unknown process occupies the entire bandwidth and resources, my system is a zombie ??

sagatxxx · 15. Mai 2015

Hi good afternoon, sorry for my english

I have a problem that leads me going on for a few days.

OMV normally install version 1.9, and then install transmission.
Everything works fine until I see a process with a strange name which occupies 100% of the resources of the computer and begins to consume all the bandwidth of the Internet.

Something weird must be doing though because I turn off the computer and my company slows down my Internet connection for a few hours. It's as if my computer happened to be part of a network Zombie, bitcoins minning??

is very strange because although I kill the process returns with a new name again and again

I do not install anything more it happens to me with a clean installation of the system nothing more...

system info:
http://pastebin.com/7Qs9raB5

Please I need help

davidh2k · 15. Mai 2015

Post the output of

Code

ps auxww | grep iciywgusfd
ps auxww | grep 2072
ps axo pid,command,args | grep 2072

Greetings
David

sagatxxx · 15. Mai 2015

the process name and PID has changed , the new values is:

Code

root@mini:~# ps auxww | grep mrjehjtnwa


root      3375  0.0  0.0   8996   880 pts/1    S+   23:43   0:00 grep mrjehjtnwa

Code

root@mini:~# ps auxww | grep 2047
root      2047 98.0  0.0  33608   284 ?        Ssl  23:42   2:32 ls -la 
root      3571  0.0  0.0   9000   876 pts/1    S+   23:44   0:00 grep 2047

Code

root@mini:~# ps axo pid,command,args | grep 2047
 2047 ls -la                      ls -la 
 3818 grep 2047                   grep 2047

Thank you very much David

davidh2k · 16. Mai 2015

2047 is a running ls -la???

Are your sure it changed to that PID?

Greetings
David

sagatxxx · 16. Mai 2015

I turn on the system again and this is what appears:

root@mini:~# ps auxww | grep mrjehjtnwa
root 3770 0.0 0.0 8996 876 pts/1 S+ 11:04 0:00 grep mrjehjtnwa

root@mini:~# ps auxww | grep 2048
root 2048 98.1 0.0 33608 276 ? Ssl 11:00 4:15 sh
root 3891 0.0 0.0 9000 876 pts/1 S+ 11:05 0:00 grep 2048

root@mini:~# ps axo pid,command,args | grep 2048
2048 sh sh
4058 grep 2048 grep 2048
---------------------------------------------

once again, if I kill the process exactly in this moment:

an again:

root@mini:~# ps auxww | grep ymbtnsjkys
root 4884 0.0 0.0 8996 880 pts/1 S+ 11:19 0:00 grep ymbtnsjkys

root@mini:~# ps auxww | grep 4060
root 4060 97.9 0.0 33608 276 ? Ssl 11:15 4:35 ps -ef
root 4991 0.0 0.0 8996 876 pts/1 S+ 11:20 0:00 grep 4060

root@mini:~# ps axo pid,command,args | grep 4060
4060 ps -ef ps -ef
5167 grep 4060 grep 4060

davidh2k · 16. Mai 2015

I have no idea what this is. I would reinstall the system to be on the safe side.

Greetings
David

sagatxxx · 17. Mai 2015

This is already the second time formatting, and always passing me just the same, only re-install, upgrade, install transmission nothing more...
all a bit strange ...

Well, I'm going to reinstall and tell what happens to me.

thanks a lot David, greetings

ryecoaaron · 17. Mai 2015

Use a stronger root password too.

Jetzt mitmachen!