Page 1 of 1
TNAS F5-221 CPU at 100%
Posted: 08 Mar 2022, 04:07
by frostyxyz
Hi I've just noticed my system is running constantly at 100% and it's mainly a process called systemd-firewal that's causing it. Do you know what this is and if if I can somehow disable it?
Many thanks.
Re: TNAS F5-221 CPU at 100%
Posted: 08 Mar 2022, 09:57
by TMSupport
Your machine has infected with the mining virus, please follow the steps below to remove the virus.
1.
Log in to the SSH terminal
2.Switch to the bin directory.
3.Delete virus execution files.
4.Find the process id of systemd-firewal.
5.Kill the process.(ID is the process id)
6.Restart the TNAS device.
Re: TNAS F5-221 CPU at 100%
Posted: 08 Mar 2022, 10:20
by Hardfecx
and how to delete the process completely?
Re: TNAS F5-221 CPU at 100%
Posted: 08 Mar 2022, 16:11
by TMRyan
After deleting the systemd-firewal file and killing the process, the miner is removed.
To clean it up completely you can use the following command to delete the line of code that has firewall in it.
In other cases, you can refer to the following:
viewtopic.php?f=71&t=2292&p=12383&hilit=pty10#p12383
Re: TNAS F5-221 CPU at 100%
Posted: 09 Mar 2022, 01:59
by frostyxyz
Hi,
Thank you for your replies. Ok I managed to do all that above. And it kills it but seconds later a new process with a same name but with a different process id takes it's place.
i.e. I've done the following steps:
Login to SSH via putty
cd /
sudo -i
[password]
cd /bin/
rm -rf ./systemd-firewal
ps -ef|grep systemd-firewal
kill -9 [the first number shown in the ps]
vi /etc/crontabs/root
... then manually deleted the line with the firewal
Any ideas?
Thanks
Re: TNAS F5-221 CPU at 100%
Posted: 09 Mar 2022, 02:49
by frostyxyz
I may have now resolved the issue. After doing the above, I did some of the steps in suggested by TMRyan here:
viewtopic.php?f=71&t=2292&p=12383&hilit=pty10#p12383
I then restarted the TNAS and so far, the process hasn't returned. I'll be sure to come back here if it comes back though.
Thank you all.