Unknown Thread kthreaddnai
-
- Starting out
- Posts: 11
- Joined: Wed Mar 28, 2018 8:45 am
Unknown Thread kthreaddnai
Hello,
I recently discovered that i have an unknown thread eating up my CPU (see kthreaddnai.jpg)
It is associated with this executable file in /tmp (see pionai.jpg attached)
I also found weird files in /tmp having the same rights and user (see god.jpg and mxpma.jpg)
Does anyone have the same issue and knows what they're doing ??
Thnx,
I recently discovered that i have an unknown thread eating up my CPU (see kthreaddnai.jpg)
It is associated with this executable file in /tmp (see pionai.jpg attached)
I also found weird files in /tmp having the same rights and user (see god.jpg and mxpma.jpg)
Does anyone have the same issue and knows what they're doing ??
Thnx,
You do not have the required permissions to view the files attached to this post.
- OneCD
- Guru
- Posts: 12161
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Unknown Thread kthreaddnai
Hi and welcome to the forum.
That all looks rather suspect to me.
Have you installed and run the Malware Remover QPKG yet? It’s available in the QTS App Center.
That all looks rather suspect to me.
Have you installed and run the Malware Remover QPKG yet? It’s available in the QTS App Center.
-
- Starting out
- Posts: 11
- Joined: Wed Mar 28, 2018 8:45 am
Re: Unknown Thread kthreaddnai
Hello,
Thnx... I've installed Malware Remover and it's been running daily for weeks without finding anything suspect...
I also have a daily Full Virus scan and nothing suspect comes up either...
Thnx... I've installed Malware Remover and it's been running daily for weeks without finding anything suspect...
I also have a daily Full Virus scan and nothing suspect comes up either...
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Unknown Thread kthreaddnai
virus scan only scans your files ..not your nas
possibly a new infection .. contact qnap for assitance
what services were you exposing to the web?
possibly a new infection .. contact qnap for assitance
what services were you exposing to the web?
-
- Starting out
- Posts: 11
- Joined: Wed Mar 28, 2018 8:45 am
Re: Unknown Thread kthreaddnai
I expose nextcloud and gitea throught ContainerStation on https
-
- New here
- Posts: 6
- Joined: Sat Mar 31, 2018 9:45 pm
- Toxic17
- Ask me anything
- Posts: 6482
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: Unknown Thread kthreaddnai
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
-
- Starting out
- Posts: 11
- Joined: Wed Mar 28, 2018 8:45 am
Re: Unknown Thread kthreaddnai
How did u get rid of it !?salexes wrote: ↑Tue Nov 13, 2018 3:57 am Its malware: https://www.virustotal.com/#/file/61c6b ... /detection
It appeared on my qnap aswell
-
- New here
- Posts: 6
- Joined: Sat Mar 31, 2018 9:45 pm
Re: Unknown Thread kthreaddnai
@kameha
which apps do you have installed. Please post a list/screenshot here
also what is your current firmware version ?
which apps do you have installed. Please post a list/screenshot here
also what is your current firmware version ?
-
- Starting out
- Posts: 11
- Joined: Wed Mar 28, 2018 8:45 am
Re: Unknown Thread kthreaddnai
I've installed:
QNAP:
RainLoop
QVPN Service
Malware Remover
Container Station (Gitea, Nexcloud)
Photo Station
phpMyAdmin
Text Editor
CodexPack
Qboost
Qsync Central
Community:
Deluge
Entware-std (nano, sslh)
QGit
QJDK 1.8
Firmware: 4.3.5.0728
QNAP:
RainLoop
QVPN Service
Malware Remover
Container Station (Gitea, Nexcloud)
Photo Station
phpMyAdmin
Text Editor
CodexPack
Qboost
Qsync Central
Community:
Deluge
Entware-std (nano, sslh)
QGit
QJDK 1.8
Firmware: 4.3.5.0728
-
- New here
- Posts: 6
- Joined: Sat Mar 31, 2018 9:45 pm
Re: Unknown Thread kthreaddnai
If an app would be the reason the only overlapping apps we have are
QVPN Service
Malware Remover
Container Station
phpMyAdmin
Qboost
Entware-std
Same firmware I got: Firmware: 4.3.5.0728
QVPN Service
Malware Remover
Container Station
phpMyAdmin
Qboost
Entware-std
Same firmware I got: Firmware: 4.3.5.0728
-
- New here
- Posts: 7
- Joined: Wed Jul 13, 2016 3:46 pm
-
- Starting out
- Posts: 11
- Joined: Wed Mar 28, 2018 8:45 am
Re: Unknown Thread kthreaddnai
Hello !
For now (until i have another solution) i am using this script to automatically (every 2 mins) kill the processes and remove the files
I also used those commands
to find (and remove) suspect files (cgod, dog.1, dog, eth1, inet0,..) on all the NAS and found files in /var/lock, /var/run/, /dev/shm
For now (until i have another solution) i am using this script to automatically (every 2 mins) kill the processes and remove the files
Code: Select all
#!/bin/sh
NOW=$(date '+%Y%m%d%H%M%S')
LOG_FILE=/share/kameha/clean.log
if [ ! -f ${LOG_FILE} ]; then
touch ${LOG_FILE}
fi
echo "Running at ${NOW}" >> ${LOG_FILE}
ps -ef | grep '/tmp/compma' | grep -v grep | awk '{print $2}' | xargs -r kill -9
ps -ef | grep 'pionai' | grep -v grep | awk '{print $2}' | xargs -r kill -9
ps -ef | grep 'kthreaddnai' | grep -v grep | awk '{print $2}' | xargs -r kill -9
find /tmp -type f -user httpdusr -perm 0750 -exec rm -f {} \;
find /tmp -type f -user httpdusr -perm 0700 -exec rm -f {} \;
find /tmp -type f -user httpdusr -perm 0640 -exec rm -f {} \;
Code: Select all
find / -type f -user httpdusr -group administrators -perm 0700
find / -type f -user httpdusr -group administrators -perm 0750
find / -type f -user httpdusr -group administrators -perm 0640
- Trexx
- Ask me anything
- Posts: 5388
- Joined: Sat Oct 01, 2011 7:50 am
- Location: Minnesota
Re: Unknown Thread kthreaddnai
You might try upgrading to new 4.3.5.0756 QTS release as there were several security holes patched in it.
Paul
Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350
Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350
Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada