Notes on Cleaning the kdevtmpfsi Mining Virus on VPS Hosting

   |   1 minute read   |   Using 104 words

Recently, the CPU usage of my VPS has inexplicably remained consistently high, almost at 100% utilization. There are no special services running on the machine that could explain such an extreme level of usage. After using ’top’ and searching on Google, I discovered that kdevtmpfsi is a mining virus. There are already good solutions available online, and this article serves as a memo for reference.

Here are some references I found online:

Removing the kdevtmpfsi Mining Virus in Docker

How to Deal with the kdevtmpfsi Mining Virus on a Linux Server?

I found the virus files in the following locations:

/var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/diff/tmp/kdevtmpfsi /var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/merged/tmp/kdevtmpfsi /var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/diff/tmp/kinsing /var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/merged/tmp/kinsing

Page link: /en/post/cup100/
comments powered by Disqus