View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Linode should provide help on Blitz64 and kswap0 crypto miner malware
Log in to Ask a Question

Linode should provide help on Blitz64 and kswap0 crypto miner malware

crypto malware

Hi all,

My server has been haunted by the malware for months, after some digging found out they existed in
.rsync/c/blitz64 and /var/lib/postgresql/.configrc5/a/kswapd0

if the Linode staff will kindly post some tutorial on searching and kill this malware will be great, thanks

2 Replies

Linode Staff

I would start by running a ClamAV Scan for Vulnerabilities on your Linode. This scan will check your Linode's files against a database of known malicious files. It's more programatic than trying to review the entire filesystem by yourself. Other scanning software I'd recommend are:

rkhunter
R-fx
Maldet

I hope this helps!

-Micah

Hi mtcotton846,

Since I am using Nano the resources are not enough to scan with ClamAV, and I have scanned the server with rkhunter it couldn't pinpoint this ongoing issue, my server keeps getting CPU over 100% usage warnings and traffic was blocked by your colleagues a few times.

it will beneficial if one of your colleagues can post resources to help clients like myself to avoid the attack.

here is my experience:
I have to track the base on the pid from top to kill them.

ls -l /proc/<pid> to locate the malware.

based on this:

https://askubuntu.com/questions/1224927/cpu-100-with-kswapd0-process-although-no-swap-is-needed

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct