embedding itself into the Docker app. If you check your processes from within the NAS, you'll find there is something called kdevtmpfsi running - that's usually an indicator that the virus is active. You can delete it from within the Docker container, but it will always re-create itself. There is a chance that by closing all ports you may be able to prevent it from creating itself, but I'm not too sure if it is coming externally or from within Docker.

You'll have to remove Docker unfortunately. Best you could do would be to run a virtual machine with Linux and install Docker there. In my case, it caused my system to corrupt the system config file (probably a buffer overload) causing me to lose a lot of data multiple times.

Check out this link for more details (if you don't trust it, you can search for "Kinsing virus") :
https://www.cointrust.com/bitcoin-news/ ... s-everyday
Hello. I removed the docker and the use of the system returned to normal. But I need an application that only has a version for Docker. How do I remove this "virus" without having to restore the NAS to factory settings?

ps: I looked at the resource manager and there really is a process called "kdevtmpfsi" but I don't know what it is, whether it is harmful, whether it is safe to remove or how to remove it.
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: High CPU usage after ADM update

Post by ilike2burnthing »

Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.

After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr

Use a secure password for it, ADM, and anything else accessible externally.
sandro_rocha
Posts: 76
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Post by sandro_rocha »

ilike2burnthing wrote:Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.

After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr

Use a secure password for it, ADM, and anything else accessible externally.
I installed ClamAV but it does not update the database. An error appears. I reinstalled the docker and Bazarr. In a week I will see if there are other containers running and update the situation. ps: how to manually update ClamAV?
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: High CPU usage after ADM update

Post by ilike2burnthing »

What's the error? Did you port forward it?
sandro_rocha
Posts: 76
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Post by sandro_rocha »

ilike2burnthing wrote:Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.

After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr

Use a secure password for it, ADM, and anything else accessible externally.
I installed ClamAV and manually updated the database. The program reports that it is updated. I scanned the entire system, after 2 hours the antivirus did not scan any files. I did a second test on a folder with only one file and even so, after 10 minutes, the antivirus did not scan anything. The count of scanned files remained at zero. That is, ClamAV available in the app store does not work. Any tips?
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: High CPU usage after ADM update

Post by ilike2burnthing »

Just installed ClamAV, and I'm having the same issue as you.

The update took about 15mins, and when it eventually finished, all scans sit at 0. The clamscan process is running, and happily using half my CPU to do so, but no change after 20mins on a small folder.

The scan logs just show:

Code: Select all

-----------------------------------------------------------------------------
That's it.
sandro_rocha
Posts: 76
Joined: Wed Feb 05, 2020 10:49 am

Re: High CPU usage after ADM update

Post by sandro_rocha »

ilike2burnthing wrote:Just installed ClamAV, and I'm having the same issue as you.

The update took about 15mins, and when it eventually finished, all scans sit at 0. The clamscan process is running, and happily using half my CPU to do so, but no change after 20mins on a small folder.

The scan logs just show:

Code: Select all

-----------------------------------------------------------------------------
That's it.
The same here. I managed to install Bazarr using the source code but it is really counterproductive to be without Docker. I did a test installing only Docker and after a few hours some containers appeared running. I can't say but the Docker available in the NAS app store seems to me to be compromised.
Post Reply

Return to “[Official] For AS10XX Series”