Notes on Cleaning the kdevtmpfsi Mining Virus on VPS Hosting
Recently, the CPU usage of my VPS has inexplicably remained consistently high, almost at 100% utilization. There are no special services running on the machine that could explain such an extreme level of usage. After using ’top’ and searching on Google, I discovered that kdevtmpfsi is a mining virus. There are already good solutions available online, and this article serves as a memo for reference.
Here are some references I found online:
I found the virus files in the following locations:
/var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/diff/tmp/kdevtmpfsi /var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/merged/tmp/kdevtmpfsi /var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/diff/tmp/kinsing /var/lib/docker/overlay2/0241f205052d55b7858b7d2fb0ed437e3dc7afb55b7f78381d942a8530aaebd9/merged/tmp/kinsing