Unknown Thread kthreaddnai

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
kameha
Starting out
Posts: 10
Joined: Wed Mar 28, 2018 8:45 am

Re: Unknown Thread kthreaddnai

Post by kameha » Fri Nov 23, 2018 4:18 pm

Elbows wrote:
Fri Nov 23, 2018 4:48 am
I had the 'pionai' process running and raised a helpdesk ticket.

I've posted the fix I was given here: viewtopic.php?f=182&t=144954&p=694152#p694152

It worked for me :-)
Hello,

Thnx for your post. I've tried the solution proposed with no luck (i've already had Malware Remover installed without having him detecting anything...)
Still waiting for answer from QNAP... :(

Elbows
Starting out
Posts: 27
Joined: Thu May 07, 2009 9:58 pm

Re: Unknown Thread kthreaddnai

Post by Elbows » Fri Nov 23, 2018 4:30 pm

I also had up-to-date Malware Remover installed and running every day. Only when I installed the version from the link did the 'pionai' process disappear permanently.
FYI Malware Remover ran automatically after the install but didn't report any problems. The NAS was just fixed silently (with no mention of malware in the system log).

Good luck with getting your NAS fixed.
QNAP TS670 Pro (DEV/Backup box)
V4.3.5.n (latest)
5x Seagate 8TB Ironwolf RAID 5
QNAP TVS1282 (PRD box)
V4.3.5.n(latest)
5x Seagate 8TB Ironwolf RAID 5
Riello VSD 1500 UPS

Cerberus
New here
Posts: 8
Joined: Thu Nov 03, 2011 11:23 pm

Re: Unknown Thread kthreaddnai

Post by Cerberus » Wed Nov 28, 2018 6:36 am

hello

The malware keeps coming back. It takes a maximum of 3 hours to get it back.
I have adapted the script a little and run it all as a cron.
I have already created a ticket - but it is currently not being edited.

I have done everything mentioned here:
- Changed password to phpMyAdmin
- Maleware-Remover 3.3.1 installed
- Reboot the NAS
It does not help anything - after max. 3h the part is back.
Unfortunately the developers were so clever and switched off all kernel parameters or suppressed their output. So I can't get any information about it.
Let's see if it can be controlled that way.

Code: Select all

#!/bin/sh

NOW=$(date '+%Y%m%d%H%M%S')
LOG_FILE=/share/CACHEDEV1_DATA/homes/admin/clean.log

if [ ! -f ${LOG_FILE} ]; then
touch ${LOG_FILE}
fi

echo "Running at ${NOW}" >> ${LOG_FILE}

ps | grep '/tmp/compma' | grep -v grep | awk '{print $1}' | xargs -r kill -9
ps | grep 'pionai' | grep -v grep | awk '{print $1}' | xargs -r kill -9
ps | grep 'kthreaddnai' | grep -v grep | awk '{print $1}' | xargs -r kill -9

find /tmp -type f -user httpdusr -perm 0750 -exec rm -f {} \;
find /tmp -type f -user httpdusr -perm 0700 -exec rm -f {} \;
find /tmp -type f -user httpdusr -perm 0640 -exec rm -f {} \;

dolbyman
Guru
Posts: 12961
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Wed Nov 28, 2018 7:58 am

operating a NAS that had it's firmware modified .. bad idea .. kill it and start from scratch

Cerberus
New here
Posts: 8
Joined: Thu Nov 03, 2011 11:23 pm

Re: Unknown Thread kthreaddnai

Post by Cerberus » Wed Nov 28, 2018 12:23 pm

The firmware is original!
I would never use a modified version!

dolbyman
Guru
Posts: 12961
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Wed Nov 28, 2018 12:29 pm

it was modified by the malware

Cerberus
New here
Posts: 8
Joined: Thu Nov 03, 2011 11:23 pm

Re: Unknown Thread kthreaddnai

Post by Cerberus » Wed Nov 28, 2018 1:59 pm

Then how am I supposed to proceed exactly?
I recently installed the latest version.

dolbyman
Guru
Posts: 12961
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Wed Nov 28, 2018 2:09 pm

format all drives and clean the dom (firmware recovery)

Cerberus
New here
Posts: 8
Joined: Thu Nov 03, 2011 11:23 pm

Re: Unknown Thread kthreaddnai

Post by Cerberus » Wed Nov 28, 2018 2:27 pm

What?!!!
That's impossible!!
It is NOT the solution to proceed in this way.
The BUG must be found!
I first downloaded the firmware and installed it again.
I have checked beforehand, that there is not any of the stuff left.

But that -- is not possible at all!

User avatar
OneCD
Ask me anything
Posts: 6026
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Unknown Thread kthreaddnai

Post by OneCD » Wed Nov 28, 2018 2:31 pm

It’s not? :'

Why?

production NAS: TS-569 Pro with Debian 9.9 'Stretch' (power on/off times are < 1 minute)
backup NAS: TS-559 Pro+ with QTS 4.2.6 #20190322

one.cd.only@gmail.com

Image Image Image Image

Cerberus
New here
Posts: 8
Joined: Thu Nov 03, 2011 11:23 pm

Re: Unknown Thread kthreaddnai

Post by Cerberus » Wed Nov 28, 2018 2:34 pm

I just recently rebuilt the whole system - because the HDDs were not fully usable.
It took me about 1 week of work to fix everything up again ...
From the fact to sham -- that I currently have no HDD space to backup the TB to data

KV17uwe
New here
Posts: 7
Joined: Wed Jul 13, 2016 3:46 pm

Re: Unknown Thread kthreaddnai

Post by KV17uwe » Wed Nov 28, 2018 3:13 pm

Answer from Support:
Good day,

Sorry for the late feedback.

pionai is malware

Please install and run the Malware Remover

Then change the password at phpMyadmin

now connect SSH to the NAS (eg Putty)

# cd / share / Web
# ll

you probably now see with an asterisk * ending or ending with .1, .2, .3 etc - delete with rm
also please clear the numbers / letter combination.php A493B87C .... php

and restart the NAS.

Yours sincerely

I own all the files in the directory WEB on the USER "httpdusr". There were between 6-10 files that also partially had no endings.

Cerberus
New here
Posts: 8
Joined: Thu Nov 03, 2011 11:23 pm

Re: Unknown Thread kthreaddnai

Post by Cerberus » Wed Nov 28, 2018 3:21 pm

I have already found out and implemented this myself in places. I observe now whether a Reinstall of the FW has solved the problem now.

dolbyman
Guru
Posts: 12961
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Thu Nov 29, 2018 12:41 am

Cerberus wrote:
Wed Nov 28, 2018 2:34 pm
I just recently rebuilt the whole system - because the HDDs were not fully usable.
It took me about 1 week of work to fix everything up again ...
From the fact to sham -- that I currently have no HDD space to backup the TB to data
So with an infected system and no way to backup your data, I hope that there is no ransomware sideloaded

Always make sure you have means to externally backup your data (ext. drive,cloud,2nd NAS)

User avatar
Trexx
Experience counts
Posts: 4699
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota
Contact:

Re: Unknown Thread kthreaddnai

Post by Trexx » Thu Nov 29, 2018 12:53 am

Cerberus wrote:
Wed Nov 28, 2018 3:21 pm
I have already found out and implemented this myself in places. I observe now whether a Reinstall of the FW has solved the problem now.
If you have the NAS externally exposed to the internet in any way, it could be a scenario where you are perpetually getting re-infected so Malware cleaner is just dealing with the issue after the fact.
Paul

Model: TS-877-1600 FW: 4.3.6.x
QTier (HDD): [RAID-5] 6 x 3TB HGST DeskStar NAS QTier (SSD): [RAID-1] 2 x 525GB Crucial MX300 m.2's
(SSD): [RAID-1] 2 x 500GB Evo 860
RAM: Kingston HyperX Fury 32GB Kit DDR4-2666
GPU: EVGA GTX 1060, ACX 2.0(1 Fan), 6GB
UPS: CyberPower AVR1350 Ext. Backup: USB 3.0 Seagate 5TB
Media Boxes: Nvidia ShieldTV Pro, AppleTV 4, Roku Stick

Model: TVS-673 32GB FW: 4.3.6.x Test/Backup Box
-----------------------------------------------------------------------------------------------------------------------------------------
NAS RAID Rebuild Times | Live QTS Videos | | QNAP NAS Guide | Information needed when you ask for HELP | QNAP Links, Tutorials, etc.
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq

Post Reply

Return to “Miscellaneous”