High CPU usage after ADM update
Moderator: Lillian.W@AST
-
- Posts: 76
- youtube meble na wymiar Warszawa
- Joined: Wed Feb 05, 2020 10:49 am
High CPU usage after ADM update
Good Morning. After updating the ADM to version 3.4.7.RFO2, my NAS (AS1002T) is experiencing a very high CPU consumption. Anyone else with this problem? What is happening? What is the solution?
I have Docker-ce, Sonarr, Bazarr (container), Deluge, Shell In A Box and Emby installed. In the last version of ADM the CPU was around 25% of use. After the update the CPU is around 85% all the time.
The processes that are active and consuming the most CPU are exe, docker-runc, bluetoothcrtl, runc: [2: init] and procctrl. I don't even know what these processes are. I hadn't noticed them before.
I have Docker-ce, Sonarr, Bazarr (container), Deluge, Shell In A Box and Emby installed. In the last version of ADM the CPU was around 25% of use. After the update the CPU is around 85% all the time.
The processes that are active and consuming the most CPU are exe, docker-runc, bluetoothcrtl, runc: [2: init] and procctrl. I don't even know what these processes are. I hadn't noticed them before.
-
- Posts: 76
- Joined: Wed Feb 05, 2020 10:49 am
Re: High CPU usage after ADM update
I had only Docker-ce and Bazarr for Docker installed. With the high CPU usage and the docker-runc and exe processes, which I hadn't seen before, I decided to look at what was running via Docker and, to my surprise, there were two images of Ubuntu and another twenty random images. Everything appeared after updating the ADM. I removed all containers and images leaving only Bazarr. What happened? Do you have an explanation? I didn't install any images other than Bazarr and, until yesterday, there was no other container running.
-
- Posts: 2
- Joined: Fri Feb 21, 2020 10:39 pm
Re: High CPU usage after ADM update
There is a bitcoin mining virus embedding itself into the Docker app. If you check your processes from within the NAS, you'll find there is something called kdevtmpfsi running - that's usually an indicator that the virus is active. You can delete it from within the Docker container, but it will always re-create itself. There is a chance that by closing all ports you may be able to prevent it from creating itself, but I'm not too sure if it is coming externally or from within Docker.
You'll have to remove Docker unfortunately. Best you could do would be to run a virtual machine with Linux and install Docker there. In my case, it caused my system to corrupt the system config file (probably a buffer overload) causing me to lose a lot of data multiple times.
Check out this link for more details (if you don't trust it, you can search for "Kinsing virus") :
https://www.cointrust.com/bitcoin-news/ ... s-everyday
You'll have to remove Docker unfortunately. Best you could do would be to run a virtual machine with Linux and install Docker there. In my case, it caused my system to corrupt the system config file (probably a buffer overload) causing me to lose a lot of data multiple times.
Check out this link for more details (if you don't trust it, you can search for "Kinsing virus") :
https://www.cointrust.com/bitcoin-news/ ... s-everyday
-
- Posts: 76
- Joined: Wed Feb 05, 2020 10:49 am
Re: High CPU usage after ADM update
Hello. I removed the docker and the use of the system returned to normal. But I need an application that only has a version for Docker. How do I remove this "virus" without having to restore the NAS to factory settings?YeloMelo wrote:There is a bitcoin mining virus embedding itself into the Docker app. If you check your processes from within the NAS, you'll find there is something called kdevtmpfsi running - that's usually an indicator that the virus is active. You can delete it from within the Docker container, but it will always re-create itself. There is a chance that by closing all ports you may be able to prevent it from creating itself, but I'm not too sure if it is coming externally or from within Docker.
You'll have to remove Docker unfortunately. Best you could do would be to run a virtual machine with Linux and install Docker there. In my case, it caused my system to corrupt the system config file (probably a buffer overload) causing me to lose a lot of data multiple times.
Check out this link for more details (if you don't trust it, you can search for "Kinsing virus") :
https://www.cointrust.com/bitcoin-news/ ... s-everyday
ps: I looked at the resource manager and there really is a process called "kdevtmpfsi" but I don't know what it is, whether it is harmful, whether it is safe to remove or how to remove it.
-
- Posts: 379
- Joined: Thu Apr 09, 2020 8:01 pm
Re: High CPU usage after ADM update
Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.
After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr
Use a secure password for it, ADM, and anything else accessible externally.
After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr
Use a secure password for it, ADM, and anything else accessible externally.
-
- Posts: 76
- Joined: Wed Feb 05, 2020 10:49 am
Re: High CPU usage after ADM update
I installed ClamAV but it does not update the database. An error appears. I reinstalled the docker and Bazarr. In a week I will see if there are other containers running and update the situation. ps: how to manually update ClamAV?ilike2burnthing wrote:Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.
After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr
Use a secure password for it, ADM, and anything else accessible externally.
-
- Posts: 379
- Joined: Thu Apr 09, 2020 8:01 pm
Re: High CPU usage after ADM update
What's the error? Did you port forward it?
-
- Posts: 76
- Joined: Wed Feb 05, 2020 10:49 am
Re: High CPU usage after ADM update
I installed ClamAV and manually updated the database. The program reports that it is updated. I scanned the entire system, after 2 hours the antivirus did not scan any files. I did a second test on a folder with only one file and even so, after 10 minutes, the antivirus did not scan anything. The count of scanned files remained at zero. That is, ClamAV available in the app store does not work. Any tips?ilike2burnthing wrote:Searching online for 'remove kdevtmpfsi' seems to bring up a few similar methods, but if you're unsure of how to follow them, I'd suggest installing ClamAV and running a scan.
After that you can reinstall Docker and Bazarr, just make sure it's this one - https://hub.docker.com/r/linuxserver/bazarr
Use a secure password for it, ADM, and anything else accessible externally.
-
- Posts: 379
- Joined: Thu Apr 09, 2020 8:01 pm
Re: High CPU usage after ADM update
Just installed ClamAV, and I'm having the same issue as you.
The update took about 15mins, and when it eventually finished, all scans sit at 0. The clamscan process is running, and happily using half my CPU to do so, but no change after 20mins on a small folder.
The scan logs just show:
That's it.
The update took about 15mins, and when it eventually finished, all scans sit at 0. The clamscan process is running, and happily using half my CPU to do so, but no change after 20mins on a small folder.
The scan logs just show:
Code: Select all
-----------------------------------------------------------------------------
-
- Posts: 76
- Joined: Wed Feb 05, 2020 10:49 am
Re: High CPU usage after ADM update
The same here. I managed to install Bazarr using the source code but it is really counterproductive to be without Docker. I did a test installing only Docker and after a few hours some containers appeared running. I can't say but the Docker available in the NAS app store seems to me to be compromised.ilike2burnthing wrote:Just installed ClamAV, and I'm having the same issue as you.
The update took about 15mins, and when it eventually finished, all scans sit at 0. The clamscan process is running, and happily using half my CPU to do so, but no change after 20mins on a small folder.
The scan logs just show:
That's it.Code: Select all
-----------------------------------------------------------------------------